{"resultsPerPage":463,"startIndex":0,"totalResults":463,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-20T21:49:36.467","vulnerabilities":[{"cve":{"id":"CVE-2018-10622","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2018-08-10T18:29:00.230","lastModified":"2026-05-19T16:16:16.440","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Medtronic MyCareLink Patient Monitor uses per-product credentials that \nare stored in a recoverable format. An attacker can use these \ncredentials to modify encrypted drive data."},{"lang":"es","value":"Se ha descubierto una vulnerabilidad en todas las versiones de Medtronic MyCareLink Patient Monitor 24950 y 24952. Los productos afectados emplean credenciales por producto que se almacenan en un formato recuperable. Un atacante puede emplear estas credenciales para autenticarse en red y cifrar datos locales en reposo."}],"metrics":{"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.9,"impactScore":5.9}],"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"PHYSICAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.5,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:P/I:N/A:N","baseScore":1.9,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.4,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-313"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-522"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:medtronic:mycarelink_24952_patient_monitor_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"A4008DB3-E151-41BA-A308-7BE733268845"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:medtronic:mycarelink_24952_patient_monitor:-:*:*:*:*:*:*:*","matchCriteriaId":"60267DCC-89D0-48E3-B6EB-9AD60DC1F16F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:medtronic:mycarelink_24950_patient_monitor_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"8AACDB33-1EC3-44E1-8C1C-38C766E85F85"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:medtronic:mycarelink_24950_patient_monitor:-:*:*:*:*:*:*:*","matchCriteriaId":"BCDA4070-6CDD-42CA-A4A8-DA6B0E98C64D"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/105042","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2018/icsma-18-219-01.json","source":"ics-cert@hq.dhs.gov"},{"url":"https://global.medtronic.com/xg-en/product-security/security-bulletins/mycarelink-8-7-18.html","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.cisa.gov/news-events/ics-medical-advisories/icsma-18-219-01","source":"ics-cert@hq.dhs.gov"},{"url":"http://www.securityfocus.com/bid/105042","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2018-10626","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2018-08-10T18:29:00.353","lastModified":"2026-05-19T16:16:17.420","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Medtronic MyCareLink Patient Monitor’s update service does not sufficiently verify the authenticity of the data uploaded. An \nattacker who obtains per-product credentials from the monitor and paired\n implantable cardiac device information can potentially upload invalid \ndata to the Medtronic CareLink network."},{"lang":"es","value":"Se ha descubierto una vulnerabilidad en todas las versiones de Medtronic MyCareLink Patient Monitor 24950 y 24952. El servicio de actualización de los productos afectados no verifica lo suficiente la autenticidad de los datos subidos. Un atacante que obtenga las credenciales por producto del monitor y empareje información del dispositivo cardíaco implantable podría subir datos inválidos a la red de Medtronic CareLink."}],"metrics":{"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.3,"impactScore":2.7}],"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:A/AC:M/Au:S/C:P/I:P/A:N","baseScore":3.8,"accessVector":"ADJACENT_NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":4.4,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-345"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-345"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:medtronic:mycarelink_24952_patient_monitor_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"A4008DB3-E151-41BA-A308-7BE733268845"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:medtronic:mycarelink_24952_patient_monitor:-:*:*:*:*:*:*:*","matchCriteriaId":"60267DCC-89D0-48E3-B6EB-9AD60DC1F16F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:medtronic:mycarelink_24950_patient_monitor_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"8AACDB33-1EC3-44E1-8C1C-38C766E85F85"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:medtronic:mycarelink_24950_patient_monitor:-:*:*:*:*:*:*:*","matchCriteriaId":"BCDA4070-6CDD-42CA-A4A8-DA6B0E98C64D"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/105042","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2018/icsma-18-219-01.json","source":"ics-cert@hq.dhs.gov"},{"url":"https://global.medtronic.com/xg-en/product-security/security-bulletins/mycarelink-8-7-18.html","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.cisa.gov/news-events/ics-medical-advisories/icsma-18-219-01","source":"ics-cert@hq.dhs.gov"},{"url":"http://www.securityfocus.com/bid/105042","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2020-28271","sourceIdentifier":"vulnerabilitylab@mend.io","published":"2020-11-12T18:15:15.957","lastModified":"2026-05-19T13:37:22.430","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Prototype pollution vulnerability in 'deephas' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may lead to remote code execution."},{"lang":"es","value":"Una vulnerabilidad de contaminación de prototipo en \"deephas\" versiones 1.0.0 hasta 1.0.5, permite a un atacante causar una denegación de servicio y puede conllevar a una ejecución de código remota"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-1321"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sharpred:deephas:*:*:*:*:*:node.js:*:*","versionStartIncluding":"1.0.0","versionEndIncluding":"1.0.5","matchCriteriaId":"D6FCDB15-B47D-4A09-A17B-A9EB10E04837"}]}]}],"references":[{"url":"https://github.com/sharpred/deepHas/commit/2fe011713a6178c50f7deb6f039a8e5435981e20","source":"vulnerabilitylab@mend.io","tags":["Patch","Third Party Advisory"]},{"url":"https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28271","source":"vulnerabilitylab@mend.io","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/sharpred/deepHas/commit/2fe011713a6178c50f7deb6f039a8e5435981e20","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28271","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2021-42296","sourceIdentifier":"secure@microsoft.com","published":"2021-11-10T01:19:47.223","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft Word Remote Code Execution Vulnerability"},{"lang":"es","value":"Una vulnerabilidad de Ejecución de Código Remota de Microsoft Word"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:C/I:C/A:C","baseScore":6.9,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.4,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*","matchCriteriaId":"3259EBFE-AE2D-48B8-BE9A-E22BBDB31378"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*","matchCriteriaId":"CD25F492-9272-4836-832C-8439EBE64CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x64:*","matchCriteriaId":"75F7306B-D1DA-48C2-AF87-4480E161D794"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x86:*","matchCriteriaId":"BA9BCD55-F71E-4920-B906-A1386843776A"}]}]}],"references":[{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42296","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]},{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42296","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2021-42293","sourceIdentifier":"secure@microsoft.com","published":"2021-12-15T15:15:08.843","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerability"},{"lang":"es","value":"Una vulnerabilidad de Elevación de Privilegios en Microsoft Jet Red Database Engine and Access Connectivity"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*","matchCriteriaId":"3259EBFE-AE2D-48B8-BE9A-E22BBDB31378"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*","matchCriteriaId":"CD25F492-9272-4836-832C-8439EBE64CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x64:*","matchCriteriaId":"24DD7E07-4BB1-4914-9CDE-5A27A9A3920E"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x86:*","matchCriteriaId":"ADA0E394-3B5E-4C34-955B-EAB645A37518"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2013_rt:sp1:*:*:*:*:*:*","matchCriteriaId":"30C744C1-EACB-4D91-A72B-468842308AA3"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x64:*","matchCriteriaId":"72324216-4EB3-4243-A007-FEF3133C7DF9"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x86:*","matchCriteriaId":"0FBB0E61-7997-4F26-9C07-54912D3F1C10"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*","matchCriteriaId":"CF5DDD09-902E-4881-98D0-CB896333B4AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*","matchCriteriaId":"26A3B226-5D7C-4556-9350-5222DC8EFC2C"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x64:*","matchCriteriaId":"75F7306B-D1DA-48C2-AF87-4480E161D794"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x86:*","matchCriteriaId":"BA9BCD55-F71E-4920-B906-A1386843776A"}]}]}],"references":[{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42293","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]},{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42293","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2021-42295","sourceIdentifier":"secure@microsoft.com","published":"2021-12-15T15:15:08.933","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Visual Basic for Applications Information Disclosure Vulnerability"},{"lang":"es","value":"Una vulnerabilidad de Divulgación de Información de Visual Basic for Applications"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*","matchCriteriaId":"3259EBFE-AE2D-48B8-BE9A-E22BBDB31378"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*","matchCriteriaId":"CD25F492-9272-4836-832C-8439EBE64CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x64:*","matchCriteriaId":"24DD7E07-4BB1-4914-9CDE-5A27A9A3920E"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x86:*","matchCriteriaId":"ADA0E394-3B5E-4C34-955B-EAB645A37518"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*","matchCriteriaId":"F7DDFFB8-2337-4DD7-8120-56CC8EF134B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x64:*","matchCriteriaId":"72324216-4EB3-4243-A007-FEF3133C7DF9"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x86:*","matchCriteriaId":"0FBB0E61-7997-4F26-9C07-54912D3F1C10"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*","matchCriteriaId":"CF5DDD09-902E-4881-98D0-CB896333B4AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*","matchCriteriaId":"26A3B226-5D7C-4556-9350-5222DC8EFC2C"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x64:*","matchCriteriaId":"75F7306B-D1DA-48C2-AF87-4480E161D794"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x86:*","matchCriteriaId":"BA9BCD55-F71E-4920-B906-A1386843776A"}]}]}],"references":[{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42295","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]},{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42295","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2021-43255","sourceIdentifier":"secure@microsoft.com","published":"2021-12-15T15:15:10.687","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft Office Trust Center Spoofing Vulnerability"},{"lang":"es","value":"Una vulnerabilidad de Suplantación de Identidad de Microsoft Office Trust Center"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*","matchCriteriaId":"3259EBFE-AE2D-48B8-BE9A-E22BBDB31378"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*","matchCriteriaId":"CD25F492-9272-4836-832C-8439EBE64CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x64:*","matchCriteriaId":"24DD7E07-4BB1-4914-9CDE-5A27A9A3920E"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x86:*","matchCriteriaId":"ADA0E394-3B5E-4C34-955B-EAB645A37518"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2013_rt:sp1:*:*:*:*:*:*","matchCriteriaId":"30C744C1-EACB-4D91-A72B-468842308AA3"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x64:*","matchCriteriaId":"72324216-4EB3-4243-A007-FEF3133C7DF9"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x86:*","matchCriteriaId":"0FBB0E61-7997-4F26-9C07-54912D3F1C10"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*","matchCriteriaId":"CF5DDD09-902E-4881-98D0-CB896333B4AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*","matchCriteriaId":"26A3B226-5D7C-4556-9350-5222DC8EFC2C"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x64:*","matchCriteriaId":"75F7306B-D1DA-48C2-AF87-4480E161D794"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x86:*","matchCriteriaId":"BA9BCD55-F71E-4920-B906-A1386843776A"}]}]}],"references":[{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43255","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]},{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43255","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2021-43256","sourceIdentifier":"secure@microsoft.com","published":"2021-12-15T15:15:10.730","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft Excel Remote Code Execution Vulnerability"},{"lang":"es","value":"Una vulnerabilidad de Ejecución de Código Remota en Microsoft Excel"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*","matchCriteriaId":"3259EBFE-AE2D-48B8-BE9A-E22BBDB31378"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*","matchCriteriaId":"CD25F492-9272-4836-832C-8439EBE64CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x64:*","matchCriteriaId":"48B20360-1A85-4A6A-BA03-0B62C97CCB0C"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x86:*","matchCriteriaId":"E8426C4D-C00D-44C2-B072-9D600C8B9543"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:*","matchCriteriaId":"CD88F667-6773-4DB7-B6C3-9C7B769C0808"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:*","matchCriteriaId":"B342EF98-B414-44D0-BAFB-FCA24294EECE"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:excel_rt:2013:sp1:*:*:*:*:*:*","matchCriteriaId":"27745C7E-94A0-4C2A-8318-684CB85F48D2"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*","matchCriteriaId":"CF5DDD09-902E-4881-98D0-CB896333B4AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*","matchCriteriaId":"26A3B226-5D7C-4556-9350-5222DC8EFC2C"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x64:*","matchCriteriaId":"75F7306B-D1DA-48C2-AF87-4480E161D794"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x86:*","matchCriteriaId":"BA9BCD55-F71E-4920-B906-A1386843776A"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*","matchCriteriaId":"E98AE986-FA31-4301-8025-E8915BA4AC5E"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*","matchCriteriaId":"B3C3FC9A-D8E5-493A-A575-C831A9A28815"}]}]}],"references":[{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43256","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]},{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43256","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2021-43875","sourceIdentifier":"secure@microsoft.com","published":"2021-12-15T15:15:10.907","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft Office Graphics Remote Code Execution Vulnerability"},{"lang":"es","value":"Una vulnerabilidad de Ejecución de Código Remota en Microsoft Office Graphics"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*","matchCriteriaId":"3259EBFE-AE2D-48B8-BE9A-E22BBDB31378"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*","matchCriteriaId":"CD25F492-9272-4836-832C-8439EBE64CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*","matchCriteriaId":"CF5DDD09-902E-4881-98D0-CB896333B4AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*","matchCriteriaId":"26A3B226-5D7C-4556-9350-5222DC8EFC2C"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*","matchCriteriaId":"40961B9E-80B6-42E0-A876-58B3CE056E4E"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x64:*","matchCriteriaId":"75F7306B-D1DA-48C2-AF87-4480E161D794"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x86:*","matchCriteriaId":"BA9BCD55-F71E-4920-B906-A1386843776A"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*","matchCriteriaId":"BF0E8112-5B6F-4E55-8E40-38ADCF6FC654"}]}]}],"references":[{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43875","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]},{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43875","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2022-21840","sourceIdentifier":"secure@microsoft.com","published":"2022-01-11T21:15:09.483","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft Office Remote Code Execution Vulnerability"},{"lang":"es","value":"Una vulnerabilidad de Ejecución de Código Remota de Microsoft Office"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x64:*","matchCriteriaId":"48B20360-1A85-4A6A-BA03-0B62C97CCB0C"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x86:*","matchCriteriaId":"E8426C4D-C00D-44C2-B072-9D600C8B9543"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:*","matchCriteriaId":"CD88F667-6773-4DB7-B6C3-9C7B769C0808"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:*","matchCriteriaId":"B342EF98-B414-44D0-BAFB-FCA24294EECE"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x64:*","matchCriteriaId":"24DD7E07-4BB1-4914-9CDE-5A27A9A3920E"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x86:*","matchCriteriaId":"ADA0E394-3B5E-4C34-955B-EAB645A37518"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*","matchCriteriaId":"F7DDFFB8-2337-4DD7-8120-56CC8EF134B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x64:*","matchCriteriaId":"72324216-4EB3-4243-A007-FEF3133C7DF9"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x86:*","matchCriteriaId":"0FBB0E61-7997-4F26-9C07-54912D3F1C10"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*","matchCriteriaId":"CF5DDD09-902E-4881-98D0-CB896333B4AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*","matchCriteriaId":"26A3B226-5D7C-4556-9350-5222DC8EFC2C"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*","matchCriteriaId":"40961B9E-80B6-42E0-A876-58B3CE056E4E"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x64:*","matchCriteriaId":"75F7306B-D1DA-48C2-AF87-4480E161D794"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x86:*","matchCriteriaId":"BA9BCD55-F71E-4920-B906-A1386843776A"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*","matchCriteriaId":"BF0E8112-5B6F-4E55-8E40-38ADCF6FC654"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*","matchCriteriaId":"E98AE986-FA31-4301-8025-E8915BA4AC5E"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*","matchCriteriaId":"B3C3FC9A-D8E5-493A-A575-C831A9A28815"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*","matchCriteriaId":"A5D3A185-BE57-403E-914E-FDECEC3A477C"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*","matchCriteriaId":"AC8BB33F-44C4-41FE-8B17-68E3C4B38142"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sharepoint_server:-:language_pack:*:*:subscription:*:*:*","matchCriteriaId":"FA51E2C8-321F-454B-A9C1-060885C1F892"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:*","matchCriteriaId":"157CBD57-8A1B-4B57-8371-88EF4254A663"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*","matchCriteriaId":"F815EF1D-7B60-47BE-9AC2-2548F99F10E4"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*","matchCriteriaId":"6122D014-5BF1-4AF4-8B4D-80205ED7785E"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21840","source":"secure@microsoft.com"},{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21840","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2022-21841","sourceIdentifier":"secure@microsoft.com","published":"2022-01-11T21:15:09.537","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft Excel Remote Code Execution Vulnerability"},{"lang":"es","value":"Una vulnerabilidad de Ejecución de Código Remota en Microsoft Excel"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*","matchCriteriaId":"3259EBFE-AE2D-48B8-BE9A-E22BBDB31378"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*","matchCriteriaId":"CD25F492-9272-4836-832C-8439EBE64CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x64:*","matchCriteriaId":"24DD7E07-4BB1-4914-9CDE-5A27A9A3920E"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x86:*","matchCriteriaId":"ADA0E394-3B5E-4C34-955B-EAB645A37518"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*","matchCriteriaId":"F7DDFFB8-2337-4DD7-8120-56CC8EF134B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x64:*","matchCriteriaId":"72324216-4EB3-4243-A007-FEF3133C7DF9"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x86:*","matchCriteriaId":"0FBB0E61-7997-4F26-9C07-54912D3F1C10"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*","matchCriteriaId":"CF5DDD09-902E-4881-98D0-CB896333B4AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*","matchCriteriaId":"26A3B226-5D7C-4556-9350-5222DC8EFC2C"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*","matchCriteriaId":"40961B9E-80B6-42E0-A876-58B3CE056E4E"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x64:*","matchCriteriaId":"75F7306B-D1DA-48C2-AF87-4480E161D794"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x86:*","matchCriteriaId":"BA9BCD55-F71E-4920-B906-A1386843776A"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*","matchCriteriaId":"BF0E8112-5B6F-4E55-8E40-38ADCF6FC654"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21841","source":"secure@microsoft.com"},{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21841","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2022-24461","sourceIdentifier":"secure@microsoft.com","published":"2022-03-09T17:15:14.037","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft Office Visio Remote Code Execution Vulnerability"},{"lang":"es","value":"Una vulnerabilidad de Ejecución de Código Remota en Microsoft Office Visio. Este ID de CVE es diferente de CVE-2022-24509, CVE-2022-24510"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*","matchCriteriaId":"40C15EDD-98D4-4D06-BA06-21AE0F33C72D"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*","matchCriteriaId":"FF177984-A906-43FA-BF60-298133FBBD6B"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*","matchCriteriaId":"0B3EF1E5-4757-4CFA-AE72-6BA876D3C9FD"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24461","source":"secure@microsoft.com"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24461","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2022-24462","sourceIdentifier":"secure@microsoft.com","published":"2022-03-09T17:15:14.127","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft Word Security Feature Bypass Vulnerability"},{"lang":"es","value":"Una vulnerabilidad de Omisión de Funcionalidades de Seguridad de Microsoft Word"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*","matchCriteriaId":"40C15EDD-98D4-4D06-BA06-21AE0F33C72D"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*","matchCriteriaId":"C5282C83-86B8-442D-851D-B54E88E8B1F1"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*","matchCriteriaId":"0B3EF1E5-4757-4CFA-AE72-6BA876D3C9FD"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24462","source":"secure@microsoft.com"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24462","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2022-24509","sourceIdentifier":"secure@microsoft.com","published":"2022-03-09T17:15:15.473","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft Office Visio Remote Code Execution Vulnerability"},{"lang":"es","value":"Una vulnerabilidad de Ejecución de Código Remota en Microsoft Office Visio. Este ID de CVE es diferente de CVE-2022-24461, CVE-2022-24510"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*","matchCriteriaId":"40C15EDD-98D4-4D06-BA06-21AE0F33C72D"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*","matchCriteriaId":"FF177984-A906-43FA-BF60-298133FBBD6B"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*","matchCriteriaId":"0B3EF1E5-4757-4CFA-AE72-6BA876D3C9FD"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24509","source":"secure@microsoft.com"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24509","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2022-24510","sourceIdentifier":"secure@microsoft.com","published":"2022-03-09T17:15:15.563","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft Office Visio Remote Code Execution Vulnerability"},{"lang":"es","value":"Una vulnerabilidad de Ejecución de Código Remota de Microsoft Office Visio. Este ID de CVE es diferente de CVE-2022-24461, CVE-2022-24509"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*","matchCriteriaId":"40C15EDD-98D4-4D06-BA06-21AE0F33C72D"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*","matchCriteriaId":"FF177984-A906-43FA-BF60-298133FBBD6B"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*","matchCriteriaId":"0B3EF1E5-4757-4CFA-AE72-6BA876D3C9FD"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24510","source":"secure@microsoft.com"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24510","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2022-24511","sourceIdentifier":"secure@microsoft.com","published":"2022-03-09T17:15:15.650","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft Office Word Tampering Vulnerability"},{"lang":"es","value":"Una vulnerabilidad de Manipulación de Microsoft Office Word"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:P/I:N/A:N","baseScore":1.9,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.4,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*","matchCriteriaId":"40C15EDD-98D4-4D06-BA06-21AE0F33C72D"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*","matchCriteriaId":"FF177984-A906-43FA-BF60-298133FBBD6B"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*","matchCriteriaId":"0B3EF1E5-4757-4CFA-AE72-6BA876D3C9FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*","matchCriteriaId":"32E1400A-836A-4E48-B2CD-2B0A9A8241BA"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*","matchCriteriaId":"4DA042D4-B14E-4DDF-8423-DFB255679EFE"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24511","source":"secure@microsoft.com"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24511","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2022-24473","sourceIdentifier":"secure@microsoft.com","published":"2022-04-15T19:15:09.900","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft Excel Remote Code Execution Vulnerability"},{"lang":"es","value":"Una vulnerabilidad de Ejecución de Código Remota en Microsoft Excel. Este ID de CVE es diferente de CVE-2022-26901"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*","matchCriteriaId":"40C15EDD-98D4-4D06-BA06-21AE0F33C72D"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*","matchCriteriaId":"40961B9E-80B6-42E0-A876-58B3CE056E4E"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*","matchCriteriaId":"0B3EF1E5-4757-4CFA-AE72-6BA876D3C9FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*","matchCriteriaId":"BF0E8112-5B6F-4E55-8E40-38ADCF6FC654"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24473","source":"secure@microsoft.com"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24473","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2022-26901","sourceIdentifier":"secure@microsoft.com","published":"2022-04-15T19:15:14.930","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft Excel Remote Code Execution Vulnerability"},{"lang":"es","value":"Una vulnerabilidad de Ejecución de Código Remota en Microsoft Excel. Este ID de CVE es diferente de CVE-2022-24473"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*","matchCriteriaId":"40C15EDD-98D4-4D06-BA06-21AE0F33C72D"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:excel:2013:sp1:*:*:-:*:*:*","matchCriteriaId":"BF89FEC4-936E-4226-94F9-2BD0CB0CA09F"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*","matchCriteriaId":"09BF0981-749E-470B-A7AC-95AD087797EF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:excel_rt:2013:sp1:*:*:*:*:*:*","matchCriteriaId":"27745C7E-94A0-4C2A-8318-684CB85F48D2"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*","matchCriteriaId":"120690A6-E0A1-4E36-A35A-C87109ECC064"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2013_rt:sp1:*:*:*:*:*:*","matchCriteriaId":"30C744C1-EACB-4D91-A72B-468842308AA3"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*","matchCriteriaId":"E0B3B0BC-C7C6-4687-AD72-DCA29FF9AE3A"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*","matchCriteriaId":"40961B9E-80B6-42E0-A876-58B3CE056E4E"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*","matchCriteriaId":"0B3EF1E5-4757-4CFA-AE72-6BA876D3C9FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*","matchCriteriaId":"BF0E8112-5B6F-4E55-8E40-38ADCF6FC654"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*","matchCriteriaId":"E98AE986-FA31-4301-8025-E8915BA4AC5E"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*","matchCriteriaId":"941B16A2-931D-4031-A016-5EA60E87BE20"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26901","source":"secure@microsoft.com"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26901","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2022-26934","sourceIdentifier":"secure@microsoft.com","published":"2022-05-10T21:15:10.580","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Windows Graphics Component Information Disclosure Vulnerability"},{"lang":"es","value":"Una vulnerabilidad de Divulgación de Información de Windows Graphics Component. Este ID de CVE es diferente de CVE-2022-22011, CVE-2022-29112"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*","matchCriteriaId":"40C15EDD-98D4-4D06-BA06-21AE0F33C72D"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*","matchCriteriaId":"40961B9E-80B6-42E0-A876-58B3CE056E4E"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*","matchCriteriaId":"BF0E8112-5B6F-4E55-8E40-38ADCF6FC654"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.10240.19297","matchCriteriaId":"E737E372-FC11-48CF-BBCF-AE87076FC02E"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.10240.19297","matchCriteriaId":"8BD66F39-8504-4AC6-B5AE-A33E89B45A9F"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.14393.5125","matchCriteriaId":"B16BE2D6-5D87-42E8-A4E9-B75FABC06BCC"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.14393.5125","matchCriteriaId":"E785684A-AA37-4EFE-BBA2-F504C2E0339C"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.17763.2928","matchCriteriaId":"4E92CB6A-8CC1-4546-8717-6762B9DF3E5B"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2928:*:*:*:*:*:x86:*","matchCriteriaId":"B07AD3C8-BA7D-45DB-9D75-50F90FF4B1B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.18363.2274","matchCriteriaId":"D85D55B3-B0C8-402A-A6A3-E8E0F0465B72"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.19042.1706","matchCriteriaId":"2DD19ACE-EDC0-42FE-8F1A-4BD869BCEF27"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.19043.1706","matchCriteriaId":"876220BB-7040-4EEA-AB26-2FC43ADE08C0"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.19044.1706","matchCriteriaId":"93FF0E05-D7EE-425E-9C5F-2D0AB8C98130"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.22000.675","matchCriteriaId":"98235A5F-1201-4367-9D6E-D30168667712"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*","matchCriteriaId":"C2B1C231-DE19-4B8F-A4AA-5B3A65276E46"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*","matchCriteriaId":"E93068DB-549B-45AB-8E5C-00EB5D8B5CF8"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*","matchCriteriaId":"C6CE5198-C498-4672-AF4C-77AB4BE06C5C"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server:2022:*:*:*:*:*:*:*","matchCriteriaId":"BE257836-4F4D-4352-8293-B9CAD34F8794"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*","matchCriteriaId":"AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:*:*","matchCriteriaId":"66CAFDB7-9D41-4E67-AB83-5EB104551FF5"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*","matchCriteriaId":"A7DF96F8-BA6A-4780-9CA3-F719B3F81074"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*","matchCriteriaId":"DB18C4CE-5917-401E-ACF7-2747084FD36E"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*","matchCriteriaId":"041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*","matchCriteriaId":"4A190388-AA82-4504-9D5A-624F23268C9F"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*","matchCriteriaId":"DB79EE26-FC32-417D-A49C-A1A63165A968"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*","matchCriteriaId":"821614DD-37DD-44E2-A8A4-FE8D23A33C3C"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26934","source":"secure@microsoft.com"},{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26934","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2022-29107","sourceIdentifier":"secure@microsoft.com","published":"2022-05-10T21:15:11.397","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft Office Security Feature Bypass Vulnerability"},{"lang":"es","value":"Una vulnerabilidad de Omisión de Funciones de Seguridad de Microsoft Office"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*","matchCriteriaId":"3259EBFE-AE2D-48B8-BE9A-E22BBDB31378"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*","matchCriteriaId":"CD25F492-9272-4836-832C-8439EBE64CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*","matchCriteriaId":"CF5DDD09-902E-4881-98D0-CB896333B4AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*","matchCriteriaId":"26A3B226-5D7C-4556-9350-5222DC8EFC2C"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x64:*","matchCriteriaId":"75F7306B-D1DA-48C2-AF87-4480E161D794"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x86:*","matchCriteriaId":"BA9BCD55-F71E-4920-B906-A1386843776A"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:publisher:2016:*:*:*:*:*:x64:*","matchCriteriaId":"CB45982E-03C9-404B-BD22-2D096E561802"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:publisher:2016:*:*:*:*:*:x86:*","matchCriteriaId":"03D5F104-880A-4FAF-938A-78DCE55AAD98"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:x64:*","matchCriteriaId":"C4A7DDD5-F44B-4D25-B0A1-070E79C8ACB4"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:x86:*","matchCriteriaId":"D3E82899-C1CC-46CE-8CD7-7844CBB5D25D"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*","matchCriteriaId":"45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:x64:*","matchCriteriaId":"E1FE9E95-4874-46EF-AC93-9E485F7A2AC0"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:x86:*","matchCriteriaId":"38479B5D-66F9-4260-A18A-F6E3D9B6991E"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29107","source":"secure@microsoft.com"},{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29107","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2022-29109","sourceIdentifier":"secure@microsoft.com","published":"2022-05-10T21:15:11.507","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft Excel Remote Code Execution Vulnerability"},{"lang":"es","value":"Una vulnerabilidad de Ejecución de Código Remota en Microsoft Excel. Este ID de CVE es diferente de CVE-2022-29110"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*","matchCriteriaId":"3259EBFE-AE2D-48B8-BE9A-E22BBDB31378"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*","matchCriteriaId":"CD25F492-9272-4836-832C-8439EBE64CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:x64:*","matchCriteriaId":"68F37A38-9BC3-43FD-8E71-4EED079156D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:x86:*","matchCriteriaId":"AFFA09D5-9992-462F-B52E-A1DDE2462064"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x64:*","matchCriteriaId":"75F7306B-D1DA-48C2-AF87-4480E161D794"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x86:*","matchCriteriaId":"BA9BCD55-F71E-4920-B906-A1386843776A"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*","matchCriteriaId":"E98AE986-FA31-4301-8025-E8915BA4AC5E"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29109","source":"secure@microsoft.com"},{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29109","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2022-41060","sourceIdentifier":"secure@microsoft.com","published":"2022-11-09T22:15:20.503","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft Word Information Disclosure Vulnerability"},{"lang":"es","value":"Vulnerabilidad de divulgación de información de Microsoft Word"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*","matchCriteriaId":"40C15EDD-98D4-4D06-BA06-21AE0F33C72D"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*","matchCriteriaId":"FF177984-A906-43FA-BF60-298133FBBD6B"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*","matchCriteriaId":"0B3EF1E5-4757-4CFA-AE72-6BA876D3C9FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*","matchCriteriaId":"E98AE986-FA31-4301-8025-E8915BA4AC5E"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*","matchCriteriaId":"941B16A2-931D-4031-A016-5EA60E87BE20"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*","matchCriteriaId":"A5D3A185-BE57-403E-914E-FDECEC3A477C"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*","matchCriteriaId":"9C082CC4-6128-475D-BC19-B239E348FDB2"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*","matchCriteriaId":"AC8BB33F-44C4-41FE-8B17-68E3C4B38142"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*","matchCriteriaId":"6122D014-5BF1-4AF4-8B4D-80205ED7785E"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*","matchCriteriaId":"32E1400A-836A-4E48-B2CD-2B0A9A8241BA"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*","matchCriteriaId":"45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*","matchCriteriaId":"4DA042D4-B14E-4DDF-8423-DFB255679EFE"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41060","source":"secure@microsoft.com"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41060","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2022-41061","sourceIdentifier":"secure@microsoft.com","published":"2022-11-09T22:15:20.610","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft Word Remote Code Execution Vulnerability"},{"lang":"es","value":"Vulnerabilidad de ejecución remota de código de Microsoft Word"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*","matchCriteriaId":"40C15EDD-98D4-4D06-BA06-21AE0F33C72D"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*","matchCriteriaId":"40961B9E-80B6-42E0-A876-58B3CE056E4E"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*","matchCriteriaId":"0B3EF1E5-4757-4CFA-AE72-6BA876D3C9FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*","matchCriteriaId":"BF0E8112-5B6F-4E55-8E40-38ADCF6FC654"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*","matchCriteriaId":"E98AE986-FA31-4301-8025-E8915BA4AC5E"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*","matchCriteriaId":"941B16A2-931D-4031-A016-5EA60E87BE20"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*","matchCriteriaId":"A5D3A185-BE57-403E-914E-FDECEC3A477C"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*","matchCriteriaId":"9C082CC4-6128-475D-BC19-B239E348FDB2"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*","matchCriteriaId":"AC8BB33F-44C4-41FE-8B17-68E3C4B38142"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*","matchCriteriaId":"6122D014-5BF1-4AF4-8B4D-80205ED7785E"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*","matchCriteriaId":"32E1400A-836A-4E48-B2CD-2B0A9A8241BA"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*","matchCriteriaId":"45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*","matchCriteriaId":"4DA042D4-B14E-4DDF-8423-DFB255679EFE"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41061","source":"secure@microsoft.com"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41061","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2022-41063","sourceIdentifier":"secure@microsoft.com","published":"2022-11-09T22:15:20.820","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft Excel Remote Code Execution Vulnerability"},{"lang":"es","value":"Vulnerabilidad de ejecución remota de código de Microsoft Excel"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*","matchCriteriaId":"3259EBFE-AE2D-48B8-BE9A-E22BBDB31378"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*","matchCriteriaId":"F564117D-450D-45C4-9688-AF35F630A8A7"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*","matchCriteriaId":"3A062169-527E-43DA-8AE0-FD4FBA1B2A9B"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*","matchCriteriaId":"09BF0981-749E-470B-A7AC-95AD087797EF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*","matchCriteriaId":"FF177984-A906-43FA-BF60-298133FBBD6B"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*","matchCriteriaId":"0B3EF1E5-4757-4CFA-AE72-6BA876D3C9FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*","matchCriteriaId":"E98AE986-FA31-4301-8025-E8915BA4AC5E"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*","matchCriteriaId":"941B16A2-931D-4031-A016-5EA60E87BE20"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41063","source":"secure@microsoft.com"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41063","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2022-41103","sourceIdentifier":"secure@microsoft.com","published":"2022-11-09T22:15:23.447","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft Word Information Disclosure Vulnerability"},{"lang":"es","value":"Vulnerabilidad de divulgación de información de Microsoft Word"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*","matchCriteriaId":"40C15EDD-98D4-4D06-BA06-21AE0F33C72D"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*","matchCriteriaId":"FF177984-A906-43FA-BF60-298133FBBD6B"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*","matchCriteriaId":"0B3EF1E5-4757-4CFA-AE72-6BA876D3C9FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*","matchCriteriaId":"E98AE986-FA31-4301-8025-E8915BA4AC5E"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*","matchCriteriaId":"941B16A2-931D-4031-A016-5EA60E87BE20"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*","matchCriteriaId":"A5D3A185-BE57-403E-914E-FDECEC3A477C"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*","matchCriteriaId":"9C082CC4-6128-475D-BC19-B239E348FDB2"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*","matchCriteriaId":"AC8BB33F-44C4-41FE-8B17-68E3C4B38142"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*","matchCriteriaId":"6122D014-5BF1-4AF4-8B4D-80205ED7785E"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*","matchCriteriaId":"32E1400A-836A-4E48-B2CD-2B0A9A8241BA"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*","matchCriteriaId":"45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*","matchCriteriaId":"4DA042D4-B14E-4DDF-8423-DFB255679EFE"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41103","source":"secure@microsoft.com"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41103","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2022-41104","sourceIdentifier":"secure@microsoft.com","published":"2022-11-09T22:15:23.557","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft Excel Security Feature Bypass Vulnerability"},{"lang":"es","value":"Vulnerabilidad de omisión de la función de seguridad de Microsoft Excel"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*","matchCriteriaId":"40C15EDD-98D4-4D06-BA06-21AE0F33C72D"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*","matchCriteriaId":"F564117D-450D-45C4-9688-AF35F630A8A7"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*","matchCriteriaId":"3A062169-527E-43DA-8AE0-FD4FBA1B2A9B"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*","matchCriteriaId":"09BF0981-749E-470B-A7AC-95AD087797EF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*","matchCriteriaId":"FF177984-A906-43FA-BF60-298133FBBD6B"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*","matchCriteriaId":"0B3EF1E5-4757-4CFA-AE72-6BA876D3C9FD"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41104","source":"secure@microsoft.com"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41104","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2022-41105","sourceIdentifier":"secure@microsoft.com","published":"2022-11-09T22:15:23.683","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft Excel Information Disclosure Vulnerability"},{"lang":"es","value":"Vulnerabilidad de divulgación de información de Microsoft Excel"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*","matchCriteriaId":"40C15EDD-98D4-4D06-BA06-21AE0F33C72D"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*","matchCriteriaId":"FF177984-A906-43FA-BF60-298133FBBD6B"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*","matchCriteriaId":"0B3EF1E5-4757-4CFA-AE72-6BA876D3C9FD"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41105","source":"secure@microsoft.com"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41105","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2022-41106","sourceIdentifier":"secure@microsoft.com","published":"2022-11-09T22:15:23.843","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft Excel Remote Code Execution Vulnerability"},{"lang":"es","value":"Vulnerabilidad de ejecución remota de código de Microsoft Excel"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*","matchCriteriaId":"40C15EDD-98D4-4D06-BA06-21AE0F33C72D"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*","matchCriteriaId":"F564117D-450D-45C4-9688-AF35F630A8A7"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*","matchCriteriaId":"3A062169-527E-43DA-8AE0-FD4FBA1B2A9B"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*","matchCriteriaId":"09BF0981-749E-470B-A7AC-95AD087797EF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*","matchCriteriaId":"FF177984-A906-43FA-BF60-298133FBBD6B"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*","matchCriteriaId":"0B3EF1E5-4757-4CFA-AE72-6BA876D3C9FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*","matchCriteriaId":"E98AE986-FA31-4301-8025-E8915BA4AC5E"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*","matchCriteriaId":"941B16A2-931D-4031-A016-5EA60E87BE20"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41106","source":"secure@microsoft.com"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41106","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2022-41107","sourceIdentifier":"secure@microsoft.com","published":"2022-11-09T22:15:23.967","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft Office Graphics Remote Code Execution Vulnerability"},{"lang":"es","value":"Vulnerabilidad de ejecución remota de código de gráficos de Microsoft Office"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*","matchCriteriaId":"40C15EDD-98D4-4D06-BA06-21AE0F33C72D"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*","matchCriteriaId":"FF177984-A906-43FA-BF60-298133FBBD6B"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*","matchCriteriaId":"40961B9E-80B6-42E0-A876-58B3CE056E4E"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*","matchCriteriaId":"0B3EF1E5-4757-4CFA-AE72-6BA876D3C9FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*","matchCriteriaId":"BF0E8112-5B6F-4E55-8E40-38ADCF6FC654"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41107","source":"secure@microsoft.com"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41107","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2022-44694","sourceIdentifier":"secure@microsoft.com","published":"2022-12-13T19:15:14.147","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft Office Visio Remote Code Execution Vulnerability"},{"lang":"es","value":"Vulnerabilidad de ejecución remota de código de Microsoft Office Visio"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*","matchCriteriaId":"3259EBFE-AE2D-48B8-BE9A-E22BBDB31378"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*","matchCriteriaId":"CD25F492-9272-4836-832C-8439EBE64CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*","matchCriteriaId":"CF5DDD09-902E-4881-98D0-CB896333B4AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*","matchCriteriaId":"26A3B226-5D7C-4556-9350-5222DC8EFC2C"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x64:*","matchCriteriaId":"75F7306B-D1DA-48C2-AF87-4480E161D794"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x86:*","matchCriteriaId":"BA9BCD55-F71E-4920-B906-A1386843776A"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44694","source":"secure@microsoft.com"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44694","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2022-44695","sourceIdentifier":"secure@microsoft.com","published":"2022-12-13T19:15:14.213","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft Office Visio Remote Code Execution Vulnerability"},{"lang":"es","value":"Vulnerabilidad de ejecución remota de código de Microsoft Office Visio"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*","matchCriteriaId":"3259EBFE-AE2D-48B8-BE9A-E22BBDB31378"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*","matchCriteriaId":"CD25F492-9272-4836-832C-8439EBE64CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*","matchCriteriaId":"CF5DDD09-902E-4881-98D0-CB896333B4AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*","matchCriteriaId":"26A3B226-5D7C-4556-9350-5222DC8EFC2C"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x64:*","matchCriteriaId":"75F7306B-D1DA-48C2-AF87-4480E161D794"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x86:*","matchCriteriaId":"BA9BCD55-F71E-4920-B906-A1386843776A"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:visio:2013:sp1:*:*:*:*:*:*","matchCriteriaId":"87EBA8C7-E317-4EFD-B1AA-DD6A8B0DFDCC"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:visio:2016:*:*:*:*:*:*:*","matchCriteriaId":"89229922-0836-4CC2-AED2-107C3142D0EA"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44695","source":"secure@microsoft.com"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44695","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2022-44696","sourceIdentifier":"secure@microsoft.com","published":"2022-12-13T19:15:14.277","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft Office Visio Remote Code Execution Vulnerability"},{"lang":"es","value":"Vulnerabilidad de ejecución remota de código de Microsoft Office Visio"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*","matchCriteriaId":"3259EBFE-AE2D-48B8-BE9A-E22BBDB31378"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*","matchCriteriaId":"CD25F492-9272-4836-832C-8439EBE64CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*","matchCriteriaId":"CF5DDD09-902E-4881-98D0-CB896333B4AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*","matchCriteriaId":"26A3B226-5D7C-4556-9350-5222DC8EFC2C"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x64:*","matchCriteriaId":"75F7306B-D1DA-48C2-AF87-4480E161D794"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x86:*","matchCriteriaId":"BA9BCD55-F71E-4920-B906-A1386843776A"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44696","source":"secure@microsoft.com"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44696","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2023-23398","sourceIdentifier":"secure@microsoft.com","published":"2023-03-14T17:15:13.350","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft Excel Spoofing Vulnerability"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-290"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*","matchCriteriaId":"40C15EDD-98D4-4D06-BA06-21AE0F33C72D"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*","matchCriteriaId":"F564117D-450D-45C4-9688-AF35F630A8A7"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*","matchCriteriaId":"3A062169-527E-43DA-8AE0-FD4FBA1B2A9B"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*","matchCriteriaId":"09BF0981-749E-470B-A7AC-95AD087797EF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*","matchCriteriaId":"CF5DDD09-902E-4881-98D0-CB896333B4AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*","matchCriteriaId":"26A3B226-5D7C-4556-9350-5222DC8EFC2C"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x64:*","matchCriteriaId":"75F7306B-D1DA-48C2-AF87-4480E161D794"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x86:*","matchCriteriaId":"BA9BCD55-F71E-4920-B906-A1386843776A"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23398","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23398","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2023-29333","sourceIdentifier":"secure@microsoft.com","published":"2023-05-09T18:15:13.727","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft Access Denial of Service Vulnerability"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":1.4}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*","matchCriteriaId":"40C15EDD-98D4-4D06-BA06-21AE0F33C72D"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*","matchCriteriaId":"FF177984-A906-43FA-BF60-298133FBBD6B"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*","matchCriteriaId":"0B3EF1E5-4757-4CFA-AE72-6BA876D3C9FD"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29333","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29333","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2023-29335","sourceIdentifier":"secure@microsoft.com","published":"2023-05-09T18:15:13.783","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft Word Security Feature Bypass Vulnerability"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.10240.19926","matchCriteriaId":"0855C3A7-36C3-4398-9208-1FC8A02F40D0"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.14393.5921","matchCriteriaId":"BAB00F09-4CCF-4AB6-85CE-07298A21C1D9"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.17763.4377","matchCriteriaId":"DAF1C808-45D2-4C43-81F0-0E3DC697A31A"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.19042.2965","matchCriteriaId":"8B7C959F-A277-4B18-B7D8-6CC8A5D01469"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.19044.2965","matchCriteriaId":"B1DB7F7A-A2CA-462C-A75C-A6739899C14B"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.19045.2965","matchCriteriaId":"A7450AB6-B09E-4C37-82FD-274675C0F8AF"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.22000.1936","matchCriteriaId":"7E42EF0F-F78C-49E8-BC26-09AF1C0730E0"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.22000.1702","matchCriteriaId":"C8267EF4-E3E6-4FA1-8090-965AE770B313"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*","matchCriteriaId":"5F422A8C-2C4E-42C8-B420-E0728037E15C"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*","matchCriteriaId":"2ACA9287-B475-4AF7-A4DA-A7143CEF9E57"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*","matchCriteriaId":"A7DF96F8-BA6A-4780-9CA3-F719B3F81074"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*","matchCriteriaId":"DB18C4CE-5917-401E-ACF7-2747084FD36E"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*","matchCriteriaId":"041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*","matchCriteriaId":"821614DD-37DD-44E2-A8A4-FE8D23A33C3C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*","matchCriteriaId":"40C15EDD-98D4-4D06-BA06-21AE0F33C72D"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*","matchCriteriaId":"FF177984-A906-43FA-BF60-298133FBBD6B"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*","matchCriteriaId":"0B3EF1E5-4757-4CFA-AE72-6BA876D3C9FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:word:2013:*:*:*:rt:*:*:*","matchCriteriaId":"3C81544A-00F9-4B20-B679-CFE60D5B23CB"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*","matchCriteriaId":"45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*","matchCriteriaId":"4DA042D4-B14E-4DDF-8423-DFB255679EFE"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29335","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29335","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2023-33148","sourceIdentifier":"secure@microsoft.com","published":"2023-07-11T18:15:14.403","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft Office Elevation of Privilege Vulnerability"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-59"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*","matchCriteriaId":"40C15EDD-98D4-4D06-BA06-21AE0F33C72D"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2013:*:*:*:click-to-run:*:*:*","matchCriteriaId":"4EDF3639-226F-4C0A-80E5-4075796147DB"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*","matchCriteriaId":"FF177984-A906-43FA-BF60-298133FBBD6B"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x64:*","matchCriteriaId":"75F7306B-D1DA-48C2-AF87-4480E161D794"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x86:*","matchCriteriaId":"BA9BCD55-F71E-4920-B906-A1386843776A"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33148","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]},{"url":"http://packetstormsecurity.com/files/173591/Microsoft-Office-365-18.2305.1222.0-Remote-Code-Execution.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33148","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://packetstorm.news/files/id/173591","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2023-33149","sourceIdentifier":"secure@microsoft.com","published":"2023-07-11T18:15:14.457","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft Office Graphics Remote Code Execution Vulnerability"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*","matchCriteriaId":"3259EBFE-AE2D-48B8-BE9A-E22BBDB31378"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*","matchCriteriaId":"CD25F492-9272-4836-832C-8439EBE64CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x64:*","matchCriteriaId":"24DD7E07-4BB1-4914-9CDE-5A27A9A3920E"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x86:*","matchCriteriaId":"ADA0E394-3B5E-4C34-955B-EAB645A37518"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*","matchCriteriaId":"F7DDFFB8-2337-4DD7-8120-56CC8EF134B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x64:*","matchCriteriaId":"72324216-4EB3-4243-A007-FEF3133C7DF9"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x86:*","matchCriteriaId":"0FBB0E61-7997-4F26-9C07-54912D3F1C10"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:x64:*","matchCriteriaId":"68F37A38-9BC3-43FD-8E71-4EED079156D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:x86:*","matchCriteriaId":"AFFA09D5-9992-462F-B52E-A1DDE2462064"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*","matchCriteriaId":"40961B9E-80B6-42E0-A876-58B3CE056E4E"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x64:*","matchCriteriaId":"75F7306B-D1DA-48C2-AF87-4480E161D794"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x86:*","matchCriteriaId":"BA9BCD55-F71E-4920-B906-A1386843776A"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*","matchCriteriaId":"BF0E8112-5B6F-4E55-8E40-38ADCF6FC654"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33149","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33149","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2023-33150","sourceIdentifier":"secure@microsoft.com","published":"2023-07-11T18:15:14.513","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft Office Security Feature Bypass Vulnerability"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":6.0}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-693"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*","matchCriteriaId":"3259EBFE-AE2D-48B8-BE9A-E22BBDB31378"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*","matchCriteriaId":"CD25F492-9272-4836-832C-8439EBE64CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:x64:*","matchCriteriaId":"68F37A38-9BC3-43FD-8E71-4EED079156D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:x86:*","matchCriteriaId":"AFFA09D5-9992-462F-B52E-A1DDE2462064"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x64:*","matchCriteriaId":"75F7306B-D1DA-48C2-AF87-4480E161D794"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x86:*","matchCriteriaId":"BA9BCD55-F71E-4920-B906-A1386843776A"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*","matchCriteriaId":"32E1400A-836A-4E48-B2CD-2B0A9A8241BA"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*","matchCriteriaId":"45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*","matchCriteriaId":"4DA042D4-B14E-4DDF-8423-DFB255679EFE"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33150","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33150","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2023-33151","sourceIdentifier":"secure@microsoft.com","published":"2023-07-11T18:15:14.570","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft Outlook Spoofing Vulnerability"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*","matchCriteriaId":"3259EBFE-AE2D-48B8-BE9A-E22BBDB31378"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*","matchCriteriaId":"CD25F492-9272-4836-832C-8439EBE64CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x64:*","matchCriteriaId":"24DD7E07-4BB1-4914-9CDE-5A27A9A3920E"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x86:*","matchCriteriaId":"ADA0E394-3B5E-4C34-955B-EAB645A37518"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*","matchCriteriaId":"F7DDFFB8-2337-4DD7-8120-56CC8EF134B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x64:*","matchCriteriaId":"72324216-4EB3-4243-A007-FEF3133C7DF9"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x86:*","matchCriteriaId":"0FBB0E61-7997-4F26-9C07-54912D3F1C10"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:x64:*","matchCriteriaId":"68F37A38-9BC3-43FD-8E71-4EED079156D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:x86:*","matchCriteriaId":"AFFA09D5-9992-462F-B52E-A1DDE2462064"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x64:*","matchCriteriaId":"75F7306B-D1DA-48C2-AF87-4480E161D794"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x86:*","matchCriteriaId":"BA9BCD55-F71E-4920-B906-A1386843776A"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33151","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33151","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2023-33152","sourceIdentifier":"secure@microsoft.com","published":"2023-07-11T18:15:14.627","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft ActiveX Remote Code Execution Vulnerability"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*","matchCriteriaId":"3259EBFE-AE2D-48B8-BE9A-E22BBDB31378"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*","matchCriteriaId":"CD25F492-9272-4836-832C-8439EBE64CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x64:*","matchCriteriaId":"24DD7E07-4BB1-4914-9CDE-5A27A9A3920E"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x86:*","matchCriteriaId":"ADA0E394-3B5E-4C34-955B-EAB645A37518"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*","matchCriteriaId":"F7DDFFB8-2337-4DD7-8120-56CC8EF134B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x64:*","matchCriteriaId":"72324216-4EB3-4243-A007-FEF3133C7DF9"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x86:*","matchCriteriaId":"0FBB0E61-7997-4F26-9C07-54912D3F1C10"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:x64:*","matchCriteriaId":"68F37A38-9BC3-43FD-8E71-4EED079156D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:x86:*","matchCriteriaId":"AFFA09D5-9992-462F-B52E-A1DDE2462064"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x64:*","matchCriteriaId":"75F7306B-D1DA-48C2-AF87-4480E161D794"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x86:*","matchCriteriaId":"BA9BCD55-F71E-4920-B906-A1386843776A"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33152","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33152","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2023-33153","sourceIdentifier":"secure@microsoft.com","published":"2023-07-11T18:15:14.680","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft Outlook Remote Code Execution Vulnerability"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*","matchCriteriaId":"3259EBFE-AE2D-48B8-BE9A-E22BBDB31378"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*","matchCriteriaId":"CD25F492-9272-4836-832C-8439EBE64CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x64:*","matchCriteriaId":"24DD7E07-4BB1-4914-9CDE-5A27A9A3920E"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x86:*","matchCriteriaId":"ADA0E394-3B5E-4C34-955B-EAB645A37518"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*","matchCriteriaId":"F7DDFFB8-2337-4DD7-8120-56CC8EF134B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x64:*","matchCriteriaId":"72324216-4EB3-4243-A007-FEF3133C7DF9"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x86:*","matchCriteriaId":"0FBB0E61-7997-4F26-9C07-54912D3F1C10"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:x64:*","matchCriteriaId":"68F37A38-9BC3-43FD-8E71-4EED079156D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:x86:*","matchCriteriaId":"AFFA09D5-9992-462F-B52E-A1DDE2462064"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x64:*","matchCriteriaId":"75F7306B-D1DA-48C2-AF87-4480E161D794"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x86:*","matchCriteriaId":"BA9BCD55-F71E-4920-B906-A1386843776A"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33153","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33153","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2023-33158","sourceIdentifier":"secure@microsoft.com","published":"2023-07-11T18:15:14.970","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft Excel Remote Code Execution Vulnerability"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-191"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*","matchCriteriaId":"3259EBFE-AE2D-48B8-BE9A-E22BBDB31378"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*","matchCriteriaId":"CD25F492-9272-4836-832C-8439EBE64CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:-:*:*:*:*:universal:*:*","matchCriteriaId":"20C6F097-EFA4-4A0B-BB64-D6BA2AACC706"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*","matchCriteriaId":"40961B9E-80B6-42E0-A876-58B3CE056E4E"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x64:*","matchCriteriaId":"75F7306B-D1DA-48C2-AF87-4480E161D794"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x86:*","matchCriteriaId":"BA9BCD55-F71E-4920-B906-A1386843776A"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*","matchCriteriaId":"BF0E8112-5B6F-4E55-8E40-38ADCF6FC654"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33158","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33158","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2023-33161","sourceIdentifier":"secure@microsoft.com","published":"2023-07-11T18:15:15.150","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft Excel Remote Code Execution Vulnerability"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-415"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*","matchCriteriaId":"3259EBFE-AE2D-48B8-BE9A-E22BBDB31378"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*","matchCriteriaId":"CD25F492-9272-4836-832C-8439EBE64CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*","matchCriteriaId":"40961B9E-80B6-42E0-A876-58B3CE056E4E"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*","matchCriteriaId":"BF0E8112-5B6F-4E55-8E40-38ADCF6FC654"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33161","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33161","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2023-33162","sourceIdentifier":"secure@microsoft.com","published":"2023-07-11T18:15:15.200","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft Excel Information Disclosure Vulnerability"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*","matchCriteriaId":"3259EBFE-AE2D-48B8-BE9A-E22BBDB31378"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*","matchCriteriaId":"CD25F492-9272-4836-832C-8439EBE64CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x64:*","matchCriteriaId":"24DD7E07-4BB1-4914-9CDE-5A27A9A3920E"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x86:*","matchCriteriaId":"ADA0E394-3B5E-4C34-955B-EAB645A37518"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*","matchCriteriaId":"F7DDFFB8-2337-4DD7-8120-56CC8EF134B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x64:*","matchCriteriaId":"72324216-4EB3-4243-A007-FEF3133C7DF9"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x86:*","matchCriteriaId":"0FBB0E61-7997-4F26-9C07-54912D3F1C10"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*","matchCriteriaId":"CF5DDD09-902E-4881-98D0-CB896333B4AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*","matchCriteriaId":"26A3B226-5D7C-4556-9350-5222DC8EFC2C"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*","matchCriteriaId":"40961B9E-80B6-42E0-A876-58B3CE056E4E"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x64:*","matchCriteriaId":"75F7306B-D1DA-48C2-AF87-4480E161D794"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x86:*","matchCriteriaId":"BA9BCD55-F71E-4920-B906-A1386843776A"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*","matchCriteriaId":"BF0E8112-5B6F-4E55-8E40-38ADCF6FC654"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*","matchCriteriaId":"E98AE986-FA31-4301-8025-E8915BA4AC5E"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33162","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33162","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2023-36897","sourceIdentifier":"secure@microsoft.com","published":"2023-08-08T18:15:15.913","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Visual Studio Tools for Office Runtime Spoofing Vulnerability"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*","matchCriteriaId":"3259EBFE-AE2D-48B8-BE9A-E22BBDB31378"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*","matchCriteriaId":"CD25F492-9272-4836-832C-8439EBE64CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*","matchCriteriaId":"CF5DDD09-902E-4881-98D0-CB896333B4AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*","matchCriteriaId":"26A3B226-5D7C-4556-9350-5222DC8EFC2C"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x64:*","matchCriteriaId":"75F7306B-D1DA-48C2-AF87-4480E161D794"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x86:*","matchCriteriaId":"BA9BCD55-F71E-4920-B906-A1386843776A"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:visual_studio_2010_tools_for_office_runtime:-:*:*:*:*:*:*:*","matchCriteriaId":"D162C421-065E-4A00-B5D0-FB3434A6A12D"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*","versionStartIncluding":"15.0","versionEndExcluding":"15.9.56","matchCriteriaId":"0979AC6C-A38A-4B79-9196-D721D066E64B"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*","versionStartIncluding":"16.0","versionEndExcluding":"16.11.29","matchCriteriaId":"45EE88D6-0DF3-419E-B434-9039DE073B1A"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:-:*:*","versionStartIncluding":"17.2.0","versionEndExcluding":"17.2.18","matchCriteriaId":"E3B42567-B3FF-4101-A639-C2883F567CF2"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:-:*:*","versionStartIncluding":"17.4.0","versionEndExcluding":"17.4.10","matchCriteriaId":"4759CA52-CEA4-40C8-B1EF-F161DCFF0E78"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*","versionStartIncluding":"17.6.0","versionEndExcluding":"17.6.6","matchCriteriaId":"FB465155-CEDD-48E5-8B58-AF49B8FAF504"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36897","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36897","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2023-36009","sourceIdentifier":"secure@microsoft.com","published":"2023-12-12T18:15:21.430","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft Word Information Disclosure Vulnerability"},{"lang":"es","value":"Vulnerabilidad de divulgación de información de Microsoft Word"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*","matchCriteriaId":"3259EBFE-AE2D-48B8-BE9A-E22BBDB31378"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*","matchCriteriaId":"CD25F492-9272-4836-832C-8439EBE64CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x64:*","matchCriteriaId":"72324216-4EB3-4243-A007-FEF3133C7DF9"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x86:*","matchCriteriaId":"0FBB0E61-7997-4F26-9C07-54912D3F1C10"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*","matchCriteriaId":"CF5DDD09-902E-4881-98D0-CB896333B4AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*","matchCriteriaId":"26A3B226-5D7C-4556-9350-5222DC8EFC2C"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x64:*","matchCriteriaId":"75F7306B-D1DA-48C2-AF87-4480E161D794"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x86:*","matchCriteriaId":"BA9BCD55-F71E-4920-B906-A1386843776A"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*","matchCriteriaId":"BF0E8112-5B6F-4E55-8E40-38ADCF6FC654"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36009","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36009","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2024-20673","sourceIdentifier":"secure@microsoft.com","published":"2024-02-13T18:15:47.557","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft Office Remote Code Execution Vulnerability"},{"lang":"es","value":"Vulnerabilidad de ejecución remota de código de Microsoft Office"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-693"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*","matchCriteriaId":"09BF0981-749E-470B-A7AC-95AD087797EF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2016:*:-:*:-:*:-:*","matchCriteriaId":"DC9D0A78-9F16-41E0-910E-E93269DB9B30"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:click-to-run:*:*:*","matchCriteriaId":"2C3B58F9-4BF5-4692-BBCB-1963A0A16CE0"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*","matchCriteriaId":"0B3EF1E5-4757-4CFA-AE72-6BA876D3C9FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:powerpoint:2016:*:*:*:*:*:*:*","matchCriteriaId":"C971A8FC-3897-496D-BB9A-9E6C8A03AEA1"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:publisher:2016:*:*:*:*:*:*:*","matchCriteriaId":"AB3AA120-CE06-40A3-ADC4-C42077509287"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:skype_for_business:2016:*:*:*:*:*:*:*","matchCriteriaId":"D499807D-91F3-447D-B9F0-D612898C9339"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:visio:2016:*:*:*:*:*:*:*","matchCriteriaId":"89229922-0836-4CC2-AED2-107C3142D0EA"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*","matchCriteriaId":"4DA042D4-B14E-4DDF-8423-DFB255679EFE"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20673","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20673","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2024-26257","sourceIdentifier":"secure@microsoft.com","published":"2024-04-09T17:15:47.687","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft Excel Remote Code Execution Vulnerability"},{"lang":"es","value":"Vulnerabilidad de ejecución remota de código de Microsoft Excel"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-415"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*","matchCriteriaId":"40C15EDD-98D4-4D06-BA06-21AE0F33C72D"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*","matchCriteriaId":"BF0E8112-5B6F-4E55-8E40-38ADCF6FC654"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26257","source":"secure@microsoft.com","tags":["Vendor Advisory"]},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26257","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2024-30101","sourceIdentifier":"secure@microsoft.com","published":"2024-06-11T17:15:59.353","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft Office Remote Code Execution Vulnerability"},{"lang":"es","value":"Vulnerabilidad de ejecución remota de código de Microsoft Office"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*","matchCriteriaId":"3259EBFE-AE2D-48B8-BE9A-E22BBDB31378"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*","matchCriteriaId":"CD25F492-9272-4836-832C-8439EBE64CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x64:*","matchCriteriaId":"72324216-4EB3-4243-A007-FEF3133C7DF9"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x86:*","matchCriteriaId":"0FBB0E61-7997-4F26-9C07-54912D3F1C10"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*","matchCriteriaId":"CF5DDD09-902E-4881-98D0-CB896333B4AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*","matchCriteriaId":"26A3B226-5D7C-4556-9350-5222DC8EFC2C"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x64:*","matchCriteriaId":"75F7306B-D1DA-48C2-AF87-4480E161D794"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x86:*","matchCriteriaId":"BA9BCD55-F71E-4920-B906-A1386843776A"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30101","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30101","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2024-30103","sourceIdentifier":"secure@microsoft.com","published":"2024-06-11T17:15:59.800","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft Outlook Remote Code Execution Vulnerability"},{"lang":"es","value":"Vulnerabilidad de ejecución remota de código de Microsoft Outlook"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-184"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*","matchCriteriaId":"3259EBFE-AE2D-48B8-BE9A-E22BBDB31378"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*","matchCriteriaId":"CD25F492-9272-4836-832C-8439EBE64CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*","matchCriteriaId":"CF5DDD09-902E-4881-98D0-CB896333B4AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*","matchCriteriaId":"26A3B226-5D7C-4556-9350-5222DC8EFC2C"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x64:*","matchCriteriaId":"75F7306B-D1DA-48C2-AF87-4480E161D794"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x86:*","matchCriteriaId":"BA9BCD55-F71E-4920-B906-A1386843776A"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:*:x64:*","matchCriteriaId":"0E6FF8E4-A3AF-4EC2-AAFD-D4FB80A3851A"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:*:x86:*","matchCriteriaId":"1E7C0D0D-7FE2-4FA4-AE4B-1B5D197BE982"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30103","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30103","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2024-30104","sourceIdentifier":"secure@microsoft.com","published":"2024-06-11T17:16:00.030","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft Office Remote Code Execution Vulnerability"},{"lang":"es","value":"Vulnerabilidad de ejecución remota de código de Microsoft Office"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-59"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-59"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*","matchCriteriaId":"3259EBFE-AE2D-48B8-BE9A-E22BBDB31378"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*","matchCriteriaId":"CD25F492-9272-4836-832C-8439EBE64CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x64:*","matchCriteriaId":"72324216-4EB3-4243-A007-FEF3133C7DF9"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x86:*","matchCriteriaId":"0FBB0E61-7997-4F26-9C07-54912D3F1C10"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*","matchCriteriaId":"CF5DDD09-902E-4881-98D0-CB896333B4AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*","matchCriteriaId":"26A3B226-5D7C-4556-9350-5222DC8EFC2C"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x64:*","matchCriteriaId":"75F7306B-D1DA-48C2-AF87-4480E161D794"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x86:*","matchCriteriaId":"BA9BCD55-F71E-4920-B906-A1386843776A"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30104","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30104","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-21338","sourceIdentifier":"secure@microsoft.com","published":"2025-01-14T18:15:59.300","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"GDI+ Remote Code Execution Vulnerability"},{"lang":"es","value":"Vulnerabilidad de ejecución remota de código en GDI+"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:*:*:*:*:*:iphone_os:*:*","versionEndExcluding":"2.93.24123014","matchCriteriaId":"6D7CCBA8-04D3-42A0-9F08-28A0F9258E7D"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:*:*:*:*:*:universal:*:*","versionEndExcluding":"16.0.14326.22175","matchCriteriaId":"65FB1E96-8B01-430B-9A38-CE9074D71894"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:*:*:*:*:*:android:*:*","versionEndExcluding":"16.0.18429.20000","matchCriteriaId":"B63F2FD7-513A-4C3B-A59D-4F1F7AC4A07D"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:*:*:*:*:*:macos:*:*","versionEndExcluding":"16.93.25011212","matchCriteriaId":"0697A94F-0856-4B53-B9B2-6EA6E6A7755C"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2024:*:*:*:ltsc:macos:*:*","matchCriteriaId":"873BD998-9D5A-4C09-A3B3-4DB12ABB6F72"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*","matchCriteriaId":"BF0E8112-5B6F-4E55-8E40-38ADCF6FC654"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.10240.20890","matchCriteriaId":"D5C2C390-24E9-42C9-84BF-EE28670CAB30"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.10240.20890","matchCriteriaId":"C0B9C790-A26D-4EBD-B5CA-F0C628835A21"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.14393.7699","matchCriteriaId":"DE0F44E5-40C1-4BE3-BBA4-507564182682"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.14393.7699","matchCriteriaId":"83F40BB6-BBAE-4CD4-A5FE-1DAF690101AB"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.17763.6775","matchCriteriaId":"1BB028F9-A802-40C7-97BF-1D169291678F"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.17763.6775","matchCriteriaId":"9F077951-8177-4FEE-A49A-76E51AE48CE0"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.19044.5371","matchCriteriaId":"5D64D2C7-51C3-47EB-B86E-75172846F4DF"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.19045.5371","matchCriteriaId":"BC92CC57-B18C-43C3-8180-9A2108407433"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.22621.4751","matchCriteriaId":"D84EDF98-16E1-412A-9879-2C2FEF87FB2B"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.22631.4751","matchCriteriaId":"282E3839-E953-4B14-A860-DBACC1E99AFF"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.26100.2894","matchCriteriaId":"78A3F671-95DC-442A-A511-1E875DF93546"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*","matchCriteriaId":"5F422A8C-2C4E-42C8-B420-E0728037E15C"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*","matchCriteriaId":"AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*","matchCriteriaId":"A7DF96F8-BA6A-4780-9CA3-F719B3F81074"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*","matchCriteriaId":"DB18C4CE-5917-401E-ACF7-2747084FD36E"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.14393.7699","matchCriteriaId":"DA4426DD-B748-4CC4-AC68-88AD963E5F0C"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.17763.6775","matchCriteriaId":"8F604C79-6A12-44C9-B69D-A2E323641079"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.20348.3091","matchCriteriaId":"7B8C9C82-359E-4318-A10D-AA47CDFB38FE"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.25398.1369","matchCriteriaId":"E3E0C061-2DA7-4237-9607-F6792DC92DD3"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.26100.2894","matchCriteriaId":"2CFD18D5-3C1F-4E3A-A143-EE3F1FFBB880"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21338","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-21361","sourceIdentifier":"secure@microsoft.com","published":"2025-01-14T18:16:01.637","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft Outlook Remote Code Execution Vulnerability"},{"lang":"es","value":"Vulnerabilidad de ejecución remota de código en Microsoft Outlook"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-641"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2024:*:*:*:ltsc:macos:*:*","matchCriteriaId":"873BD998-9D5A-4C09-A3B3-4DB12ABB6F72"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*","matchCriteriaId":"BF0E8112-5B6F-4E55-8E40-38ADCF6FC654"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:outlook:*:*:*:*:*:macos:*:*","versionEndExcluding":"16.93","matchCriteriaId":"CA396764-8253-45AA-BFDF-AE9F32C924C7"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21361","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-21402","sourceIdentifier":"secure@microsoft.com","published":"2025-01-14T18:16:04.190","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft Office OneNote Remote Code Execution Vulnerability"},{"lang":"es","value":"Vulnerabilidad de ejecución remota de código en Microsoft Office OneNote"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-641"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2024:*:*:*:ltsc:macos:*:*","matchCriteriaId":"873BD998-9D5A-4C09-A3B3-4DB12ABB6F72"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*","matchCriteriaId":"BF0E8112-5B6F-4E55-8E40-38ADCF6FC654"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:onenote:-:*:*:*:*:macos:*:*","matchCriteriaId":"C4EC14DE-82C6-495B-BFD8-8D1FA781D50F"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21402","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-3406","sourceIdentifier":"cna@vuldb.com","published":"2025-04-08T04:15:31.647","lastModified":"2026-05-19T22:20:06.597","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was found in Nothings stb up to f056911. It has been classified as problematic. Affected is the function stbhw_build_tileset_from_image of the component Header Array Handler. The manipulation of the argument w leads to out-of-bounds read. It is possible to launch the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way."},{"lang":"es","value":"Se encontró una vulnerabilidad en Nothings stb hasta f056911. Se ha clasificado como problemática. La función stbhw_build_tileset_from_image del componente Header Array Handler está afectada. La manipulación del argumento w provoca una lectura fuera de los límites. Es posible ejecutar el ataque de forma remota. Este producto utiliza una versión continua para una entrega continua. Por lo tanto, no se dispone de detalles de las versiones afectadas ni de las versiones actualizadas. Se contactó al proveedor con antelación sobre esta divulgación, pero no respondió de ninguna manera."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-119"},{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nothings:stb_image.h:*:*:*:*:*:*:*:*","versionEndIncluding":"2.13","matchCriteriaId":"A8118E14-B738-4671-A61E-7FEB1057505D"}]}]}],"references":[{"url":"https://vuldb.com/?ctiid.303684","source":"cna@vuldb.com","tags":["Permissions Required","VDB Entry"]},{"url":"https://vuldb.com/?id.303684","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/?submit.544226","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2025-3407","sourceIdentifier":"cna@vuldb.com","published":"2025-04-08T04:15:31.877","lastModified":"2026-05-19T22:19:40.720","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was found in Nothings stb up to f056911. It has been declared as critical. Affected by this vulnerability is the function stbhw_build_tileset_from_image. The manipulation of the argument h_count/v_count leads to out-of-bounds read. The attack can be launched remotely. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way."},{"lang":"es","value":"Se encontró una vulnerabilidad en Nothings stb hasta f056911. Se ha declarado crítica. La función stbhw_build_tileset_from_image se ve afectada por esta vulnerabilidad. La manipulación del argumento h_count/v_count provoca una lectura fuera de los límites. El ataque puede ejecutarse remotamente. Este producto utiliza el enfoque de lanzamiento continuo para garantizar una entrega continua. Por lo tanto, no se dispone de detalles de las versiones afectadas ni de las actualizadas. Se contactó al proveedor con antelación para informarle sobre esta divulgación, pero no respondió."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-119"},{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nothings:stb_image.h:*:*:*:*:*:*:*:*","versionEndIncluding":"2.13","matchCriteriaId":"A8118E14-B738-4671-A61E-7FEB1057505D"}]}]}],"references":[{"url":"https://vuldb.com/?ctiid.303685","source":"cna@vuldb.com","tags":["Permissions Required","VDB Entry"]},{"url":"https://vuldb.com/?id.303685","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/?submit.544227","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2025-3408","sourceIdentifier":"cna@vuldb.com","published":"2025-04-08T04:15:32.077","lastModified":"2026-05-19T22:19:54.320","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was found in Nothings stb up to f056911. It has been rated as critical. Affected by this issue is the function stb_dupreplace. The manipulation leads to integer overflow. The attack may be launched remotely. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way."},{"lang":"es","value":"Se encontró una vulnerabilidad en Nothings stb hasta f056911. Se ha clasificado como crítica. Este problema afecta a la función stb_dupreplace. La manipulación provoca un desbordamiento de enteros. El ataque puede ejecutarse remotamente. Este producto utiliza un sistema de entrega continua con versiones progresivas. Por lo tanto, no se dispone de detalles de las versiones afectadas ni de las versiones actualizadas. Se contactó al proveedor con antelación para informarle sobre esta divulgación, pero no respondió."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-189"},{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nothings:stb_image.h:*:*:*:*:*:*:*:*","versionEndIncluding":"2.13","matchCriteriaId":"A8118E14-B738-4671-A61E-7FEB1057505D"}]}]}],"references":[{"url":"https://vuldb.com/?ctiid.303686","source":"cna@vuldb.com","tags":["Permissions Required","VDB Entry"]},{"url":"https://vuldb.com/?id.303686","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/?submit.544230","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/?submit.544230","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2025-3409","sourceIdentifier":"cna@vuldb.com","published":"2025-04-08T05:15:40.050","lastModified":"2026-05-19T22:17:10.083","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability classified as critical has been found in Nothings stb up to f056911. This affects the function stb_include_string. The manipulation of the argument path_to_includes leads to stack-based buffer overflow. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way."},{"lang":"es","value":"Se ha detectado una vulnerabilidad crítica en Nothings stb hasta f056911. Esta afecta a la función stb_include_string. La manipulación del argumento path_to_includes provoca un desbordamiento del búfer en la pila. Es posible iniciar el ataque de forma remota. Este producto no utiliza control de versiones. Por ello, no se dispone de información sobre las versiones afectadas y no afectadas. Se contactó al proveedor con antelación para informarle sobre esta divulgación, pero no respondió."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-119"},{"lang":"en","value":"CWE-121"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nothings:stb_image.h:*:*:*:*:*:*:*:*","versionEndIncluding":"2.13","matchCriteriaId":"A8118E14-B738-4671-A61E-7FEB1057505D"}]}]}],"references":[{"url":"https://vuldb.com/?ctiid.303687","source":"cna@vuldb.com","tags":["Permissions Required","VDB Entry"]},{"url":"https://vuldb.com/?id.303687","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/?submit.544231","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2025-5278","sourceIdentifier":"secalert@redhat.com","published":"2025-05-27T21:15:23.197","lastModified":"2026-05-19T17:16:21.153","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data."},{"lang":"es","value":"Se encontró una falla en GNU Coreutils. La función begfield() de la utilidad sort es vulnerable a una lectura insuficiente del búfer del montón. El programa puede acceder a memoria fuera del búfer asignado si un usuario ejecuta un comando manipulado con el formato de clave tradicional. Una entrada maliciosa podría provocar un fallo o la filtración de datos confidenciales."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":2.5}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2025-5278","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2368764","source":"secalert@redhat.com"},{"url":"https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633","source":"secalert@redhat.com"},{"url":"https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507","source":"secalert@redhat.com"},{"url":"http://www.openwall.com/lists/oss-security/2025/05/27/2","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2025/05/29/1","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2025/05/29/2","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security-tracker.debian.org/tracker/CVE-2025-5278","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2025-4598","sourceIdentifier":"secalert@redhat.com","published":"2025-05-30T14:15:23.557","lastModified":"2026-05-19T16:16:18.370","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality."},{"lang":"es","value":"Se ha encontrado una vulnerabilidad en systemd-coredump. Este fallo permite a un atacante forzar un proceso SUID para que deje de funcionar y reemplazarlo con un no-SUID binario para acceder al proceso original y con privilegios coredump; lo que permite al atacante leer información sensible, como el contenido de /etc/shadow, cargado por el proceso original. Un binario SUID o proceso tiene un tipo especial de permiso que faculta al proceso a ejecutarse con los permisos del propietario del fichero, independientemente de quién sea el usuario que ejecuta el binario. Esto permite al proceso acceder a datos más restringidos que a un usuario sin privilegios o a un proceso. Un atacante puede aprovechar este fallo forzando la caída de un proceso SUID y haciendo que el kernel de Linux recicle el PID del proceso antes de que systemd-coredump pueda analizar el fichero /proc/pid/auxv. Si el atacante gana la condición de carrera, obtiene acceso al fichero coredump del proceso SUID original y puede leer contenido sensible cargado en la memoria por el binario original, lo que afecta a la confidencialidad de la información."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.0,"impactScore":3.6}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-364"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*","versionEndExcluding":"252.37","matchCriteriaId":"98671AC8-0605-4881-ADCC-2E10DE1AE90F"},{"vulnerable":true,"criteria":"cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*","versionStartIncluding":"253","versionEndExcluding":"253.32","matchCriteriaId":"0E7F2C6F-96E2-4891-87CB-6077FC9605ED"},{"vulnerable":true,"criteria":"cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*","versionStartIncluding":"254","versionEndExcluding":"254.25","matchCriteriaId":"C81ED4A1-39A0-4001-BB70-41F3D0CB127B"},{"vulnerable":true,"criteria":"cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*","versionStartIncluding":"255","versionEndExcluding":"255.19","matchCriteriaId":"B946E172-E883-483C-8679-090E08FF83A8"},{"vulnerable":true,"criteria":"cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*","versionStartIncluding":"256","versionEndExcluding":"256.14","matchCriteriaId":"99646749-054D-4901-98D4-E2BFA9C2A650"},{"vulnerable":true,"criteria":"cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*","versionStartIncluding":"257","versionEndExcluding":"257.6","matchCriteriaId":"C60BC789-E25D-4726-BCD0-6F28BC69579A"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*","matchCriteriaId":"932D137F-528B-4526-9A89-CD59FA1AB0FE"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","matchCriteriaId":"FA6FEEC2-9F11-4643-8827-749718254FED"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*","matchCriteriaId":"46D69DCC-AE4D-4EA5-861C-D60951444C6C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:oracle:linux:8:-:*:*:*:*:*:*","matchCriteriaId":"CA9021D6-6027-42E9-A12D-7EA32C5C63F1"},{"vulnerable":true,"criteria":"cpe:2.3:o:oracle:linux:9:-:*:*:*:*:*:*","matchCriteriaId":"9E6116DA-D643-4C6D-8B90-0A41125F1EF0"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.16","matchCriteriaId":"FAB7877E-481F-42D2-9C30-AB2522E8F55C"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2025:22660","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:22868","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:23227","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:23234","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:0414","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:1652","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:18153","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2025-4598","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2369242","source":"secalert@redhat.com","tags":["Issue Tracking"]},{"url":"https://www.openwall.com/lists/oss-security/2025/05/29/3","source":"secalert@redhat.com","tags":["Mailing List"]},{"url":"http://seclists.org/fulldisclosure/2025/Jun/9","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2025/06/05/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2025/06/05/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2025/08/18/3","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.openwall.com/lists/oss-security/2025/08/18/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-082556.html","source":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e"}]}},{"cve":{"id":"CVE-2025-5351","sourceIdentifier":"secalert@redhat.com","published":"2025-07-04T09:15:37.100","lastModified":"2026-05-19T14:16:28.773","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed."},{"lang":"es","value":"Se detectó una falla en la función de exportación de claves de libssh. El problema se produce en la función interna encargada de convertir las claves criptográficas a formatos serializados. Durante la gestión de errores, se libera una estructura de memoria, pero no se borra, lo que puede provocar un problema de doble liberación si se produce un fallo adicional más adelante en la función. Esta condición puede provocar corrupción del montón o inestabilidad de la aplicación en situaciones de memoria insuficiente, lo que supone un riesgo para la fiabilidad del sistema donde se realizan las operaciones de exportación de claves."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-415"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*","versionStartIncluding":"0.10.0","versionEndExcluding":"0.11.2","matchCriteriaId":"28859F90-CC03-4355-AC1B-E595AE86511A"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*","matchCriteriaId":"932D137F-528B-4526-9A89-CD59FA1AB0FE"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","matchCriteriaId":"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:18683","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2025-5351","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2369367","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2025-4878","sourceIdentifier":"secalert@redhat.com","published":"2025-07-22T15:15:36.307","lastModified":"2026-05-19T14:16:28.620","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption."},{"lang":"es","value":"Se encontró una vulnerabilidad en libssh que permite la existencia de una variable no inicializada en la función privatekey_from_file() bajo ciertas condiciones. Esta falla puede activarse si el archivo especificado por el nombre de archivo no existe y puede provocar posibles errores de firma o corrupción del montón."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":3.6,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.0,"impactScore":2.5}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:18683","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2025-4878","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2376184","source":"secalert@redhat.com"},{"url":"https://git.libssh.org/projects/libssh.git/commit/?id=697650caa97eaf7623924c75f9fcfec6dd423cd1","source":"secalert@redhat.com"},{"url":"https://git.libssh.org/projects/libssh.git/commit/?id=b35ee876adc92a208d47194772e99f9c71e0bedb","source":"secalert@redhat.com"},{"url":"https://www.libssh.org/security/advisories/CVE-2025-4878.txt","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2025-8114","sourceIdentifier":"secalert@redhat.com","published":"2025-07-24T15:15:27.117","lastModified":"2026-05-19T14:16:28.970","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash."},{"lang":"es","value":"Se encontró una falla en libssh, una librería que implementa el protocolo SSH. Al calcular el ID de sesión durante el proceso de intercambio de claves (KEX), un fallo de asignación en las funciones criptográficas puede provocar una desreferencia de puntero nulo. Este problema puede provocar el bloqueo del cliente o del servidor."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":3.6}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*","versionEndIncluding":"0.11.2","matchCriteriaId":"A2936209-B5E8-4C55-ABEE-2CD028C91B8F"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:18683","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2025-8114","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2383220","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://git.libssh.org/projects/libssh.git/commit/?id=53ac23ded4cb2c5463f6c4cd1525331bd578812d","source":"secalert@redhat.com"},{"url":"https://git.libssh.org/projects/libssh.git/commit/?id=65f363c9","source":"secalert@redhat.com"},{"url":"https://www.libssh.org/security/advisories/CVE-2025-8114.txt","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2025-8283","sourceIdentifier":"secalert@redhat.com","published":"2025-07-28T19:15:43.957","lastModified":"2026-05-19T17:16:21.343","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AAAA record is sent as a response. When creating a container with a given name, this name will be used as the hostname for the container itself, as the podman's search domain is not added anymore the container is using the host's resolv.conf, and the DNS resolver will try to look into the search domains contained on it. If one of the domains contain a name with the same hostname as the running container, the connection will forward to unexpected external servers."},{"lang":"es","value":"Se encontró una vulnerabilidad en el paquete netavark, una pila de red para contenedores utilizados con Podman. Debido a la eliminación del dominio de búsqueda dns.podman, netavark podría devolver servidores externos si se envía un registro A/AAAA válido como respuesta. Al crear un contenedor con un nombre determinado, este se usará como nombre de host del contenedor. Dado que el dominio de búsqueda de Podman ya no se agrega, el contenedor utiliza el archivo resolv.conf del host y el solucionador DNS intentará buscar en los dominios de búsqueda que contiene. Si uno de los dominios contiene el mismo nombre de host que el contenedor en ejecución, la conexión se redireccionará a servidores externos inesperados."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-15"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*","matchCriteriaId":"932D137F-528B-4526-9A89-CD59FA1AB0FE"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2025-8283","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2383941","source":"secalert@redhat.com","tags":["Issue Tracking"]},{"url":"https://github.com/advisories/GHSA-rpcf-rmh6-42xr","source":"secalert@redhat.com"},{"url":"https://github.com/containers/netavark/releases/tag/v1.15.1","source":"secalert@redhat.com"},{"url":"https://github.com/containers/podman/issues/2619","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2025-4877","sourceIdentifier":"secalert@redhat.com","published":"2025-08-20T13:15:28.890","lastModified":"2026-05-19T14:16:28.457","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to ssh_get_fingerprint_hash() function. In such cases the bin_to_base64() function can experience an integer overflow leading to a memory under allocation, when that happens it's possible that the program perform out of bounds write leading to a heap corruption.\nThis issue affects only 32-bits builds of libssh."},{"lang":"es","value":"Existe una vulnerabilidad en el paquete libssh: cuando un consumidor de libssh pasa un búfer de entrada inesperadamente grande a la función ssh_get_fingerprint_hash(), la función bin_to_base64() puede experimentar un desbordamiento de enteros que provoca una asignación insuficiente de memoria. En este caso, es posible que el programa realice una escritura fuera de los límites, lo que provoca una corrupción del montón. Este problema solo afecta a las compilaciones de 32 bits de libssh."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":4.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.0,"impactScore":3.4}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:18683","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2025-4877","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2376193","source":"secalert@redhat.com"},{"url":"https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=6fd9cc8ce3958092a1aae11f1f2e911b2747732d","source":"secalert@redhat.com"},{"url":"https://www.libssh.org/security/advisories/CVE-2025-4877.txt","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2025-9566","sourceIdentifier":"secalert@redhat.com","published":"2025-09-05T20:15:36.727","lastModified":"2026-05-19T14:16:29.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file.\n\nBinary-Affected: podman\nUpstream-version-introduced: v4.0.0\nUpstream-version-fixed: v5.6.1"}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://access.redhat.com/errata/RHBA-2025:15692","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHBA-2025:15712","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHBA-2025:16158","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHBA-2025:16163","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHEA-2025:4782","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:15900","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:15901","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:15904","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:16480","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:16481","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:16482","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:16488","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:16515","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:16724","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:17669","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:18217","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:18218","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:18240","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:19002","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:19041","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:19046","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:19094","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:19894","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:20909","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:20983","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:18289","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:18722","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:8211","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2025-9566","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2393152","source":"secalert@redhat.com"},{"url":"https://github.com/containers/podman/commit/43fbde4e665fe6cee6921868f04b7ccd3de5ad89","source":"secalert@redhat.com"},{"url":"https://github.com/containers/podman/security/advisories/GHSA-wp3j-xq48-xpjw","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2025-8277","sourceIdentifier":"secalert@redhat.com","published":"2025-09-09T12:15:30.677","lastModified":"2026-05-19T14:16:29.150","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":1.4}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-401"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:18683","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2025-8277","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2383888","source":"secalert@redhat.com"},{"url":"https://www.libssh.org/security/advisories/CVE-2025-8277.txt","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2025-11234","sourceIdentifier":"secalert@redhat.com","published":"2025-10-03T11:15:30.437","lastModified":"2026-05-19T15:16:26.153","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network access to the VNC WebSocket port to cause a denial of service during the WebSocket handshake prior to the VNC client authentication."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2025:23228","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:0326","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:0332","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:0702","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:1831","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:18772","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:3077","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:3165","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:5578","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2025-11234","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2401209","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2025-11568","sourceIdentifier":"secalert@redhat.com","published":"2025-10-15T20:15:34.007","lastModified":"2026-05-19T16:16:17.673","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A data corruption vulnerability has been identified in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker with the necessary permissions can exploit this flaw by writing a large amount of metadata to an encrypted device. The utility fails to correctly validate the available space, causing the metadata to overwrite and corrupt the user's encrypted data. This action leads to a permanent loss of the stored information. Devices using the LUKS formats other than LUKS1 are not affected by this issue."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":0.8,"impactScore":3.6}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1284"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2025:23086","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:18421","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:18824","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2025-11568","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2404244","source":"secalert@redhat.com"},{"url":"https://github.com/latchset/luksmeta/pull/16","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2025-12748","sourceIdentifier":"secalert@redhat.com","published":"2025-11-11T20:15:34.453","lastModified":"2026-05-19T16:16:17.817","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvirt to allocate too much memory on the host. The excessive memory consumption could lead to a libvirt process crash on the host, resulting in a denial-of-service condition."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:18326","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:18748","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2025-12748","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2413801","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2025-54770","sourceIdentifier":"secalert@redhat.com","published":"2025-11-18T19:15:49.200","lastModified":"2026-05-19T16:16:18.900","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free issue, caused because the net_set_vlan command is not properly unregistered when the network module is unloaded from memory. An attacker who can execute this command can force the system to access memory locations that are no longer valid. Successful exploitation leads directly to system instability, which can result in a complete crash and halt system availability"}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.4,"impactScore":3.4}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-825"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2025-54770","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2413813","source":"secalert@redhat.com"},{"url":"https://lists.gnu.org/archive/html/grub-devel/2025-11/msg00155.html","source":"secalert@redhat.com"},{"url":"http://www.openwall.com/lists/oss-security/2025/11/18/4","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2025-54771","sourceIdentifier":"secalert@redhat.com","published":"2025-11-18T19:15:49.420","lastModified":"2026-05-19T16:16:19.060","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A use-after-free vulnerability has been identified in the GNU GRUB (Grand Unified Bootloader). The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invalid reference to a file system structure. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.4,"impactScore":3.4}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-825"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2025-54771","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2413823","source":"secalert@redhat.com"},{"url":"https://lists.gnu.org/archive/html/grub-devel/2025-11/msg00155.html","source":"secalert@redhat.com"},{"url":"http://www.openwall.com/lists/oss-security/2025/11/18/3","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2025-61664","sourceIdentifier":"secalert@redhat.com","published":"2025-11-18T19:15:50.610","lastModified":"2026-05-19T16:16:19.183","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory Use After Free issue, occurs because the normal_exit command is not properly unregistered when its related module is unloaded. An attacker can exploit this condition by invoking the command after the module has been removed, causing the system to improperly access a previously freed memory location. This leads to a system crash or possible impacts in data confidentiality and integrity."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.4,"impactScore":3.4}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-825"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2025-61664","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2414685","source":"secalert@redhat.com"},{"url":"https://lists.gnu.org/archive/html/grub-devel/2025-11/msg00155.html","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2025-13601","sourceIdentifier":"secalert@redhat.com","published":"2025-11-26T15:15:51.723","lastModified":"2026-05-19T16:16:17.953","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":5.2}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:codeready_linux_builder:9.0:*:*:*:*:*:aarch64:*","matchCriteriaId":"7905C85D-4663-4485-99C1-202F4A7D6EBD"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*","matchCriteriaId":"CA3C5EAE-267F-410F-8AFA-8F5B68A9E617"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"7B3D7389-35C1-48C4-A9EC-2564842723C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:codeready_linux_builder_for_x86_64:9.0:*:*:*:*:*:*:*","matchCriteriaId":"D70C7263-C24B-4090-9E44-0E0CFD2294A1"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0:*:*:*:*:*:aarch64:*","matchCriteriaId":"1810D5FB-1AB2-4861-A671-CA548C2FFDC3"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*","matchCriteriaId":"FB056B47-1F45-4CE4-81F6-872F66C24C29"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"E07C1C58-0E5F-4B56-9B8D-5DE67DB00F79"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_x86_64:9.0:*:*:*:*:*:*:*","matchCriteriaId":"5EE296A4-202C-41AF-92AB-AC0672EAFA90"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:10.0:*:*:*:*:*:aarch64:*","matchCriteriaId":"EF8B4882-78F7-4DC5-BF80-983143DA0155"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:10.0_s390x:*:*:*:*:*:*:*","matchCriteriaId":"FA2DB6C0-E18E-492A-B517-4020A7FB049A"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:10.0_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"6FAC9D08-6D5C-443D-99C7-6FD20AF83523"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:codeready_linux_builder_for_x86_64:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D791EEA5-68D1-41E0-A53D-8EBB9C6CF873"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_arm_64:10.0:*:*:*:*:*:aarch64:*","matchCriteriaId":"18873769-C951-42F2-A98B-761652148F59"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:10.0_s390x:*:*:*:*:*:*:*","matchCriteriaId":"8492E227-C09E-4F51-8EAF-0F7BCCD41A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:10.0_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"1FABD546-0E45-4A65-A2E5-50EC62B852E7"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_x86_64:10.0:*:*:*:*:*:*:*","matchCriteriaId":"5C4D6060-0C13-4976-A366-C4655367AA78"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:8.0:*:*:*:*:*:aarch64:*","matchCriteriaId":"C70933CB-B915-4792-902B-CC858829D208"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*","matchCriteriaId":"55CF7208-4D36-4C35-92BC-F6EA2C8DEDE1"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"F791F846-7762-40E0-9056-032FD10F2046"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:codeready_linux_builder_for_x86_64:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F967F2F2-9B99-46D3-A092-F7AE41F5D5B6"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:*:*:*:*:*:aarch64:*","matchCriteriaId":"73F3D9DA-CEFB-471B-85A2-8652D37D7F30"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*","matchCriteriaId":"32AF225E-94C0-4D07-900C-DD868C05F554"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"23D471AC-7DCA-4425-AD91-E5D928753A8C"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_x86_64:8.0:*:*:*:*:*:*:*","matchCriteriaId":"97104CED-E93B-49CE-81F8-810AF2A8A392"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.2:*:*:*:*:*:aarch64:*","matchCriteriaId":"4ACBFE13-EF28-48EC-ACDC-AC3159C2AB67"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.2_s390x:*:*:*:*:*:*:*","matchCriteriaId":"2E068ABB-31C2-416E-974A-95E07A2BAB0A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.2_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"ED521457-498F-4E43-B714-9A3F2C3CD09A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_x86_64:9.2:*:*:*:*:*:*:*","matchCriteriaId":"66DA6342-8316-4961-9C2A-01D6DC51446A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*","matchCriteriaId":"F32CA554-F9D7-425B-8F1C-89678507F28C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.4:*:*:*:*:*:aarch64:*","matchCriteriaId":"80A262F1-B05B-43BA-ABB2-0FDE68C16A8C"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.4_s390x:*:*:*:*:*:*:*","matchCriteriaId":"1E1C5656-6A78-4DCD-A369-76DFD61618E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:9.4_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"D0002CB3-8004-4927-A92C-E7C1F83322E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:codeready_linux_builder_for_x86_64:9.4:*:*:*:*:*:*:*","matchCriteriaId":"0F4B9984-698D-4A60-AB6C-3B4CCDD9697F"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.4:*:*:*:*:*:aarch64:*","matchCriteriaId":"8B79BA89-CB0F-4153-9692-AA9BEA765076"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.4_s390x:*:*:*:*:*:*:*","matchCriteriaId":"069180B4-BA50-4AD0-8BA9-83F8005E58BE"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.4_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"53EBD3B7-D31D-46A5-BDFA-178FDF79C776"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_x86_64:9.4:*:*:*:*:*:*:*","matchCriteriaId":"A75E10C3-AA3F-43CD-AB14-16754619B48D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_x86_64_eus:9.4:*:*:*:*:*:*:*","matchCriteriaId":"E5EF3CEF-62CF-4860-8301-4154D2407236"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*","matchCriteriaId":"39D345D3-108A-4551-A112-5EE51991411A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian:9.4_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"212A3822-46F7-4144-B875-349452A93F73"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"24105826-EBD2-4029-978B-B7176343C09C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:10.0:*:*:*:*:*:aarch64:*","matchCriteriaId":"C1FC4688-EE61-40B0-B36C-5B40A54FEB0E"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:10.0_s390x:*:*:*:*:*:*:*","matchCriteriaId":"8E6DF379-2929-4F2B-A3F7-D32EF0A634B5"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:10.0_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"79B04B55-C375-4A04-88B6-307B5121538D"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:codeready_linux_builder_for_x86_64_eus:10.0:*:*:*:*:*:*:*","matchCriteriaId":"0AEA15D8-8BE8-4D4A-97C3-5F237CAB18DE"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:10.0:*:*:*:*:*:aarch64:*","matchCriteriaId":"FC6F6213-7AE9-4454-B3CB-8AD6999C733E"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:10.0_s390x:*:*:*:*:*:*:*","matchCriteriaId":"6D8456B7-F13F-4E74-B610-F1301B738A6C"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:10.0_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"189D490B-E674-4957-BD84-B0615A06FBF7"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_x86_64_eus:10.0:*:*:*:*:*:*:*","matchCriteriaId":"9ECE154D-05A8-43F6-AAEB-9EF460B3A721"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian:10.0_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"50CBF587-5E49-41B8-803E-3020142FF1A6"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.6:*:*:*:*:*:aarch64:*","matchCriteriaId":"9B58B337-8F7B-4812-91BF-F26044EDF603"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.6_s390x:*:*:*:*:*:*:*","matchCriteriaId":"D4A892AD-1CB2-42AC-B163-DB34613D8AF8"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:9.6_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"AC8564CF-FCAC-48AE-AE11-4AB7068197BB"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:codeready_linux_builder_for_x86_64:9.6:*:*:*:*:*:*:*","matchCriteriaId":"241FE2FA-8B22-4878-B30A-81ABEFD29C2D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.6:*:*:*:*:*:aarch64:*","matchCriteriaId":"8E3BC071-331C-40FF-911C-699B83C9E874"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.6_s390x:*:*:*:*:*:*:*","matchCriteriaId":"D284FF58-5ED8-4F0F-80BA-4E677256994A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.6_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"F1F38D24-E400-42E8-BBD3-CA44CE414D54"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.6_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"0516993E-CBD5-44F1-8684-7172C9ABFD0A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_x86_64:9.6:*:*:*:*:*:*:*","matchCriteriaId":"DAF644CC-8CDF-4C0C-B40C-80106A479B58"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_x86_64_eus:9.6:*:*:*:*:*:*:*","matchCriteriaId":"7254B894-CFCB-4599-8228-A3DD7C996489"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:9.6:*:*:*:*:*:*:*","matchCriteriaId":"0FDD919E-B7FE-4EC5-8D6B-EC9A4723D6E2"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian:9.6_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"7BA517DC-CC2E-4F71-A753-3611747C2B03"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_x86_64:8.6:*:*:*:*:*:*:*","matchCriteriaId":"C04BCAC6-85B4-45C3-9591-B8A3B95E0682"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_x86_64_eus:8.6:*:*:*:*:*:*:*","matchCriteriaId":"DF4865A7-DD37-45C0-839E-AA07F47DD44F"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*","matchCriteriaId":"76C24D94-834A-4E9D-8F73-624AFA99AAA2"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian:8.6_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"B5ACFD7D-558D-4E72-824B-3C890BE76086"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*","matchCriteriaId":"1272DF03-7674-4BD4-8E64-94004B195448"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_x86_64:8.8:*:*:*:*:*:*:*","matchCriteriaId":"7692F48F-F14D-452A-B145-761A28A65063"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_x86_64_eus:8.8:*:*:*:*:*:*:*","matchCriteriaId":"439D3548-E194-4A99-8E39-EC1A7B1C0BAF"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian:8.8_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"C9F10F1F-5DA7-49FF-A8A7-524251699323"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*","matchCriteriaId":"F1CA946D-1665-4874-9D41-C7D963DD1F56"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_x86_64_eus:8.4:*:*:*:*:*:*:*","matchCriteriaId":"A50F79DB-13DE-4725-962D-9487256F03EB"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*","matchCriteriaId":"E28F226A-CBC7-4A32-BE58-398FA5B42481"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*","matchCriteriaId":"6897676D-53F9-45B3-B27F-7FF9A4C58D33"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:ceph_storage:8.0:*:*:*:*:*:*:*","matchCriteriaId":"52AE9D9D-5D74-4AB8-8FF9-5CEA2A1A97B8"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:discovery:2.0:*:*:*:*:*:*:*","matchCriteriaId":"46C0E53D-07D5-48BF-8749-637DACF255A5"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*","versionEndExcluding":"2.86.3","matchCriteriaId":"890566A0-619C-42E2-BD1D-9EFAC63E68F4"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:*","matchCriteriaId":"40449571-22F8-44FA-B57B-B43F71AB25E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.16:*:*:*:*:*:*:*","matchCriteriaId":"0EBB38E1-4161-402D-8A37-74D92891AAC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.17:*:*:*:*:*:*:*","matchCriteriaId":"F4B66318-326A-43E4-AF14-015768296E4E"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.18:*:*:*:*:*:*:*","matchCriteriaId":"710DD65D-7740-4D21-9078-5242C034B00B"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.19:*:*:*:*:*:*:*","matchCriteriaId":"F6DB92CE-A718-4162-A212-6EB15EFE9470"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.12:*:*:*:*:*:*:*","matchCriteriaId":"E52D8667-D64B-4E4D-972F-089A2D834C34"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.16:*:*:*:*:*:*:*","matchCriteriaId":"D3056B67-E5C4-40A0-86BF-1D9E6637B13F"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.17:*:*:*:*:*:*:*","matchCriteriaId":"5E33CF29-5075-467C-8F38-D7144262CF8A"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.18:*:*:*:*:*:*:*","matchCriteriaId":"68CE620D-7572-4194-87C0-E278BDC2AED3"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.19:*:*:*:*:*:*:*","matchCriteriaId":"31D15414-0D1A-43E2-A7F5-30EE5A97F9E9"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.12:*:*:*:*:*:*:*","matchCriteriaId":"352D5845-975E-4B7F-A44D-4F99D43450BC"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.16:*:*:*:*:*:*:*","matchCriteriaId":"F1C47559-7265-4185-84B5-D8D2B177E08A"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.17:*:*:*:*:*:*:*","matchCriteriaId":"E0D104DE-8FF4-4CD1-A698-3A5296956FCE"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.18:*:*:*:*:*:*:*","matchCriteriaId":"FECE0715-303D-4696-9145-0CF6E0CBCDCC"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.19:*:*:*:*:*:*:*","matchCriteriaId":"4B4807AE-AFE5-4036-ADFC-0AD635551605"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.12:*:*:*:*:*:*:*","matchCriteriaId":"1E5E9340-DD85-4B10-9A1D-9021C95229A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.16:*:*:*:*:*:*:*","matchCriteriaId":"ABEED453-F241-4841-A5AE-8BFFA587119F"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.17:*:*:*:*:*:*:*","matchCriteriaId":"ACED494B-3DE5-41E2-A775-DEFEA19E92FE"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.18:*:*:*:*:*:*:*","matchCriteriaId":"D260BEC4-3932-4F7E-8C2B-2472C320373A"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.19:*:*:*:*:*:*:*","matchCriteriaId":"C17BE9D3-0C33-4240-A7D7-DA5094E152D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform_for_power:4.12:*:*:*:*:*:*:*","matchCriteriaId":"2127E592-F973-4244-9793-680736EC5313"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform_for_power:4.16:*:*:*:*:*:*:*","matchCriteriaId":"0EC48A26-5827-4EC0-BE90-EA25F0A9B56C"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform_for_power:4.17:*:*:*:*:*:*:*","matchCriteriaId":"57C161A1-56C7-4090-989D-F1784F1F4E54"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform_for_power:4.18:*:*:*:*:*:*:*","matchCriteriaId":"7F398F24-4233-4914-B063-5F586D843DA7"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform_for_power:4.19:*:*:*:*:*:*:*","matchCriteriaId":"D408B9F4-3E3A-4FD6-AA48-785A8C77E197"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:0936","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:0975","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:0991","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:1323","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:1324","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:1326","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:1327","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:1465","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:1608","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:1624","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:1625","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:1626","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:1627","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:1652","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:1736","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:18344","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:18705","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:2064","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:2072","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:2485","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:2563","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:2633","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:2659","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:2671","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:2974","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:3415","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:4419","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:7461","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2025-13601","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2416741","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://gitlab.gnome.org/GNOME/glib/-/issues/3827","source":"secalert@redhat.com","tags":["Exploit","Issue Tracking"]},{"url":"https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914","source":"secalert@redhat.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2025-9615","sourceIdentifier":"secalert@redhat.com","published":"2026-01-26T20:16:09.207","lastModified":"2026-05-19T15:16:27.317","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in NetworkManager. The NetworkManager package allows access to files that may belong to other users. NetworkManager allows non-root users to configure the system's network. The daemon runs with root privileges and can access files owned by users different from the one who added the connection."},{"lang":"es","value":"Se encontró una falla en NetworkManager. El paquete NetworkManager permite el acceso a archivos que pueden pertenecer a otros usuarios. NetworkManager permite a usuarios no-root configurar la red del sistema. El demonio se ejecuta con privilegios de root y puede acceder a archivos propiedad de usuarios diferentes de aquel que añadió la conexión."}],"metrics":{"cvssMetricV30":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-281"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:18142","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:18597","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2025-9615","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2391503","source":"secalert@redhat.com"},{"url":"https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1809","source":"secalert@redhat.com"},{"url":"https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2324","source":"secalert@redhat.com"},{"url":"https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2327","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-24351","sourceIdentifier":"cvd@cert.pl","published":"2026-02-27T12:16:03.047","lastModified":"2026-05-19T22:15:55.437","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"PluXml CMS is vulnerable to Stored XSS in Static Pages editing functionality. Attacker with editing privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page.\n\nThe vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only versions 5.8.21 and 5.9.0-rc7 were tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable."},{"lang":"es","value":"PluXml CMS es vulnerable a XSS Almacenado en la funcionalidad de edición de Páginas Estáticas. Un atacante con privilegios de edición puede inyectar HTML y JS arbitrarios en el sitio web, que será renderizado/ejecutado al visitar la página editada.\n\nSe notificó al proveedor con antelación sobre esta vulnerabilidad, pero no respondió dando los detalles de la vulnerabilidad ni del rango de versiones vulnerables. Solo se probaron las versiones 5.8.21 y 5.9.0-rc7 y se confirmó que eran vulnerables; no se probaron otras versiones por lo que también podrían ser vulnerables."}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pluxml:pluxml:5.8.21:*:*:*:*:*:*:*","matchCriteriaId":"7E8A60BA-2CCD-4CA1-85EB-C576B06084AE"},{"vulnerable":true,"criteria":"cpe:2.3:a:pluxml:pluxml:5.9.0:rc7:*:*:*:*:*:*","matchCriteriaId":"7D0C04B0-AC68-4DA0-BC6B-4AED935A5C47"}]}]}],"references":[{"url":"https://cert.pl/posts/2026/03/CVE-2026-24350","source":"cvd@cert.pl","tags":["Broken Link"]},{"url":"https://pluxml.org/","source":"cvd@cert.pl","tags":["Product"]}]}},{"cve":{"id":"CVE-2026-24352","sourceIdentifier":"cvd@cert.pl","published":"2026-02-27T12:16:03.210","lastModified":"2026-05-19T22:16:07.247","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"PluXml CMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID\nfor a victim and later hijack the authenticated session.\n\nThe vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only versions 5.8.21 and 5.9.0-rc7 were tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable."},{"lang":"es","value":"PluXml CMS permite que el identificador de sesión de un usuario sea establecido antes de la autenticación. El valor de este ID de sesión permanece igual después de la autenticación. Este comportamiento permite a un atacante fijar un ID de sesión para una víctima y luego secuestrar la sesión autenticada.\n\nSe notificó al proveedor con antelación sobre esta vulnerabilidad, pero no respondió dando los detalles de la vulnerabilidad ni el rango de versiones vulnerables. Solo se probaron las versiones 5.8.21 y 5.9.0-rc7 y se confirmó que eran vulnerables; no se probaron otras versiones por lo que también podrían ser vulnerables."}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Primary","description":[{"lang":"en","value":"CWE-384"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pluxml:pluxml:5.8.21:*:*:*:*:*:*:*","matchCriteriaId":"7E8A60BA-2CCD-4CA1-85EB-C576B06084AE"},{"vulnerable":true,"criteria":"cpe:2.3:a:pluxml:pluxml:5.9.0:rc7:*:*:*:*:*:*","matchCriteriaId":"7D0C04B0-AC68-4DA0-BC6B-4AED935A5C47"}]}]}],"references":[{"url":"https://cert.pl/posts/2026/03/CVE-2026-24350","source":"cvd@cert.pl","tags":["Broken Link"]},{"url":"https://pluxml.org/","source":"cvd@cert.pl","tags":["Product"]}]}},{"cve":{"id":"CVE-2026-2584","sourceIdentifier":"cve-coordination@incibe.es","published":"2026-03-02T09:16:18.150","lastModified":"2026-05-19T15:41:54.553","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A critical SQL Injection (SQLi) vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker (AV:N/PR:N) can exploit this flaw by sending specially crafted SQL queries through the login interface. Due to low attack complexity (AC:L) and the absence of specific requirements (AT:N), the vulnerability allows for a total compromise of the system's configuration data (VC:H/VI:H). While the availability of the service remains unaffected (VA:N), the breach may lead to a limited exposure of sensitive information regarding subsequent or interconnected systems (SC:L)."},{"lang":"es","value":"Una crítica vulnerabilidad de inyección SQL (SQLi) ha sido identificada en el módulo de autenticación del sistema. Un atacante remoto no autenticado (AV:N/PR:N) puede explotar esta falla enviando consultas SQL especialmente diseñadas a través de la interfaz de inicio de sesión. Debido a la baja complejidad del ataque (AC:L) y la ausencia de requisitos específicos (AT:N), la vulnerabilidad permite un compromiso total de los datos de configuración del sistema (VC:H/VI:H). Si bien la disponibilidad del servicio permanece inalterada (VA:N), la brecha puede conducir a una exposición limitada de información sensible con respecto a sistemas subsiguientes o interconectados (SC:L)."}],"metrics":{"cvssMetricV40":[{"source":"cve-coordination@incibe.es","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"cve-coordination@incibe.es","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-ciser-system-sl-firmware","source":"cve-coordination@incibe.es"}]}},{"cve":{"id":"CVE-2026-3449","sourceIdentifier":"report@snyk.io","published":"2026-03-03T05:17:25.017","lastModified":"2026-05-19T15:38:48.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then() usage to hang indefinitely. This can cause a control-flow leak that can lead to stalled requests, blocked workers, or degraded application availability."},{"lang":"es","value":"Versiones del paquete @tootallnate/once anteriores a la 3.0.1 son vulnerables a un Alcance Incorrecto del Flujo de Control en la resolución de promesas cuando se utiliza la opción AbortSignal. La Promesa permanece en un estado permanentemente pendiente después de que la señal es abortada, causando que cualquier uso de await o .then() se quede colgado indefinidamente. Esto puede causar una fuga en el flujo de control que puede llevar a solicitudes estancadas, workers bloqueados o disponibilidad degradada de la aplicación."}],"metrics":{"cvssMetricV40":[{"source":"report@snyk.io","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"report@snyk.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":1.4}]},"weaknesses":[{"source":"report@snyk.io","type":"Secondary","description":[{"lang":"en","value":"CWE-705"}]}],"references":[{"url":"https://github.com/TooTallNate/once/commit/b9f43cc5259bee2952d91ad3cdbd201a82df448a","source":"report@snyk.io"},{"url":"https://github.com/TooTallNate/once/issues/8","source":"report@snyk.io"},{"url":"https://security.snyk.io/vuln/SNYK-JS-TOOTALLNATEONCE-15250612","source":"report@snyk.io"}]}},{"cve":{"id":"CVE-2026-2743","sourceIdentifier":"vulnerability@ncsc.ch","published":"2026-03-05T07:16:14.670","lastModified":"2026-05-19T20:16:18.463","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is the large file transfer (LFT). \n\nThis issue affects SeppMail: 15.0.2.1 and before"},{"lang":"es","value":"Escritura arbitraria de archivos mediante carga por salto de ruta que lleva a ejecución remota de código en la interfaz web de usuario de SeppMail. La característica afectada es la transferencia de archivos grandes (LFT). Este problema afecta a SeppMail: 15.0.2.1 y versiones anteriores."}],"metrics":{"cvssMetricV40":[{"source":"vulnerability@ncsc.ch","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:X","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"ATTACKED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"vulnerability@ncsc.ch","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-434"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:seppmail:seppmail:*:*:*:*:*:*:*:*","versionEndIncluding":"15.0.2.1","matchCriteriaId":"ADABBDE5-D0B9-4A42-B997-81C811C7FADA"}]}]}],"references":[{"url":"https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html","source":"vulnerability@ncsc.ch","tags":["Release Notes"]},{"url":"https://labs.infoguard.ch/posts/seppmail_secure_e-mail_gateway_rce_vulnerabilities_cve-2026-2743_cve-2026-7864_cve-2026-44127_cve-2026-44128/","source":"vulnerability@ncsc.ch"},{"url":"https://labs.infoguard.ch/posts/seppmail_secure_e-mail_gateway_rce_vulnerabilities_cve-2026-2743_cve-2026-7864_cve-2026-44127_cve-2026-44128/","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-28267","sourceIdentifier":"vultures@jpcert.or.jp","published":"2026-03-10T17:38:38.227","lastModified":"2026-05-19T15:26:21.840","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple i-フィルター products are configured with improper file access permission settings. Files may be created or overwritten in the system directory or backup directory by a non-administrative user."},{"lang":"es","value":"Múltiples productos i-????? están configurados con ajustes de permisos de acceso a archivos incorrectos. Los archivos pueden ser creados o sobrescritos en el directorio del sistema o en el directorio de copia de seguridad por un usuario no administrativo."}],"metrics":{"cvssMetricV40":[{"source":"vultures@jpcert.or.jp","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV30":[{"source":"vultures@jpcert.or.jp","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"vultures@jpcert.or.jp","type":"Primary","description":[{"lang":"en","value":"CWE-276"}]}],"references":[{"url":"https://biz3.optim.co.jp/","source":"vultures@jpcert.or.jp"},{"url":"https://jvn.jp/en/jp/JVN17307628/","source":"vultures@jpcert.or.jp"},{"url":"https://sd.fjsd001.dfcenter.jp.fujitsu.com/portal/ja/kb/articles/windows%E3%81%AE%E3%83%AA%E3%83%AA%E3%83%BC%E3%82%B9%E3%83%8E%E3%83%BC%E3%83%88","source":"vultures@jpcert.or.jp"},{"url":"https://www.daj.jp/shared/php/downloadset/c/parts.php?page=dl&filename=information_20260309_01.pdf","source":"vultures@jpcert.or.jp"},{"url":"https://www.daj.jp/shared/php/downloadset/c/parts.php?page=dl&filename=information_20260309_02.pdf","source":"vultures@jpcert.or.jp"},{"url":"https://www.mobi-connect.net/file/ifilter/","source":"vultures@jpcert.or.jp"}]}},{"cve":{"id":"CVE-2025-13777","sourceIdentifier":"cybersecurity@ch.abb.com","published":"2026-03-13T19:53:49.073","lastModified":"2026-05-19T15:06:36.883","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Authentication bypass by capture-replay vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1."},{"lang":"es","value":"Vulnerabilidad de omisión de autenticación por captura-repetición en ABB AWIN GW100 rev.2, ABB AWIN GW120. Este problema afecta a AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1."}],"metrics":{"cvssMetricV40":[{"source":"cybersecurity@ch.abb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cybersecurity@ch.abb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.5}]},"weaknesses":[{"source":"cybersecurity@ch.abb.com","type":"Primary","description":[{"lang":"en","value":"CWE-294"}]}],"references":[{"url":"https://search.abb.com/library/Download.aspx?DocumentID=4JNO000329&LanguageCode=en&DocumentPartId=&Action=Launch","source":"cybersecurity@ch.abb.com"}]}},{"cve":{"id":"CVE-2025-13778","sourceIdentifier":"cybersecurity@ch.abb.com","published":"2026-03-13T19:53:49.283","lastModified":"2026-05-19T15:06:36.883","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1."},{"lang":"es","value":"Vulnerabilidad de ausencia de autenticación para función crítica en ABB AWIN GW100 rev.2, ABB AWIN GW120. Este problema afecta a AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1."}],"metrics":{"cvssMetricV40":[{"source":"cybersecurity@ch.abb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cybersecurity@ch.abb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"cybersecurity@ch.abb.com","type":"Primary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://search.abb.com/library/Download.aspx?DocumentID=4JNO000329&LanguageCode=en&DocumentPartId=&Action=Launch","source":"cybersecurity@ch.abb.com"}]}},{"cve":{"id":"CVE-2025-13779","sourceIdentifier":"cybersecurity@ch.abb.com","published":"2026-03-13T19:53:49.480","lastModified":"2026-05-19T15:06:36.883","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1."},{"lang":"es","value":"Vulnerabilidad de falta de autenticación para función crítica en ABB AWIN GW100 rev.2, ABB AWIN GW120. Este problema afecta a AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1."}],"metrics":{"cvssMetricV40":[{"source":"cybersecurity@ch.abb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cybersecurity@ch.abb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.5}]},"weaknesses":[{"source":"cybersecurity@ch.abb.com","type":"Primary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://search.abb.com/library/Download.aspx?DocumentID=4JNO000329&LanguageCode=en&DocumentPartId=&Action=Launch","source":"cybersecurity@ch.abb.com"}]}},{"cve":{"id":"CVE-2026-3873","sourceIdentifier":"vulnerability@ncsc.ch","published":"2026-03-13T19:55:10.810","lastModified":"2026-05-19T15:44:56.380","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Use of Hard-coded Credentials vulnerability in Avantra allows Accessing \nFunctionality Not Properly Constrained by ACLs. This issue affects \nAvantra: before 25.3.0."},{"lang":"es","value":"Vulnerabilidad de uso de credenciales codificadas en Avantra permite acceder a funcionalidades no restringidas adecuadamente por ACLs. Este problema afecta a Avantra: versiones anteriores a la 25.3.0."}],"metrics":{"cvssMetricV31":[{"source":"vulnerability@ncsc.ch","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.7}]},"weaknesses":[{"source":"vulnerability@ncsc.ch","type":"Secondary","description":[{"lang":"en","value":"CWE-798"}]}],"references":[{"url":"https://support.avantra.com/hc/en-us/articles/5352465121695-Security-Notice-Legacy-Built-In-User-Account-rtm","source":"vulnerability@ncsc.ch"}]}},{"cve":{"id":"CVE-2025-11500","sourceIdentifier":"cvd@cert.pl","published":"2026-03-16T14:17:54.113","lastModified":"2026-05-19T15:17:37.183","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 have two separate authentication mechanisms - one solely for interface management and one for protecting all other server resources. When the latter is turned off (which is a default setting), an unauthenticated attacker on the local network can obtain usernames and encoded passwords for interface management portal by inspecting the HTTP response of the server when visiting the login page, which contains a JSON file with these details. Both normal and admin users credentials are exposed. \nThis issue has been fixed in firmware versions: 1.36 (for tcPDU), 1.67 (for LK3.5 - hardware versions: 3.5, 3.6, 3.7 and 3.8), 1.75 (for LK3.9 - hardware version 3.9) and 1.38 (for LK4 - hardware version 4.0)."},{"lang":"es","value":"Los dispositivos Tinycontrol como tcPDU y los controladores LAN LK3.5, LK3.9 y LK4 tienen dos mecanismos de autenticación separados: uno únicamente para la gestión de la interfaz y otro para proteger todos los demás recursos del servidor. Cuando este último está desactivado (lo cual es una configuración predeterminada), un atacante no autenticado en la red local puede obtener nombres de usuario y contraseñas codificadas para el portal de gestión de la interfaz al inspeccionar la respuesta HTTP del servidor cuando se visita la página de inicio de sesión, la cual contiene un archivo JSON con estos detalles. Las credenciales de usuarios normales y administradores quedan expuestas.\nEste problema ha sido solucionado en las versiones de firmware: 1.36 (para tcPDU), 1.67 (para LK3.5 - versiones de hardware: 3.5, 3.6, 3.7 y 3.8), 1.75 (para LK3.9 - versión de hardware 3.9) y 1.38 (para LK4 - versión de hardware 4.0)."}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Primary","description":[{"lang":"en","value":"CWE-201"},{"lang":"en","value":"CWE-261"}]}],"references":[{"url":"https://cert.pl/en/posts/2026/03/CVE-2025-11500/","source":"cvd@cert.pl"},{"url":"https://securitum.com/CVE-2025-11500","source":"cvd@cert.pl"},{"url":"https://tinycontrol.pl/en/archives/lan-controller-35/downloads/#firmware","source":"cvd@cert.pl"},{"url":"https://tinycontrol.pl/en/lk39/downloads/#firmware","source":"cvd@cert.pl"},{"url":"https://tinycontrol.pl/en/lk4/downloads/#firmware","source":"cvd@cert.pl"},{"url":"https://tinycontrol.pl/en/tcpdu/downloads/#firmware","source":"cvd@cert.pl"}]}},{"cve":{"id":"CVE-2025-15587","sourceIdentifier":"cvd@cert.pl","published":"2026-03-16T14:17:56.577","lastModified":"2026-05-19T15:17:37.183","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 allow a low privileged user to read an administrator's password by directly accessing a specific resource inaccessible via a graphical interface.\n\nThis issue has been fixed in firmware versions: 1.36 (for tcPDU), 1.67 (for LK3.5 - hardware versions: 3.5, 3.6, 3.7 and 3.8), 1.75 (for LK3.9 - hardware version 3.9) and 1.38 (for LK4 - hardware version 4.0)."},{"lang":"es","value":"Los dispositivos Tinycontrol como tcPDU y los Controladores LAN LK3.5, LK3.9 y LK4 permiten a un usuario con bajos privilegios leer la contraseña de un administrador accediendo directamente a un recurso específico inaccesible a través de una interfaz gráfica.\n\nEste problema ha sido solucionado en las versiones de firmware: 1.36 (para tcPDU), 1.67 (para LK3.5 - versiones de hardware: 3.5, 3.6, 3.7 y 3.8), 1.75 (para LK3.9 - versión de hardware 3.9) y 1.38 (para LK4 - versión de hardware 4.0)."}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Primary","description":[{"lang":"en","value":"CWE-425"}]}],"references":[{"url":"https://cert.pl/en/posts/2026/03/CVE-2025-11500/","source":"cvd@cert.pl"},{"url":"https://tinycontrol.pl/en/archives/lan-controller-35/downloads/#firmware","source":"cvd@cert.pl"},{"url":"https://tinycontrol.pl/en/lk39/downloads/#firmware","source":"cvd@cert.pl"},{"url":"https://tinycontrol.pl/en/lk4/downloads/#firmware","source":"cvd@cert.pl"},{"url":"https://tinycontrol.pl/en/tcpdu/downloads/#firmware","source":"cvd@cert.pl"}]}},{"cve":{"id":"CVE-2026-25083","sourceIdentifier":"vultures@jpcert.or.jp","published":"2026-03-16T14:18:18.177","lastModified":"2026-05-19T15:26:21.840","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"GROWI OpenAI thread/message API endpoints do not perform authorization. Affected are v7.4.5 and earlier versions. A logged-in user who knows a shared AI assistant's identifier may view and/or tamper the other user's threads/messages."},{"lang":"es","value":"Los puntos finales de la API de hilos/mensajes de GROWI OpenAI no realizan autorización. Las versiones afectadas son la v7.4.5 y anteriores. Un usuario autenticado que conoce el identificador de un asistente de IA compartido puede ver y/o manipular los hilos/mensajes de otro usuario."}],"metrics":{"cvssMetricV40":[{"source":"vultures@jpcert.or.jp","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV30":[{"source":"vultures@jpcert.or.jp","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":5.5}]},"weaknesses":[{"source":"vultures@jpcert.or.jp","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://growi.co.jp/news/41/","source":"vultures@jpcert.or.jp"},{"url":"https://jvn.jp/en/jp/JVN46373837/","source":"vultures@jpcert.or.jp"}]}},{"cve":{"id":"CVE-2026-3020","sourceIdentifier":"cve-coordination@incibe.es","published":"2026-03-16T14:19:45.150","lastModified":"2026-05-19T15:41:54.553","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Identity based authorization bypass vulnerability (IDOR) that allows an attacker to modify the data of a legitimate user account, such as changing the victim's email address, validating the new email address, and requesting a new password. This could allow them to take complete control of other users' legitimate accounts"},{"lang":"es","value":"Vulnerabilidad de omisión de autorización basada en identidad (IDOR) que permite a un atacante modificar los datos de una cuenta de usuario legítima, como cambiar la dirección de correo electrónico de la víctima, validar la nueva dirección de correo electrónico y solicitar una nueva contraseña. Esto podría permitirles tomar el control completo de otras cuentas legítimas de usuarios."}],"metrics":{"cvssMetricV40":[{"source":"cve-coordination@incibe.es","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"cve-coordination@incibe.es","type":"Primary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wakyma-application-web","source":"cve-coordination@incibe.es"}]}},{"cve":{"id":"CVE-2026-3110","sourceIdentifier":"cve-coordination@incibe.es","published":"2026-03-16T14:19:46.907","lastModified":"2026-05-19T15:41:54.553","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Insecure Direct Object Reference (IDOR) vulnerability in Campus Educativa specifically at the endpoint '/administracion/admin_usuarios.cgi?filtro_estado=T&wAccion=listado_xlsx&wBuscar=&wFiltrar=&wOrden=alta_usuario&wid_cursoActual=[ID]' where the data of users enrolled in the course is exported. Successful exploitation of this vulnerability could allow an unauthenticated attacker to access user data (e.g., usernames, first and last names, email addresses, and phone numbers) and retrieve the data of all users enrolled in courses by performing a brute-force attack on the course ID via a manipulated URL."},{"lang":"es","value":"Vulnerabilidad de Referencia Directa a Objeto Insegura (IDOR) en Campus Educativa específicamente en el endpoint '/administracion/admin_usuarios.cgi?filtro_estado=T&amp;wAccion=listado_xlsx&amp;wBuscar=&amp;wFiltrar=&amp;wOrden=alta_usuario&amp;wid_cursoActual=[ID]' donde se exportan los datos de los usuarios matriculados en el curso. La explotación exitosa de esta vulnerabilidad podría permitir a un atacante no autenticado acceder a datos de usuario (por ejemplo, nombres de usuario, nombres y apellidos, direcciones de correo electrónico y números de teléfono) y recuperar los datos de todos los usuarios matriculados en los cursos realizando un ataque de fuerza bruta sobre el ID del curso a través de una URL manipulada."}],"metrics":{"cvssMetricV40":[{"source":"cve-coordination@incibe.es","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"cve-coordination@incibe.es","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-educativa-campus","source":"cve-coordination@incibe.es"}]}},{"cve":{"id":"CVE-2026-3111","sourceIdentifier":"cve-coordination@incibe.es","published":"2026-03-16T14:19:47.090","lastModified":"2026-05-19T15:41:54.553","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Insecure Direct Object Reference (IDOR) vulnerability in Campus Educativa specifically at the endpoint '/archivos/usuarios/[ID]/[username]/thumb_AAxAA.jpg' (translated as 80x90 and 40x45). Successful exploitation of this vulnerability could allow an unauthenticated attacker to access the profile photos of all users via a manipulated URL, enabling them to collect user photos en masse. This could lead to these photos being used maliciously to impersonate identities, perform social engineering, link identities across platforms using facial recognition, or even carry out doxxing."},{"lang":"es","value":"Vulnerabilidad de Referencia Directa Insegura a Objeto (IDOR) en Campus Educativa específicamente en el endpoint '/archivos/usuarios/[ID]/[username]/thumb_AAxAA.jpg' (traducido como 80x90 y 40x45). La explotación exitosa de esta vulnerabilidad podría permitir a un atacante no autenticado acceder a las fotos de perfil de todos los usuarios a través de una URL manipulada, lo que les permitiría recopilar fotos de usuarios masivamente. Esto podría llevar a que estas fotos sean utilizadas maliciosamente para suplantar identidades, realizar ingeniería social, vincular identidades entre plataformas utilizando reconocimiento facial, o incluso llevar a cabo doxxing."}],"metrics":{"cvssMetricV40":[{"source":"cve-coordination@incibe.es","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"cve-coordination@incibe.es","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-educativa-campus","source":"cve-coordination@incibe.es"}]}},{"cve":{"id":"CVE-2026-4271","sourceIdentifier":"secalert@redhat.com","published":"2026-03-17T12:16:13.280","lastModified":"2026-05-19T22:16:38.640","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the application attempting to access memory that has already been freed, potentially causing application instability or crashes, resulting in a Denial of Service (DoS)."},{"lang":"es","value":"Se encontró un defecto en libsoup, una biblioteca para manejar solicitudes HTTP. Esta vulnerabilidad, conocida como un uso después de liberación, ocurre en la implementación del servidor HTTP/2. Un atacante remoto puede explotar esto enviando solicitudes HTTP/2 especialmente diseñadas que causan fallos de autenticación. Esto puede llevar a que la aplicación intente acceder a memoria que ya ha sido liberada, lo que podría causar inestabilidad o caídas de la aplicación, resultando en una denegación de servicio (DoS)."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnome:libsoup:-:*:*:*:*:*:*:*","matchCriteriaId":"C5BAC4F4-3ACD-4F4D-920C-F920FD2C5472"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","matchCriteriaId":"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:15968","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:17482","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19143","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-4271","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2448044","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://gitlab.gnome.org/GNOME/libsoup/-/issues/496","source":"secalert@redhat.com","tags":["Exploit","Issue Tracking","Vendor Advisory"]},{"url":"https://gitlab.gnome.org/GNOME/libsoup/-/issues/496","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Issue Tracking","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-30707","sourceIdentifier":"cve@mitre.org","published":"2026-03-17T20:16:13.870","lastModified":"2026-05-19T18:08:17.823","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in SpeedExam Online Examination System (SaaS) after v.FEV2026. It allows Broken Access Control via the ReviewAnswerDetails ASP.NET PageMethod. Authenticated attackers can bypass client-side restrictions and invoke this method directly to retrieve the full answer key. The provider states that this issue is \"Fixed in [02/2026] backend service update.\""},{"lang":"es","value":"Se descubrió un problema en SpeedExam Online Examination System (SaaS) después de la v.FEV2026. Permite un Control de Acceso Roto a través del PageMethod ASP.NET ReviewAnswerDetails. Atacantes autenticados pueden eludir las restricciones del lado del cliente e invocar este método directamente para recuperar la clave de respuestas completa."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://github.com/Maarckz/VulnReports/blob/main/CVE-2026-30707.md","source":"cve@mitre.org"},{"url":"https://github.com/Maarckz/VulnReports/blob/main/SpeedExam%20%28SECOPS.GROUP%29.md","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-24062","sourceIdentifier":"551230f0-3615-47bd-b7cc-93e92e730bbf","published":"2026-03-18T16:16:26.300","lastModified":"2026-05-19T15:35:04.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The \"Privileged Helper\" component of the Arturia Software Center (MacOS) does not perform sufficient client code signature validation when a client connects. This leads to an attacker being able to connect to the helper and execute privileged actions leading to local privilege escalation."},{"lang":"es","value":"El componente 'Privileged Helper' del Arturia Software Center (MacOS) no realiza una validación suficiente de la firma del código del cliente cuando un cliente se conecta. Esto permite que un atacante pueda conectarse al helper y ejecutar acciones privilegiadas, lo que lleva a una escalada de privilegios local."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"551230f0-3615-47bd-b7cc-93e92e730bbf","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://r.sec-consult.com/arturia","source":"551230f0-3615-47bd-b7cc-93e92e730bbf"}]}},{"cve":{"id":"CVE-2026-24063","sourceIdentifier":"551230f0-3615-47bd-b7cc-93e92e730bbf","published":"2026-03-18T16:16:26.527","lastModified":"2026-05-19T15:35:04.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"When a plugin is installed using the Arturia Software Center (MacOS), it also installs an uninstall.sh bash script in a root owned path. This script is written to disk with the file permissions 777, meaning it is writable by any user. When uninstalling a plugin via the Arturia Software Center the Privileged Helper gets instructed to execute this script. When the bash script is manipulated by an attacker this scenario will lead to privilege escalation."},{"lang":"es","value":"Cuando se instala un plugin usando el Arturia Software Center (macOS), también instala un script bash uninstall.sh en una ruta propiedad de root. Este script se escribe en el disco con los permisos de archivo 777, lo que significa que es escribible por cualquier usuario. Al desinstalar un plugin a través del Arturia Software Center, el Privileged Helper recibe instrucciones para ejecutar este script. Cuando el script bash es manipulado por un atacante, este escenario conducirá a una escalada de privilegios."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.5,"impactScore":6.0}]},"weaknesses":[{"source":"551230f0-3615-47bd-b7cc-93e92e730bbf","type":"Secondary","description":[{"lang":"en","value":"CWE-276"}]}],"references":[{"url":"https://r.sec-consult.com/arturia","source":"551230f0-3615-47bd-b7cc-93e92e730bbf"}]}},{"cve":{"id":"CVE-2025-14716","sourceIdentifier":"VulnerabilityReporting@secomea.com","published":"2026-03-19T11:16:14.857","lastModified":"2026-05-19T15:35:04.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Authentication vulnerability in Secomea GateManager (webserver modules) allows Authentication Bypass.This issue affects GateManager: 11.4;0."},{"lang":"es","value":"Vulnerabilidad de autenticación incorrecta en Secomea GateManager (módulos de servidor web) permite la omisión de autenticación. Este problema afecta a GateManager: 11.4;0."}],"metrics":{"cvssMetricV31":[{"source":"VulnerabilityReporting@secomea.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"VulnerabilityReporting@secomea.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://www.secomea.com/support/cybersecurity-advisory/","source":"VulnerabilityReporting@secomea.com"}]}},{"cve":{"id":"CVE-2026-4342","sourceIdentifier":"jordan@liggitt.net","published":"2026-03-19T22:16:43.143","lastModified":"2026-05-19T22:16:49.783","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)"},{"lang":"es","value":"Se descubrió un problema de seguridad en ingress-nginx donde una combinación de anotaciones de Ingress puede utilizarse para inyectar configuración en nginx. Esto puede conducir a la ejecución de código arbitrario en el contexto del controlador ingress-nginx, y a la divulgación de Secrets accesibles para el controlador. (Tenga en cuenta que en la instalación predeterminada, el controlador puede acceder a todos los Secrets a nivel de clúster.)"}],"metrics":{"cvssMetricV31":[{"source":"jordan@liggitt.net","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"jordan@liggitt.net","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:kubernetes:nginx_ingress_controller:*:*:*:*:*:*:*:*","versionEndExcluding":"1.13.9","matchCriteriaId":"82AD4893-EAC1-4B3E-A842-4C1439D0FC38"},{"vulnerable":true,"criteria":"cpe:2.3:a:kubernetes:nginx_ingress_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"1.14.0","versionEndExcluding":"1.14.5","matchCriteriaId":"9499B75E-F160-425A-B641-61BF3B71FC57"},{"vulnerable":true,"criteria":"cpe:2.3:a:kubernetes:nginx_ingress_controller:1.15.0:*:*:*:*:*:*:*","matchCriteriaId":"7BF84B6C-C427-45A4-AE30-ED4F47F05680"}]}]}],"references":[{"url":"https://github.com/kubernetes/kubernetes/issues/137893","source":"jordan@liggitt.net","tags":["Issue Tracking"]},{"url":"http://www.openwall.com/lists/oss-security/2026/03/19/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-4606","sourceIdentifier":"0df08a0e-a200-4957-9bb0-084f562506f9","published":"2026-03-23T02:16:05.213","lastModified":"2026-05-19T15:22:14.957","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"GV Edge Recording Manager (ERM) v2.3.1 improperly runs application components with SYSTEM-level privileges, allowing any local user to gain full control of the operating system. \n\nDuring installation, ERM creates a Windows service that runs under the LocalSystem account. \n\nWhen the ERM application is launched, related processes are spawned under SYSTEM privileges rather than the security context of the logged-in user. \n\nFunctions such as 'Import Data' open a Windows file dialog operating with SYSTEM permissions, enabling modification or deletion of protected system files and directories. \n\nAny ERM function invoking Windows file open/save dialogs exposes the same risk. \n\nThis vulnerability allows local privilege escalation and may result in full system compromise."},{"lang":"es","value":"GV Edge Recording Manager (ERM) v2.3.1 ejecuta incorrectamente los componentes de la aplicación con privilegios de nivel SYSTEM, permitiendo a cualquier usuario local obtener control total del sistema operativo.\n\nDurante la instalación, ERM crea un servicio de Windows que se ejecuta bajo la cuenta LocalSystem.\n\nCuando se inicia la aplicación ERM, se generan procesos relacionados bajo privilegios SYSTEM en lugar del contexto de seguridad del usuario que ha iniciado sesión.\n\nFunciones como 'Importar Datos' abren un cuadro de diálogo de archivos de Windows que opera con permisos SYSTEM, lo que permite la modificación o eliminación de archivos y directorios del sistema protegidos.\n\nCualquier función de ERM que invoque cuadros de diálogo de abrir/guardar archivos de Windows expone el mismo riesgo.\n\nEsta vulnerabilidad permite la escalada de privilegios local y puede resultar en un compromiso total del sistema."}],"metrics":{"cvssMetricV40":[{"source":"0df08a0e-a200-4957-9bb0-084f562506f9","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:I/V:C/RE:M/U:Green","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NEGLIGIBLE","Automatable":"NO","Recovery":"IRRECOVERABLE","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"GREEN"}}]},"weaknesses":[{"source":"0df08a0e-a200-4957-9bb0-084f562506f9","type":"Secondary","description":[{"lang":"en","value":"CWE-250"}]}],"references":[{"url":"https://https://www.geovision.com.tw/cyber_security.php","source":"0df08a0e-a200-4957-9bb0-084f562506f9"}]}},{"cve":{"id":"CVE-2026-31846","sourceIdentifier":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","published":"2026-03-23T12:16:07.267","lastModified":"2026-05-19T15:50:41.340","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing authentication in the /goform/ate endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows an adjacent unauthenticated attacker to retrieve sensitive device information, including the administrator password. The endpoint returns a raw response containing parameters such as Login_PW, which is Base64-encoded. An attacker can decode this value to obtain valid administrative credentials and authenticate to the device."},{"lang":"es","value":"Una vulnerabilidad de divulgación de credenciales no autenticada en el endpoint /goform/ate del firmware Nexxt Solutions Nebula 300+ hasta Nebula300+_v12.01.01.37 permite a un atacante adyacente obtener la contraseña de administrador en formato codificado en Base64 a través de una solicitud HTTP manipulada. La credencial recuperada puede ser utilizada para autenticarse en el dispositivo y facilita un compromiso adicional cuando se combina con otras debilidades presentes en el firmware."}],"metrics":{"cvssMetricV40":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:A/AC:L/Au:N/C:C/I:N/A:N","baseScore":6.1,"accessVector":"ADJACENT_NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":6.5,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://nexxt-connectivity-frontend.s3.amazonaws.com/media/docs/Nebula300+_v12.01.01.37.zip","source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c"},{"url":"https://www.nexxtsolutions.com/connectivity/internal-products/ARN02304U6/","source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c"}]}},{"cve":{"id":"CVE-2025-41007","sourceIdentifier":"cve-coordination@incibe.es","published":"2026-03-23T13:16:29.913","lastModified":"2026-05-19T15:41:54.553","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SQL Injection in Cuantis. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'search' parameter in the '/search.php' endpoint."},{"lang":"es","value":"Inyección SQL en Cuantis. Esta vulnerabilidad permite a un atacante recuperar, crear, actualizar y eliminar bases de datos a través del parámetro 'search' en el endpoint '/search.php'."}],"metrics":{"cvssMetricV40":[{"source":"cve-coordination@incibe.es","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"cve-coordination@incibe.es","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-cuantis","source":"cve-coordination@incibe.es"}]}},{"cve":{"id":"CVE-2026-1958","sourceIdentifier":"cvd@cert.pl","published":"2026-03-23T13:16:30.093","lastModified":"2026-05-19T15:17:37.183","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Use of hard-coded credentials in Klinika XP and KlinikaXP Insertino allowed an unauthorized attacker access to several internal services. Critically, this included access to the FTP server that hosted the application's update packages. The attacker with these credentials could upload a malicious update file, which then may have been distributed and installed on client machines as a legitimate update.\n\nThis issue affects KlinikaXP: before 5.39.01.01. and KlinikaXP Insertino before 3.1.0.1\n\nBeside removing the hardcoded credentials from the code, previously exposed credentials were also rotated preventing further attack attempts."},{"lang":"es","value":"El uso de credenciales codificadas en Klinika XP y KlinikaXP Insertino permitió a un atacante no autorizado acceder a varios servicios internos. Críticamente, esto incluía el acceso al servidor FTP que alojaba los paquetes de actualización de la aplicación. El atacante con estas credenciales podría cargar un archivo de actualización malicioso, el cual podría haber sido distribuido e instalado en máquinas cliente como una actualización legítima.\n\nEste problema afecta a KlinikaXP: antes de la 5.39.01.01. y a KlinikaXP Insertino antes de la 3.1.0.1.\n\nAdemás de eliminar las credenciales codificadas del código, las credenciales previamente expuestas también fueron rotadas, evitando futuros intentos de ataque."}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Primary","description":[{"lang":"en","value":"CWE-798"}]}],"references":[{"url":"https://cert.pl/posts/2026/03/CVE-2026-1958","source":"cvd@cert.pl"},{"url":"https://www.klinikaxp.pl/","source":"cvd@cert.pl"}]}},{"cve":{"id":"CVE-2025-41008","sourceIdentifier":"cve-coordination@incibe.es","published":"2026-03-23T14:16:29.513","lastModified":"2026-05-19T15:43:28.500","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SQL injection vulnerability in Sinturno. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'client' parameter in the '/_adm/scripts/modalReport_data.php' endpoint."},{"lang":"es","value":"Vulnerabilidad de inyección SQL en Sinturno. Esta vulnerabilidad permite a un atacante recuperar, crear, actualizar y eliminar bases de datos a través del parámetro 'client' en el endpoint '/_adm/scripts/modalReport_data.php'."}],"metrics":{"cvssMetricV40":[{"source":"cve-coordination@incibe.es","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"cve-coordination@incibe.es","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-sinturno","source":"cve-coordination@incibe.es"}]}},{"cve":{"id":"CVE-2024-51348","sourceIdentifier":"cve@mitre.org","published":"2026-03-25T14:16:29.210","lastModified":"2026-05-19T18:08:17.823","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A stack-based buffer overflow vulnerability in the P2P API service in BS Producten Petcam with firmware 33.1.0.0818 allows unauthenticated attackers within network range to overwrite the instruction pointer and achieve Remote Code Execution (RCE) by sending a specially crafted HTTP request."},{"lang":"es","value":"Una vulnerabilidad de desbordamiento de búfer basado en pila en el servicio API P2P en BS Producten Petcam con firmware 33.1.0.0818 permite a atacantes no autenticados dentro del alcance de la red sobrescribir el puntero de instrucción y lograr Ejecución Remota de Código (RCE) enviando una solicitud HTTP especialmente diseñada."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"references":[{"url":"https://github.com/victorGoeman/BS-Producten-Petcam-Security-Research/blob/main/CVE-2024-51348.md","source":"cve@mitre.org"},{"url":"https://github.com/victorGoeman/BS-Producten-Petcam-Security-Research/blob/main/README.md","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-28760","sourceIdentifier":"vultures@jpcert.or.jp","published":"2026-03-26T07:16:20.030","lastModified":"2026-05-19T15:26:21.840","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The installer of RATOC RAID Monitoring Manager for Windows searches the current directory to load certain DLLs. If a user is directed to place a crafted DLL with the installer, an arbitrary code may be executed with the administrator privilege."},{"lang":"es","value":"El instalador de RATOC RAID Monitoring Manager para Windows busca en el directorio actual para cargar ciertas DLLs. Si se dirige a un usuario a colocar una DLL diseñada específicamente junto con el instalador, código arbitrario puede ser ejecutado con el privilegio de administrador."}],"metrics":{"cvssMetricV40":[{"source":"vultures@jpcert.or.jp","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV30":[{"source":"vultures@jpcert.or.jp","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"vultures@jpcert.or.jp","type":"Primary","description":[{"lang":"en","value":"CWE-427"}]}],"references":[{"url":"https://jvn.jp/en/jp/JVN08057419/","source":"vultures@jpcert.or.jp"},{"url":"https://www.ratocsystems.com/topics/userinfo/raidmanager202508/","source":"vultures@jpcert.or.jp"}]}},{"cve":{"id":"CVE-2026-32680","sourceIdentifier":"vultures@jpcert.or.jp","published":"2026-03-26T07:16:20.220","lastModified":"2026-05-19T15:26:21.840","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The installer of RATOC RAID Monitoring Manager for Windows allows to customize the installation folder. If the installation folder is customized to some non-default one, the folder may be left with un-secure ACLs and non-administrative users can alter contents of that folder. It may allow a non-administrative user to execute an arbitrary code with SYSTEM privilege."},{"lang":"es","value":"El instalador de RATOC RAID Monitoring Manager para Windows permite personalizar la carpeta de instalación. Si la carpeta de instalación se personaliza a una no predeterminada, la carpeta puede quedar con ACLs inseguras y los usuarios no administrativos pueden alterar el contenido de esa carpeta. Esto puede permitir a un usuario no administrativo ejecutar código arbitrario con privilegios de SYSTEM."}],"metrics":{"cvssMetricV40":[{"source":"vultures@jpcert.or.jp","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV30":[{"source":"vultures@jpcert.or.jp","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"vultures@jpcert.or.jp","type":"Primary","description":[{"lang":"en","value":"CWE-276"}]}],"references":[{"url":"https://jvn.jp/en/jp/JVN08057419/","source":"vultures@jpcert.or.jp"},{"url":"https://www.ratocsystems.com/topics/userinfo/raidmanager202508/","source":"vultures@jpcert.or.jp"}]}},{"cve":{"id":"CVE-2026-4262","sourceIdentifier":"cve-coordination@incibe.es","published":"2026-03-26T10:16:25.780","lastModified":"2026-05-19T15:43:28.500","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability of incorrect authorization in HiJiffy Chatbot allows an attacker to download private messages from other users via the parameter 'ID' in '/api/v1/download/<ID>/'."},{"lang":"es","value":"Vulnerabilidad de autorización incorrecta en HiJiffy Chatbot permite a un atacante descargar mensajes privados de otros usuarios a través del parámetro 'ID' en '/api/v1/download//'."}],"metrics":{"cvssMetricV40":[{"source":"cve-coordination@incibe.es","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"cve-coordination@incibe.es","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-hijiffy-chatbot","source":"cve-coordination@incibe.es"}]}},{"cve":{"id":"CVE-2026-4263","sourceIdentifier":"cve-coordination@incibe.es","published":"2026-03-26T10:16:26.173","lastModified":"2026-05-19T15:43:28.500","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability of incorrect authorization in HiJiffy Chatbot allows an attacker to download private messages from other users via the parameter \n'visitor' in '/api/v1/webchat/message'."},{"lang":"es","value":"Vulnerabilidad de autorización incorrecta en HiJiffy Chatbot permite a un atacante descargar mensajes privados de otros usuarios a través del parámetro 'visitor' en '/api/v1/webchat/message'."}],"metrics":{"cvssMetricV40":[{"source":"cve-coordination@incibe.es","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"cve-coordination@incibe.es","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-hijiffy-chatbot","source":"cve-coordination@incibe.es"}]}},{"cve":{"id":"CVE-2026-24068","sourceIdentifier":"551230f0-3615-47bd-b7cc-93e92e730bbf","published":"2026-03-26T11:16:20.097","lastModified":"2026-05-19T15:35:04.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The VSL privileged helper does utilize NSXPC for IPC. The implementation of the \"shouldAcceptNewConnection\" function, which is used by the NSXPC framework to validate if a client should be allowed to connect to the XPC listener, does not validate clients at all. This means that any process can connect to this service using the configured protocol. A malicious process is able to call all the functions defined in the corresponding HelperToolProtocol. No validation is performed in the functions \"writeReceiptFile\" and “runUninstaller” of the HelperToolProtocol. This allows an attacker to write files to any location with any data as well as execute any file with any arguments. Any process can call these functions because of the missing XPC client validation described before. The abuse of the missing endpoint validation leads to privilege escalation."},{"lang":"es","value":"El asistente privilegiado de VSL utiliza NSXPC para IPC. La implementación de la función 'shouldAcceptNewConnection', que es utilizada por el framework NSXPC para validar si a un cliente se le debe permitir conectarse al oyente XPC, no valida a los clientes en absoluto. Esto significa que cualquier proceso puede conectarse a este servicio utilizando el protocolo configurado. Un proceso malicioso puede llamar a todas las funciones definidas en el HelperToolProtocol correspondiente. No se realiza ninguna validación en las funciones 'writeReceiptFile' y 'runUninstaller' del HelperToolProtocol. Esto permite a un atacante escribir archivos en cualquier ubicación con cualquier dato, así como ejecutar cualquier archivo con cualquier argumento. Cualquier proceso puede llamar a estas funciones debido a la falta de validación del cliente XPC descrita anteriormente. El abuso de la falta de validación del endpoint conduce a la escalada de privilegios."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"551230f0-3615-47bd-b7cc-93e92e730bbf","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://r.sec-consult.com/vsl","source":"551230f0-3615-47bd-b7cc-93e92e730bbf"},{"url":"http://seclists.org/fulldisclosure/2026/Apr/3","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-4809","sourceIdentifier":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","published":"2026-03-26T11:16:21.440","lastModified":"2026-05-19T15:50:41.340","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"plank/laravel-mediable through version 6.4.0 can allow upload of a dangerous file type when an application using the package accepts or prefers a client-supplied MIME type during file upload handling. In that configuration, a remote attacker can submit a file containing executable PHP code while declaring a benign image MIME type, resulting in arbitrary file upload. If the uploaded file is stored in a web-accessible and executable location, this may lead to remote code execution. At the time of publication, no patch was available and the vendor had not responded to coordinated disclosure attempts."},{"lang":"es","value":"plank/laravel-mediable hasta la versión 6.4.0 puede permitir la carga de un tipo de archivo peligroso cuando una aplicación que utiliza el paquete acepta o prefiere un tipo MIME proporcionado por el cliente durante el manejo de la carga de archivos. En esa configuración, un atacante remoto puede enviar un archivo que contiene código PHP ejecutable mientras declara un tipo MIME de imagen benigno, lo que resulta en la carga arbitraria de archivos. Si el archivo cargado se almacena en una ubicación accesible por la web y ejecutable, esto puede conducir a la ejecución remota de código. En el momento de la publicación, no había ningún parche disponible y el proveedor no había respondido a los intentos de divulgación coordinada."}],"metrics":{"cvssMetricV40":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://github.com/plank/laravel-mediable","source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c"},{"url":"https://github.com/plank/laravel-mediable/releases/tag/6.4.0","source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c"}]}},{"cve":{"id":"CVE-2026-0964","sourceIdentifier":"secalert@redhat.com","published":"2026-03-26T21:17:00.393","lastModified":"2026-05-19T14:16:32.177","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A malicious SCP server can send unexpected paths that could make the\nclient application override local files outside of working directory.\nThis could be misused to create malicious executable or configuration\nfiles and make the user execute them under specific consequences.\n\nThis is the same issue as in OpenSSH, tracked as CVE-2019-6111."},{"lang":"es","value":"Un servidor SCP malicioso puede enviar rutas inesperadas que podrían hacer que la aplicación cliente sobrescriba archivos locales fuera del directorio de trabajo. Esto podría ser mal utilizado para crear archivos ejecutables o de configuración maliciosos y hacer que el usuario los ejecute bajo consecuencias específicas.\n\nEste es el mismo problema que en OpenSSH, rastreado como CVE-2019-6111."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV30":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":3.4}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*","versionEndExcluding":"0.11.4","matchCriteriaId":"68C64024-6979-46E1-A57F-5C0228DC8DAD"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:hardened_images:-:*:*:*:*:*:*:*","matchCriteriaId":"87DEB507-5B64-47D7-9A50-3B87FD1E571F"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*","matchCriteriaId":"932D137F-528B-4526-9A89-CD59FA1AB0FE"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:18160","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:18683","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-0964","source":"secalert@redhat.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436979","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://www.libssh.org/2026/02/10/libssh-0-12-0-and-0-11-4-security-releases/","source":"secalert@redhat.com","tags":["Release Notes"]}]}},{"cve":{"id":"CVE-2026-0965","sourceIdentifier":"secalert@redhat.com","published":"2026-03-26T21:17:00.607","lastModified":"2026-05-19T14:16:33.803","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providing a malicious configuration file or when the system is misconfigured. This vulnerability could lead to a Denial of Service (DoS) by causing the system to try and access dangerous files, such as block devices or large system files, which can disrupt normal operations."},{"lang":"es","value":"Se encontró una falla en libssh donde puede intentar abrir archivos arbitrarios durante el análisis de la configuración. Un atacante local puede explotar esto al proporcionar un archivo de configuración malicioso o cuando el sistema está mal configurado. Esta vulnerabilidad podría llevar a una denegación de servicio (DoS) al hacer que el sistema intente acceder a archivos peligrosos, como dispositivos de bloque o archivos de sistema grandes, lo que puede interrumpir las operaciones normales."}],"metrics":{"cvssMetricV30":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":1.4}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-73"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*","versionEndIncluding":"0.11.3","matchCriteriaId":"2366D711-FD0B-4A04-92BA-DE6DA0ED1BCF"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:18160","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:18683","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-0965","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436980","source":"secalert@redhat.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-0966","sourceIdentifier":"secalert@redhat.com","published":"2026-03-26T21:17:00.783","lastModified":"2026-05-19T14:16:36.260","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in libssh. The API function `ssh_get_hexa()` is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI (Generic Security Service Application Program Interface) authentication if the server's logging verbosity is set to `SSH_LOG_PACKET (3)` or higher. Successful exploitation could lead to a self-Denial of Service of the per-connection daemon process."},{"lang":"es","value":"La función API 'ssh_get_hexa()' es vulnerable cuando se proporciona una entrada de longitud 0 a esta función. Esta función se utiliza internamente en 'ssh_get_fingerprint_hash()' y 'ssh_print_hexa()' (obsoleta), la cual es vulnerable a la misma entrada (la longitud es proporcionada por la aplicación que realiza la llamada).\n\nLa función también se utiliza internamente en el código gssapi para registrar los OID recibidos por el servidor durante la autenticación GSSAPI. Esto podría activarse de forma remota cuando el servidor permite la autenticación GSSAPI y la verbosidad del registro se establece al menos en SSH_LOG_PACKET (3). Esto podría causar un auto-DoS del proceso demonio por conexión."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":4.2}],"cvssMetricV30":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":4.2}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-124"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*","versionEndExcluding":"0.11.4","matchCriteriaId":"68C64024-6979-46E1-A57F-5C0228DC8DAD"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:hardened_images:-:*:*:*:*:*:*:*","matchCriteriaId":"87DEB507-5B64-47D7-9A50-3B87FD1E571F"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*","matchCriteriaId":"932D137F-528B-4526-9A89-CD59FA1AB0FE"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:18160","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:18683","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:7067","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/security/cve/CVE-2026-0966","source":"secalert@redhat.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2433121","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://www.libssh.org/2026/02/10/libssh-0-12-0-and-0-11-4-security-releases/","source":"secalert@redhat.com","tags":["Release Notes"]}]}},{"cve":{"id":"CVE-2026-0967","sourceIdentifier":"secalert@redhat.com","published":"2026-03-26T21:17:00.970","lastModified":"2026-05-19T14:16:36.720","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in libssh. A remote attacker, by controlling client configuration files or known_hosts files, could craft specific hostnames that when processed by the `match_pattern()` function can lead to inefficient regular expression backtracking. This can cause timeouts and resource exhaustion, resulting in a Denial of Service (DoS) for the client."},{"lang":"es","value":"Se encontró una vulnerabilidad en libssh. Un atacante remoto, al controlar los archivos de configuración del cliente o los archivos known_hosts, podría crear nombres de host específicos que, al ser procesados por la función `match_pattern()`, pueden llevar a un retroceso ineficiente de expresiones regulares. Esto puede causar tiempos de espera y agotamiento de recursos, lo que resulta en una denegación de servicio (DoS) para el cliente."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV30":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L","baseScore":2.2,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":0.8,"impactScore":1.4}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1333"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*","versionEndIncluding":"0.11.3","matchCriteriaId":"2366D711-FD0B-4A04-92BA-DE6DA0ED1BCF"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:18160","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:18683","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-0967","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436981","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://www.libssh.org/2026/02/10/libssh-0-12-0-and-0-11-4-security-releases/","source":"secalert@redhat.com","tags":["Release Notes"]}]}},{"cve":{"id":"CVE-2026-0968","sourceIdentifier":"secalert@redhat.com","published":"2026-03-26T21:17:01.150","lastModified":"2026-05-19T14:16:38.457","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in libssh in which a malicious SFTP (SSH File Transfer Protocol) server can exploit this by sending a malformed 'longname' field within an `SSH_FXP_NAME` message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can cause unexpected behavior or lead to a denial of service (DoS) due to application crashes."},{"lang":"es","value":"Se encontró una falla en libssh en la que un servidor SFTP (Protocolo de Transferencia de Archivos SSH) malicioso puede explotar esto enviando un campo 'longname' malformado dentro de un mensaje 'SSH_FXP_NAME' durante una operación de listado de archivos. Esta falta de verificación de nulos puede llevar a leer más allá de la memoria asignada en el heap. Esto puede causar un comportamiento inesperado o llevar a una denegación de servicio (DoS) debido a fallos de la aplicación."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":1.4}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*","versionEndIncluding":"0.11.3","matchCriteriaId":"2366D711-FD0B-4A04-92BA-DE6DA0ED1BCF"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:18160","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:18683","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-0968","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436982","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://www.libssh.org/2026/02/10/libssh-0-12-0-and-0-11-4-security-releases/","source":"secalert@redhat.com","tags":["Release Notes"]}]}},{"cve":{"id":"CVE-2026-2100","sourceIdentifier":"secalert@redhat.com","published":"2026-03-26T21:17:04.247","lastModified":"2026-05-19T14:16:40.380","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states."},{"lang":"es","value":"Se encontró una falla en p11-kit. Un atacante remoto podría explotar esta vulnerabilidad al llamar a la función C_DeriveKey en un token remoto con parámetros específicos del mecanismo de derivación IBM kyber o IBM btc establecidos en NULL. Esto podría llevar al cliente RPC intentando devolver un valor no inicializado, resultando potencialmente en una desreferencia NULL o comportamiento indefinido. Este problema puede causar una denegación de servicio a nivel de aplicación o a otros estados impredecibles del sistema."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-824"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:p11-kit_project:p11-kit:-:*:*:*:*:*:*:*","matchCriteriaId":"EC8CB498-F5D5-4AB6-B33E-404C80966280"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:hardened_images:-:*:*:*:*:*:*:*","matchCriteriaId":"87DEB507-5B64-47D7-9A50-3B87FD1E571F"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:18143","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:18599","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:7065","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-2100","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2437308","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://github.com/p11-glue/p11-kit/pull/740","source":"secalert@redhat.com","tags":["Issue Tracking","Patch"]}]}},{"cve":{"id":"CVE-2026-33559","sourceIdentifier":"vultures@jpcert.or.jp","published":"2026-03-27T06:16:39.160","lastModified":"2026-05-19T15:26:21.840","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"WordPress Plugin \"OpenStreetMap\" provided by MiKa contains a cross-site scripting vulnerability. On the site with the affected version of the plugin enabled, a logged-in user with a page-creating/editing privilege can embed some malicious script with a crafted HTTP request. When a victim user accesses this page, the script may be executed in the user's web browser."}],"metrics":{"cvssMetricV40":[{"source":"vultures@jpcert.or.jp","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV30":[{"source":"vultures@jpcert.or.jp","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"vultures@jpcert.or.jp","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://jvn.jp/en/jp/JVN48058823/","source":"vultures@jpcert.or.jp"},{"url":"https://wordpress.org/plugins/osm/","source":"vultures@jpcert.or.jp"}]}},{"cve":{"id":"CVE-2025-69988","sourceIdentifier":"cve@mitre.org","published":"2026-03-27T15:16:46.017","lastModified":"2026-05-19T18:08:17.823","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"BS Producten Petcam 33.1.0.0818 is vulnerable to Incorrect Access Control. An unauthenticated attacker in physical proximity can associate with this open network. Once connected, the attacker gains access to the camera's private network interface and can retrieve sensitive information, including the live video and audio stream, without providing credentials."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://github.com/victorGoeman/BS-Producten-Petcam-Security-Research/blob/main/CVE-2025-69988.md","source":"cve@mitre.org"},{"url":"https://github.com/victorGoeman/BS-Producten-Petcam-Security-Research/blob/main/CVE-2025-69988.md","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-5010","sourceIdentifier":"cve-coordination@incibe.es","published":"2026-03-27T15:17:04.113","lastModified":"2026-05-19T15:43:28.500","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A reflected Cross-Site Scripting (XSS) vulnerability has been discovered in Clickedu. This vulnerability allows an attacker to execute JavaScript code in the victim’s browser by sending them a malicious URL using the endpoint “/user.php/”. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on the user’s behalf."}],"metrics":{"cvssMetricV40":[{"source":"cve-coordination@incibe.es","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"cve-coordination@incibe.es","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/reflected-cross-site-scripting-xss-sanomas-clickedu-0","source":"cve-coordination@incibe.es"}]}},{"cve":{"id":"CVE-2026-5119","sourceIdentifier":"secalert@redhat.com","published":"2026-03-30T07:15:58.350","lastModified":"2026-05-19T22:16:39.120","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential session hijacking or user impersonation."},{"lang":"es","value":"Se encontró una vulnerabilidad en libsoup. Al establecer túneles HTTPS a través de un proxy HTTP configurado, las cookies de sesión sensibles se transmiten en texto claro dentro de la solicitud HTTP CONNECT inicial. Un atacante posicionado en la red o un proxy HTTP malicioso puede interceptar estas cookies, lo que podría conducir al secuestro potencial de la sesión o a la suplantación de identidad del usuario."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":4.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-319"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnome:libsoup:-:*:*:*:*:*:*:*","matchCriteriaId":"C5BAC4F4-3ACD-4F4D-920C-F920FD2C5472"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:13978","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:14087","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:15968","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:17482","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19143","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19356","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-5119","source":"secalert@redhat.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2452932","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://gitlab.gnome.org/GNOME/libsoup/-/issues/502","source":"secalert@redhat.com","tags":["Exploit","Issue Tracking"]}]}},{"cve":{"id":"CVE-2026-3321","sourceIdentifier":"cve-coordination@incibe.es","published":"2026-03-30T14:16:35.420","lastModified":"2026-05-19T15:43:28.500","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability of authorization bypass through user-controlled key in the 'console-survey/api/v1/answer/{EVENTID}/{TIMESTAMP}/' endpoint. Exploiting this vulnerability would allow an unauthenticated attacker to enumerate event IDs and obtain the complete Q&A history. This publicly exposed data may include IDs, private URLs, private messages, internal references, or other sensitive information that should only be exposed to authenticated users. In addition, the leaked content could be exploited to facilitate other malicious activities, such as reconnaissance for lateral movement, exploitation of related systems, or unauthorised access to internal applications referenced in the content of chat messages."},{"lang":"es","value":"Una vulnerabilidad de omisión de autorización a través de una clave controlada por el usuario en el endpoint 'console-survey/api/v1/answer/{EVENTID}/{TIMESTAMP}/'. Explotar esta vulnerabilidad permitiría a un atacante no autenticado enumerar IDs de eventos y obtener el historial completo de preguntas y respuestas. Estos datos expuestos públicamente pueden incluir IDs, URLs privadas, mensajes privados, referencias internas u otra información sensible que solo debería ser expuesta a usuarios autenticados. Además, el contenido filtrado podría ser explotado para facilitar otras actividades maliciosas, como reconocimiento para movimiento lateral, explotación de sistemas relacionados o acceso no autorizado a aplicaciones internas referenciadas en el contenido de los mensajes de chat."}],"metrics":{"cvssMetricV40":[{"source":"cve-coordination@incibe.es","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"cve-coordination@incibe.es","type":"Primary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/authorization-bypass-on24-qa-chat","source":"cve-coordination@incibe.es"}]}},{"cve":{"id":"CVE-2026-4317","sourceIdentifier":"cve-coordination@incibe.es","published":"2026-03-31T10:16:19.153","lastModified":"2026-05-19T15:43:28.500","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SQL inyection (SQLi) vulnerability in Umami Software web application through an improperly sanitized parameter, which could allow an authenticated attacker to execute arbitrary SQL commands in the database.Specifically, they could manipulate the value of the 'timezone' request parameter by including malicious characters and SQL payload. The application would interpolate these values directly into the SQL query without first performing proper filtering or sanitization (e.g., using functions such as 'prisma.rawQuery', 'prisma.$queryRawUnsafe' or raw queries with 'ClickHouse'). The successful explotation of this vulnerability could allow an authenticated attacker to compromiso the data of the database and execute dangerous functions."},{"lang":"es","value":"Vulnerabilidad de inyección SQL (SQLi) en la aplicación web de Umami Software a través de un parámetro incorrectamente saneado, lo que podría permitir a un atacante autenticado ejecutar comandos SQL arbitrarios en la base de datos. Específicamente, podrían manipular el valor del parámetro de solicitud 'timezone' incluyendo caracteres maliciosos y una carga útil SQL. La aplicación interpolaría estos valores directamente en la consulta SQL sin realizar primero un filtrado o saneamiento adecuado (por ejemplo, utilizando funciones como 'prisma.rawQuery', 'prisma.$queryRawUnsafe' o consultas sin procesar con 'ClickHouse'). La explotación exitosa de esta vulnerabilidad podría permitir a un atacante autenticado comprometer los datos de la base de datos y ejecutar funciones peligrosas."}],"metrics":{"cvssMetricV40":[{"source":"cve-coordination@incibe.es","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"cve-coordination@incibe.es","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/sql-inyection-umami-software-application","source":"cve-coordination@incibe.es"}]}},{"cve":{"id":"CVE-2026-35091","sourceIdentifier":"secalert@redhat.com","published":"2026-04-01T14:16:57.040","lastModified":"2026-05-19T22:16:38.140","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead to an out-of-bounds read, causing a denial of service (DoS) and potentially disclosing limited memory contents"}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":4.2}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-253"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:corosync:corosync:-:*:*:*:*:*:*:*","matchCriteriaId":"5008766D-B12C-48F2-A70A-2344860259C2"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift:4.0:*:*:*:*:*:*:*","matchCriteriaId":"5F7E2F04-474D-4196-9CE8-242642990A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:13644","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:13657","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:13673","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:14205","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:14210","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:14211","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:14212","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:14213","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:14214","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:14215","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:14216","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19043","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19200","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-35091","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2453169","source":"secalert@redhat.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2453813","source":"secalert@redhat.com","tags":["Issue Tracking"]}]}},{"cve":{"id":"CVE-2026-35092","sourceIdentifier":"secalert@redhat.com","published":"2026-04-01T14:16:57.237","lastModified":"2026-05-19T22:16:38.373","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leading to a denial of service. This vulnerability specifically affects Corosync deployments configured to use totemudp/totemudpu mode."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:corosync:corosync:-:*:*:*:*:*:*:*","matchCriteriaId":"5008766D-B12C-48F2-A70A-2344860259C2"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift:4.0:*:*:*:*:*:*:*","matchCriteriaId":"5F7E2F04-474D-4196-9CE8-242642990A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:13644","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:13657","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:13673","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:14205","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:14210","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:14211","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:14212","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:14213","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:14214","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:14215","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:14216","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19043","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19200","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-35092","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2453169","source":"secalert@redhat.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2453814","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-35679","sourceIdentifier":"cve@mitre.org","published":"2026-04-05T22:16:01.193","lastModified":"2026-05-19T18:14:16.780","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Zcash zcashd before 6.12.0 allows invalid transactions to be accepted under certain conditions, which potentially could have resulted in the draining of user funds from the Sprout pool. It was sometimes not verifying Sprout proofs."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N","baseScore":3.5,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}]},"weaknesses":[{"source":"cve@mitre.org","type":"Primary","description":[{"lang":"en","value":"CWE-358"}]}],"references":[{"url":"https://github.com/zcash/zcash/commit/db969c63f48f0f9fc518112ed0b7ace1af78b9d0","source":"cve@mitre.org"},{"url":"https://github.com/zcash/zcash/releases/tag/v6.12.0","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-6057","sourceIdentifier":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","published":"2026-04-10T10:16:04.547","lastModified":"2026-05-19T15:35:04.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"FalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability in the file upload API that allows remote attackers to write arbitrary files and achieve remote code execution."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/FalkorDB/falkordb-browser","source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c"},{"url":"https://github.com/FalkorDB/falkordb-browser/pull/1611","source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c"}]}},{"cve":{"id":"CVE-2026-5777","sourceIdentifier":"vdisclose@cert-in.org.in","published":"2026-04-10T12:16:04.480","lastModified":"2026-05-19T15:24:16.840","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"This vulnerability exists in the Atom 3x Projector due to improper exposure of the Android Debug Bridge (ADB) service over the local network without authentication or access controls. An unauthenticated attacker on the same network can exploit this vulnerability to obtain root-level access, leading to complete compromise of the targeted device."}],"metrics":{"cvssMetricV40":[{"source":"vdisclose@cert-in.org.in","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"vdisclose@cert-in.org.in","type":"Primary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2026-0179","source":"vdisclose@cert-in.org.in"}]}},{"cve":{"id":"CVE-2026-33092","sourceIdentifier":"security@acronis.com","published":"2026-04-10T14:16:34.880","lastModified":"2026-05-19T15:05:11.970","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Local privilege escalation due to improper handling of environment variables. The following products are affected: Acronis True Image OEM (macOS) before build 42571, Acronis True Image (macOS) before build 42902."}],"metrics":{"cvssMetricV30":[{"source":"security@acronis.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"security@acronis.com","type":"Primary","description":[{"lang":"en","value":"CWE-15"}]}],"references":[{"url":"https://security-advisory.acronis.com/advisories/SEC-9407","source":"security@acronis.com"}]}},{"cve":{"id":"CVE-2026-31845","sourceIdentifier":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","published":"2026-04-11T19:16:28.537","lastModified":"2026-05-19T15:50:41.340","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A reflected cross-site scripting (XSS) vulnerability exists in Rukovoditel CRM version 3.6.4 and earlier in the Zadarma telephony API endpoint (/api/tel/zadarma.php). The application directly reflects user-supplied input from the 'zd_echo' GET parameter into the HTTP response without proper sanitization, output encoding, or content-type restrictions.\n\nThe vulnerable code is:\n\nif (isset($_GET['zd_echo'])) exit($_GET['zd_echo']);\n\nAn unauthenticated attacker can exploit this issue by crafting a malicious URL containing JavaScript payloads. When a victim visits the link, the payload executes in the context of the application within the victim's browser, potentially leading to session hijacking, credential theft, phishing, or account takeover.\n\nThe issue is fixed in version 3.7, which introduces proper input validation and output encoding to prevent script injection."}],"metrics":{"cvssMetricV40":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.8}],"cvssMetricV2":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:N","baseScore":6.4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://forum.rukovoditel.net/viewtopic.php?p=22499#p22499","source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c"}]}},{"cve":{"id":"CVE-2025-3756","sourceIdentifier":"cybersecurity@ch.abb.com","published":"2026-04-13T18:16:27.887","lastModified":"2026-05-19T15:06:36.883","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability exists in the command handling of the IEC 61850 communication stack included in the product revisions listed as affected in this CVE. An attacker with access to IEC 61850 networks could exploit the vulnera bility by using a specially crafted 61850 packet, forcing the communication interfaces of the PM 877, CI850 and CI868 modules into fault mode or causing unavailability of the S+ Operations 61850 connectivity, resulting in a denial-of-service situation. \n\n\n\n\nThe System 800xA IEC61850 Connect is not affected. Note: This vulnerability does not impact on the overall availability and functionality of the S+ Operations node, only the 61850 communication function.\n\n   \n\n\n\nThis issue affects AC800M (System 800xA): from 6.0.0x through 6.0.0303.0, from 6.1.0x through 6.1.0031.0, from 6.1.1x through 6.1.1004.0, from 6.1.1x through 6.1.1202.0, from 6.2.0x through 6.2.0006.0; Symphony Plus SD Series: A_0, A_1, A_2.003, A_3.005, A_4.001, B_0.005; Symphony Plus MR (Melody Rack): from 3.10 through 3.52; S+ Operations: 2.1, 2.2, 2.3, 3.3."}],"metrics":{"cvssMetricV40":[{"source":"cybersecurity@ch.abb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cybersecurity@ch.abb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"cybersecurity@ch.abb.com","type":"Primary","description":[{"lang":"en","value":"CWE-1284"}]}],"references":[{"url":"https://search.abb.com/library/Download.aspx?DocumentID=7PAA020125&LanguageCode=en&DocumentPartId=&Action=Launch","source":"cybersecurity@ch.abb.com"}]}},{"cve":{"id":"CVE-2026-24069","sourceIdentifier":"551230f0-3615-47bd-b7cc-93e92e730bbf","published":"2026-04-14T12:16:20.247","lastModified":"2026-05-19T15:35:04.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing disabled users to continue accessing the application. Kiuwan Cloud was affected, and Kiuwan SAST on-premise (KOP) was affected before 2.8.2509.4."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}]},"weaknesses":[{"source":"551230f0-3615-47bd-b7cc-93e92e730bbf","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://r.sec-consult.com/kiuwanlock","source":"551230f0-3615-47bd-b7cc-93e92e730bbf"},{"url":"http://seclists.org/fulldisclosure/2026/Apr/5","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-6328","sourceIdentifier":"alibaba-cna@list.alibaba-inc.com","published":"2026-04-15T04:17:48.750","lastModified":"2026-05-19T15:06:00.590","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper input validation, Improper verification of cryptographic signature vulnerability in XQUIC Project XQUIC xquic on Linux (QUIC protocol implementation, packet processing module, STREAM frame handler modules) allows Protocol Manipulation.This issue affects XQUIC: through 1.8.3."}],"metrics":{"cvssMetricV40":[{"source":"alibaba-cna@list.alibaba-inc.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"alibaba-cna@list.alibaba-inc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-347"}]}],"references":[{"url":"https://github.com/alibaba/xquic/commit/4764604a0e487eeb49338b4498aecda2194eae84","source":"alibaba-cna@list.alibaba-inc.com"}]}},{"cve":{"id":"CVE-2026-26291","sourceIdentifier":"vultures@jpcert.or.jp","published":"2026-04-15T05:16:25.597","lastModified":"2026-05-19T15:26:21.840","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Stored cross-site scripting vulnerability exists in GROWI v7.4.6 and earlier. If this vulnerability is exploited, an arbitrary script may be executed in a user's web browser."}],"metrics":{"cvssMetricV40":[{"source":"vultures@jpcert.or.jp","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV30":[{"source":"vultures@jpcert.or.jp","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"vultures@jpcert.or.jp","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://growi.co.jp/news/43/","source":"vultures@jpcert.or.jp"},{"url":"https://jvn.jp/en/jp/JVN62079296/","source":"vultures@jpcert.or.jp"}]}},{"cve":{"id":"CVE-2026-40959","sourceIdentifier":"cve@mitre.org","published":"2026-04-16T01:16:11.617","lastModified":"2026-05-19T18:14:16.780","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":6.0}]},"weaknesses":[{"source":"cve@mitre.org","type":"Primary","description":[{"lang":"en","value":"CWE-829"}]}],"references":[{"url":"https://github.com/luanti-org/luanti/commit/53cef183e2a85a4daff84ac1a9a7946f940da8f8","source":"cve@mitre.org"},{"url":"https://github.com/luanti-org/luanti/commit/8a929dfb97aa08337f49ba1bb96a56d6557dc896","source":"cve@mitre.org"},{"url":"https://github.com/luanti-org/luanti/security/advisories/GHSA-g596-mf82-w8c3","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-6348","sourceIdentifier":"twcert@cert.org.tw","published":"2026-04-16T03:16:30.383","lastModified":"2026-05-19T15:52:30.143","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing authenticated local attackers to execute arbitrary code with SYSTEM privileges on the local machine as well as on all hosts within the environment where the agent is installed."}],"metrics":{"cvssMetricV40":[{"source":"twcert@cert.org.tw","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"twcert@cert.org.tw","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":6.0}]},"weaknesses":[{"source":"twcert@cert.org.tw","type":"Primary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://www.twcert.org.tw/en/cp-139-10840-ba9b9-2.html","source":"twcert@cert.org.tw"},{"url":"https://www.twcert.org.tw/tw/cp-132-10839-2d9a7-1.html","source":"twcert@cert.org.tw"}]}},{"cve":{"id":"CVE-2026-6349","sourceIdentifier":"twcert@cert.org.tw","published":"2026-04-16T03:16:30.660","lastModified":"2026-05-19T15:52:30.143","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The \niSherlock developed by HGiga  has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server."}],"metrics":{"cvssMetricV40":[{"source":"twcert@cert.org.tw","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"twcert@cert.org.tw","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"twcert@cert.org.tw","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://www.twcert.org.tw/en/cp-139-10841-4f504-2.html","source":"twcert@cert.org.tw"},{"url":"https://www.twcert.org.tw/tw/cp-132-10842-3f255-1.html","source":"twcert@cert.org.tw"}]}},{"cve":{"id":"CVE-2026-6350","sourceIdentifier":"twcert@cert.org.tw","published":"2026-04-16T03:16:30.847","lastModified":"2026-05-19T15:52:30.143","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code."}],"metrics":{"cvssMetricV40":[{"source":"twcert@cert.org.tw","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"twcert@cert.org.tw","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"twcert@cert.org.tw","type":"Primary","description":[{"lang":"en","value":"CWE-121"}]}],"references":[{"url":"https://www.twcert.org.tw/en/cp-139-10843-9ff91-2.html","source":"twcert@cert.org.tw"},{"url":"https://www.twcert.org.tw/tw/cp-132-10844-1405d-1.html","source":"twcert@cert.org.tw"}]}},{"cve":{"id":"CVE-2026-6351","sourceIdentifier":"twcert@cert.org.tw","published":"2026-04-16T03:16:31.053","lastModified":"2026-05-19T15:52:30.143","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"MailGates/MailAudit developed by Openfind has a CRLF Injection vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read system files."}],"metrics":{"cvssMetricV40":[{"source":"twcert@cert.org.tw","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"twcert@cert.org.tw","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"twcert@cert.org.tw","type":"Primary","description":[{"lang":"en","value":"CWE-93"}]}],"references":[{"url":"https://www.twcert.org.tw/en/cp-139-10843-9ff91-2.html","source":"twcert@cert.org.tw"},{"url":"https://www.twcert.org.tw/tw/cp-132-10844-1405d-1.html","source":"twcert@cert.org.tw"}]}},{"cve":{"id":"CVE-2026-31843","sourceIdentifier":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","published":"2026-04-16T13:16:48.473","lastModified":"2026-05-19T15:50:41.340","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The goodoneuz/pay-uz Laravel package (<= 2.2.24) contains a critical vulnerability in the /payment/api/editable/update endpoint that allows unauthenticated attackers to overwrite existing PHP payment hook files. The endpoint is exposed via Route::any() without authentication middleware, enabling remote access without credentials. User-controlled input is directly written into executable PHP files using file_put_contents(). These files are later executed via require() during normal payment processing workflows, resulting in remote code execution under default application behavior. The payment secret token mentioned by the vendor is unrelated to this endpoint and does not mitigate the vulnerability."}],"metrics":{"cvssMetricV40":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://github.com/goodoneuz/pay-uz/blob/master/src/Http/Controllers/ApiController.php","source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c"},{"url":"https://github.com/goodoneuz/pay-uz/blob/master/src/routes/web.php","source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c"},{"url":"https://github.com/shaxzodbek-uzb/pay-uz","source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c"},{"url":"https://packagist.org/packages/goodoneuz/pay-uz","source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c"}]}},{"cve":{"id":"CVE-2026-41113","sourceIdentifier":"cve@mitre.org","published":"2026-04-16T22:16:39.103","lastModified":"2026-05-19T18:14:16.780","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"sagredo qmail before 2026.04.07 allows tls_quit remote code execution because of popen in notlshosts_auto in qmail-remote.c."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://blog.calif.io/p/we-asked-claude-to-audit-sagredos","source":"cve@mitre.org"},{"url":"https://github.com/califio/publications/tree/main/MADBugs/qmail","source":"cve@mitre.org"},{"url":"https://github.com/sagredo-dev/qmail/commit/749f607f6885e3d01b36f2647d7a1db88f1ef741","source":"cve@mitre.org"},{"url":"https://github.com/sagredo-dev/qmail/pull/42","source":"cve@mitre.org"},{"url":"https://github.com/sagredo-dev/qmail/releases/tag/v2026.04.07","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/04/18/5","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2024-7083","sourceIdentifier":"contact@wpscan.com","published":"2026-04-20T07:16:14.707","lastModified":"2026-05-19T15:46:09.570","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Email Encoder  WordPress plugin before 2.3.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N","baseScore":3.5,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":0.9,"impactScore":2.5}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://wpscan.com/vulnerability/7aeb6891-e159-4ed8-b1a9-a551140c9fcc/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-5958","sourceIdentifier":"cvd@cert.pl","published":"2026-04-20T12:16:08.433","lastModified":"2026-05-19T15:17:37.183","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"When sed is invoked with both -i (in-place edit) and --follow-symlinks, the function open_next_file() performs two separate, non-atomic filesystem operations on the same path: \n1. resolves symlink to its target and stores the resolved path for determining when output is written,\n2. opens the original symlink path (not the resolved one) to read the file. \nBetween these two calls there is a race window. If an attacker atomically replaces the symlink with a different target during that window, sed will: read content from the new (attacker-chosen) symlink target and write the processed result to the path recorded in step 1. This can lead to arbitrary file overwrite with attacker-controlled content in the context of the sed process.\n\n\nThis issue was fixed in version 4.10."}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Secondary","description":[{"lang":"en","value":"CWE-367"}]}],"references":[{"url":"https://cert.pl/en/posts/2026/04/CVE-2026-5958","source":"cvd@cert.pl"},{"url":"https://www.gnu.org/software/sed/","source":"cvd@cert.pl"},{"url":"http://www.openwall.com/lists/oss-security/2026/05/13/1","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-5965","sourceIdentifier":"twcert@cert.org.tw","published":"2026-04-21T04:16:13.443","lastModified":"2026-05-19T15:52:30.143","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"NewSoftOA developed by NewSoft has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server."}],"metrics":{"cvssMetricV40":[{"source":"twcert@cert.org.tw","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"twcert@cert.org.tw","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"twcert@cert.org.tw","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://www.twcert.org.tw/en/cp-139-10857-c46f7-2.html","source":"twcert@cert.org.tw"},{"url":"https://www.twcert.org.tw/tw/cp-132-10856-4979f-1.html","source":"twcert@cert.org.tw"}]}},{"cve":{"id":"CVE-2025-13826","sourceIdentifier":"cve-coordination@incibe.es","published":"2026-04-21T09:16:06.087","lastModified":"2026-05-19T15:43:28.500","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Zervit's portable HTTP/web server is vulnerable to remote DoS attacks when a configuration reset request is made. The vulnerability is caused by inadequate validation of user-supplied input. An attacker can exploit this vulnerability by sending malicious requests. If the vulnerability is successfully exploited, the application can be made to stop responding, resulting in a DoS condition. It is possible to manually restart the application."}],"metrics":{"cvssMetricV40":[{"source":"cve-coordination@incibe.es","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:D/RE:L/U:X","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"LOW","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"cve-coordination@incibe.es","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/incorrect-input-validation-zervit-portable-httpweb-server","source":"cve-coordination@incibe.es"}]}},{"cve":{"id":"CVE-2026-3317","sourceIdentifier":"cve-coordination@incibe.es","published":"2026-04-21T10:16:30.623","lastModified":"2026-05-19T15:43:28.500","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Reflected Cross-Site Scripting (XSS) vulnerability in Navigate Content Management System. The vulnerability is present in the '/blog' endpoint because user input is not properly sanitized through designed query parameters. This results in unsafe HTML rendering, which could allow a remote attacker to execute JavaScript code in the victim's browser."}],"metrics":{"cvssMetricV40":[{"source":"cve-coordination@incibe.es","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"cve-coordination@incibe.es","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/reflected-cross-site-scripting-navigate-cms-application","source":"cve-coordination@incibe.es"}]}},{"cve":{"id":"CVE-2025-10354","sourceIdentifier":"cve-coordination@incibe.es","published":"2026-04-21T15:16:34.290","lastModified":"2026-05-19T15:43:28.500","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-Site Scripting (XSS) vulnerability reflected in Semantic MediaWiki. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL using the '/index.php/Speciaal:GefacetteerdZoeken' endpoint parameter. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user."}],"metrics":{"cvssMetricV40":[{"source":"cve-coordination@incibe.es","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"cve-coordination@incibe.es","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/reflected-cross-site-scripting-xss-semantic-mediawiki","source":"cve-coordination@incibe.es"}]}},{"cve":{"id":"CVE-2025-41029","sourceIdentifier":"cve-coordination@incibe.es","published":"2026-04-21T16:16:19.350","lastModified":"2026-05-19T15:43:28.500","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SQL injection vulnerability in Zeon Academy Pro by Zeon Global Tech. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a POST request using the parameter 'phonenumber' in '/private/continue-upload.php'."}],"metrics":{"cvssMetricV40":[{"source":"cve-coordination@incibe.es","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"cve-coordination@incibe.es","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-zeon-academy-pro-zeon-global-tech","source":"cve-coordination@incibe.es"}]}},{"cve":{"id":"CVE-2026-0539","sourceIdentifier":"vulnerability@ncsc.ch","published":"2026-04-22T14:16:30.317","lastModified":"2026-05-19T15:44:56.380","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect Default Permissions in pcvisit service binary on Windows allows a low-privileged local attacker to escalate their privileges by overwriting the service binary with arbitrary contents. This service binary is automatically launched with NT\\SYSTEM privileges on boot. This issue affects all versions after 22.6.22.1329 and was fixed in 25.12.3.1745."}],"metrics":{"cvssMetricV40":[{"source":"vulnerability@ncsc.ch","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"vulnerability@ncsc.ch","type":"Secondary","description":[{"lang":"en","value":"CWE-276"}]}],"references":[{"url":"https://labs.infoguard.ch/advisories/cve-2026-0539_pcvisit_local-privilege-escalation/","source":"vulnerability@ncsc.ch"},{"url":"https://www.pcvisit.de/kundenbereich/release-notes","source":"vulnerability@ncsc.ch"}]}},{"cve":{"id":"CVE-2026-31435","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-22T14:16:36.710","lastModified":"2026-05-19T22:12:35.560","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Fix read abandonment during retry\n\nUnder certain circumstances, all the remaining subrequests from a read\nrequest will get abandoned during retry.  The abandonment process expects\nthe 'subreq' variable to be set to the place to start abandonment from, but\nit doesn't always have a useful value (it will be uninitialised on the\nfirst pass through the loop and it may point to a deleted subrequest on\nlater passes).\n\nFix the first jump to \"abandon:\" to set subreq to the start of the first\nsubrequest expected to need retry (which, in this abandonment case, turned\nout unexpectedly to no longer have NEED_RETRY set).\n\nAlso clear the subreq pointer after discarding superfluous retryable\nsubrequests to cause an oops if we do try to access it."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12","versionEndExcluding":"6.18.21","matchCriteriaId":"93477C16-86F4-42D8-A83F-3E95FF0B26F8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.11","matchCriteriaId":"4CA2E747-A9EC-4518-9AA2-B4247FC748B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3e5fd8f53b575ff2188f82071da19c977ca56c41","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7e57523490cd2efb52b1ea97f2e0a74c0fb634cd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8f2f2bd128a8d9edbc1e785760da54ada3df69b7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-31436","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-22T14:16:36.843","lastModified":"2026-05-19T22:10:37.267","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc()\n\nAt the end of this function, d is the traversal cursor of flist, but the\ncode completes found instead. This can lead to issues such as NULL pointer\ndereferences, double completion, or descriptor leaks.\n\nFix this by completing d instead of found in the final\nlist_for_each_entry_safe() loop."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.8","versionEndExcluding":"6.12.80","matchCriteriaId":"F1E59CA7-28C1-4587-BC4E-7056631D9864"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.21","matchCriteriaId":"ED39847A-3B46-4729-B7CA-B2C30B9FA8FE"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.11","matchCriteriaId":"4CA2E747-A9EC-4518-9AA2-B4247FC748B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0e4f43779d550e559be13a5cdb763bad92c4cc99","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/82656e8daf8de00935ae91b91bed43f4d6e0d644","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e1c9866173c5f8521f2d0768547a01508cb9ff27","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e21da2ad8844585040fe4b82be1ad2fe99d40074","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-31437","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-22T14:16:36.980","lastModified":"2026-05-19T22:09:14.920","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Fix NULL pointer dereference in netfs_unbuffered_write() on retry\n\nWhen a write subrequest is marked NETFS_SREQ_NEED_RETRY, the retry path\nin netfs_unbuffered_write() unconditionally calls stream->prepare_write()\nwithout checking if it is NULL.\n\nFilesystems such as 9P do not set the prepare_write operation, so\nstream->prepare_write remains NULL. When get_user_pages() fails with\n-EFAULT and the subrequest is flagged for retry, this results in a NULL\npointer dereference at fs/netfs/direct_write.c:189.\n\nFix this by mirroring the pattern already used in write_retry.c: if\nstream->prepare_write is NULL, skip renegotiation and directly reissue\nthe subrequest via netfs_reissue_write(), which handles iterator reset,\nIN_PROGRESS flag, stats update and reissue internally."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.18.17","versionEndExcluding":"6.18.21","matchCriteriaId":"3EF23CE5-8E2E-47D1-9B2C-449AA5BB1870"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19.7","versionEndExcluding":"6.19.11","matchCriteriaId":"0F154E5F-DF7A-4EB9-BAFA-13EC093D679A"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/7a5482f5ce891decbf36f2e6fab1e9fc4a76a684","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a4d1b4ba9754bac3efebd06f583a44a7af52c0ab","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e9075e420a1eb3b52c60f3b95893a55e77419ce8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-31438","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-22T14:16:37.100","lastModified":"2026-05-19T22:08:30.177","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Fix kernel BUG in netfs_limit_iter() for ITER_KVEC iterators\n\nWhen a process crashes and the kernel writes a core dump to a 9P\nfilesystem, __kernel_write() creates an ITER_KVEC iterator. This\niterator reaches netfs_limit_iter() via netfs_unbuffered_write(), which\nonly handles ITER_FOLIOQ, ITER_BVEC and ITER_XARRAY iterator types,\nhitting the BUG() for any other type.\n\nFix this by adding netfs_limit_kvec() following the same pattern as\nnetfs_limit_bvec(), since both kvec and bvec are simple segment arrays\nwith pointer and length fields. Dispatch it from netfs_limit_iter() when\nthe iterator type is ITER_KVEC."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.8","versionEndExcluding":"6.12.80","matchCriteriaId":"F1E59CA7-28C1-4587-BC4E-7056631D9864"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.21","matchCriteriaId":"ED39847A-3B46-4729-B7CA-B2C30B9FA8FE"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.11","matchCriteriaId":"4CA2E747-A9EC-4518-9AA2-B4247FC748B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/00d6df7115f6972370974212de9088087820802e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/18c2e20b42dd21db599e42d05ddaeeb647b2bb6d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4bc2d72c7695cedf6d4e1a558924903c2b28a78e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/67e467a11f62ff64ad219dc6aa5459e132c79d14","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-31439","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-22T14:16:37.240","lastModified":"2026-05-19T21:55:10.253","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: xilinx: xdma: Fix regmap init error handling\n\ndevm_regmap_init_mmio returns an ERR_PTR() upon error, not NULL.\nFix the error check and also fix the error message. Use the error code\nfrom ERR_PTR() instead of the wrong value in ret."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.3","versionEndExcluding":"6.6.131","matchCriteriaId":"858A62AF-CE08-40A8-B117-168DE9269127"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.80","matchCriteriaId":"97EB19EC-A11E-49C6-9D2F-6F6EC6CB98B6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.21","matchCriteriaId":"ED39847A-3B46-4729-B7CA-B2C30B9FA8FE"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.11","matchCriteriaId":"4CA2E747-A9EC-4518-9AA2-B4247FC748B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/4b6e1da50b22e5528b9003f376a3cecccce4decc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/59f6ccd0f3345be2e8a78bdef2103e93f180633a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9787b3d9b908785b40bc3f2e6d7082fdb8fdd98a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e0adbf74e2a0455a6bc9628726ba87bcd0b42bf8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f27197ccfd2ecd2c71f27fd57c6d507e892ad24d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-5749","sourceIdentifier":"cve-coordination@incibe.es","published":"2026-04-22T14:17:05.993","lastModified":"2026-05-19T15:43:28.500","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Inadequate access control in the registration process in Fullstep V5, which could allow unauthenticated users to obtain a valid JWT token with which to interact with authenticated API resources. Successful exploitation of this vulnerability could allow an unauthenticated attacker to compromise the confidentiality of the affected resource, provided they have a valid token with which to interact with the API."}],"metrics":{"cvssMetricV40":[{"source":"cve-coordination@incibe.es","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"cve-coordination@incibe.es","type":"Primary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fullstep","source":"cve-coordination@incibe.es"}]}},{"cve":{"id":"CVE-2025-10549","sourceIdentifier":"551230f0-3615-47bd-b7cc-93e92e730bbf","published":"2026-04-23T07:16:39.720","lastModified":"2026-05-19T15:35:04.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"EfficientLab Controlio before v1.3.95 contains a DLL hijacking vulnerability caused by weak folder permissions in the installation directory. A local attacker can place a specially crafted DLL in this directory and achieve arbitrary code execution with highest privileges, because the affected service runs as NT AUTHORITY\\SYSTEM."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":0.8,"impactScore":4.2}]},"weaknesses":[{"source":"551230f0-3615-47bd-b7cc-93e92e730bbf","type":"Secondary","description":[{"lang":"en","value":"CWE-427"}]}],"references":[{"url":"https://kb.controlio.net/hc/en-us/articles/45777908471185-Client-Update-April-15-2026-ver-1-3-95","source":"551230f0-3615-47bd-b7cc-93e92e730bbf"},{"url":"https://r.sec-consult.com/controlio","source":"551230f0-3615-47bd-b7cc-93e92e730bbf"},{"url":"http://seclists.org/fulldisclosure/2026/Apr/19","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-41040","sourceIdentifier":"vultures@jpcert.or.jp","published":"2026-04-23T07:16:41.070","lastModified":"2026-05-19T15:26:21.840","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"GROWI provided by GROWI, Inc. is vulnerable to a regular expression denial of service (ReDoS) via a crafted input string."}],"metrics":{"cvssMetricV40":[{"source":"vultures@jpcert.or.jp","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV30":[{"source":"vultures@jpcert.or.jp","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"vultures@jpcert.or.jp","type":"Primary","description":[{"lang":"en","value":"CWE-1333"}]}],"references":[{"url":"https://growi.co.jp/news/44/","source":"vultures@jpcert.or.jp"},{"url":"https://jvn.jp/en/jp/JVN46728373/","source":"vultures@jpcert.or.jp"}]}},{"cve":{"id":"CVE-2026-3960","sourceIdentifier":"security@huntr.dev","published":"2026-04-23T10:16:17.813","lastModified":"2026-05-19T21:52:42.523","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The vulnerability arises due to insufficient security controls in the parameter blacklist mechanism, which only targets MySQL JDBC driver-specific dangerous parameters. An attacker can bypass these controls by switching the JDBC URL protocol to jdbc:postgresql: and exploiting PostgreSQL JDBC driver-specific parameters such as socketFactory and socketFactoryArg. This allows unauthenticated attackers to execute arbitrary code on the H2O-3 server with the privileges of the H2O-3 process. The issue is resolved in version 3.46.0.10."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":3.6}]},"weaknesses":[{"source":"security@huntr.dev","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:h2o:h2o:*:*:*:*:*:*:*:*","versionEndExcluding":"3.46.0.10","matchCriteriaId":"53A9A943-C0AC-4312-BF4D-033D14678ED4"}]}]}],"references":[{"url":"https://github.com/h2oai/h2o-3/commit/b9ae2d3c5220db2dc53753357a783e590364d044","source":"security@huntr.dev","tags":["Patch"]},{"url":"https://huntr.com/bounties/6954fe04-b905-453f-8c53-205ac8377e0d","source":"security@huntr.dev","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-6885","sourceIdentifier":"twcert@cert.org.tw","published":"2026-04-23T10:16:18.240","lastModified":"2026-05-19T15:52:30.143","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server."}],"metrics":{"cvssMetricV40":[{"source":"twcert@cert.org.tw","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"twcert@cert.org.tw","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"twcert@cert.org.tw","type":"Primary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://www.twcert.org.tw/en/cp-139-10863-2f48e-2.html","source":"twcert@cert.org.tw"},{"url":"https://www.twcert.org.tw/tw/cp-132-10861-b8709-1.html","source":"twcert@cert.org.tw"}]}},{"cve":{"id":"CVE-2026-6886","sourceIdentifier":"twcert@cert.org.tw","published":"2026-04-23T10:16:18.390","lastModified":"2026-05-19T15:52:30.143","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a Authentication Bypass vulnerability, allowing unauthenticated remote attackers to log into the system as any user."}],"metrics":{"cvssMetricV40":[{"source":"twcert@cert.org.tw","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"twcert@cert.org.tw","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"twcert@cert.org.tw","type":"Primary","description":[{"lang":"en","value":"CWE-1390"}]}],"references":[{"url":"https://www.twcert.org.tw/en/cp-139-10863-2f48e-2.html","source":"twcert@cert.org.tw"},{"url":"https://www.twcert.org.tw/tw/cp-132-10861-b8709-1.html","source":"twcert@cert.org.tw"}]}},{"cve":{"id":"CVE-2026-6887","sourceIdentifier":"twcert@cert.org.tw","published":"2026-04-23T10:16:18.527","lastModified":"2026-05-19T15:52:30.143","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents."}],"metrics":{"cvssMetricV40":[{"source":"twcert@cert.org.tw","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"twcert@cert.org.tw","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"twcert@cert.org.tw","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://www.twcert.org.tw/en/cp-139-10863-2f48e-2.html","source":"twcert@cert.org.tw"},{"url":"https://www.twcert.org.tw/tw/cp-132-10861-b8709-1.html","source":"twcert@cert.org.tw"}]}},{"cve":{"id":"CVE-2026-6903","sourceIdentifier":"vulnerability@ncsc.ch","published":"2026-04-23T10:16:18.680","lastModified":"2026-05-19T15:44:56.380","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The LabOne Web Server, backing the LabOne User Interface, contains insufficient input validation in its file access functionality. An unauthenticated attacker could exploit this vulnerability to read arbitrary files on the host system that are accessible to the operating system user running the LabOne software.\n\nAdditionally, the Web Server does not sufficiently restrict cross-origin requests, which could allow a remote attacker to trigger file access from a victim's browser by directing the victim to a malicious website.\n\nThe vulnerability is only exploitable when the LabOne Web Server is running. Installations using only the LabOne APIs without starting the Web Server are not exposed."}],"metrics":{"cvssMetricV40":[{"source":"vulnerability@ncsc.ch","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"vulnerability@ncsc.ch","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"vulnerability@ncsc.ch","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-346"}]}],"references":[{"url":"https://www.zhinst.com/support/download-center/","source":"vulnerability@ncsc.ch"},{"url":"https://www.zhinst.com/support/security/2026/zi-sa-2026-001/","source":"vulnerability@ncsc.ch"}]}},{"cve":{"id":"CVE-2026-6947","sourceIdentifier":"twcert@cert.org.tw","published":"2026-04-24T04:16:23.170","lastModified":"2026-05-19T15:52:30.143","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"DWM-222W USB Wi-Fi Adapter developed by D-Link has a Brute-Force Protection Bypass vulnerability, allowing unauthenticated adjacent network attackers to bypass login attempt limits to perform brute-force attacks to gain control over the device."}],"metrics":{"cvssMetricV40":[{"source":"twcert@cert.org.tw","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"twcert@cert.org.tw","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"twcert@cert.org.tw","type":"Primary","description":[{"lang":"en","value":"CWE-307"}]}],"references":[{"url":"https://www.twcert.org.tw/en/cp-139-10865-de323-2.html","source":"twcert@cert.org.tw"},{"url":"https://www.twcert.org.tw/tw/cp-132-10864-944b1-1.html","source":"twcert@cert.org.tw"}]}},{"cve":{"id":"CVE-2026-31574","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-24T15:16:32.020","lastModified":"2026-05-19T14:22:43.347","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nclockevents: Add missing resets of the next_event_forced flag\n\nThe prevention mechanism against timer interrupt starvation missed to reset\nthe next_event_forced flag in a couple of places:\n\n    - When the clock event state changes. That can cause the flag to be\n      stale over a shutdown/startup sequence\n\n    - When a non-forced event is armed, which then prevents rearming before\n      that event. If that event is far out in the future this will cause\n      missed timer interrupts.\n\n    - In the suspend wakeup handler.\n\nThat led to stalls which have been reported by several people.\n\nAdd the missing resets, which fixes the problems for the reporters."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:-:*:*:*:*:*:*","matchCriteriaId":"EF897730-3F1E-47A2-8B07-22535202C487"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/4096fd0e8eaea13ebe5206700b33f49635ae18e5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9401b593fa48218d2667df1610b0ebc518554880","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-42363","sourceIdentifier":"0df08a0e-a200-4957-9bb0-084f562506f9","published":"2026-04-27T00:16:20.357","lastModified":"2026-05-19T15:22:14.957","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability.\n\n\nWhen interacting with various Geovision devices on the network, the utility may send privileged commands; in order to do so, the username and password of the device need to be provided. In some instances the command is broadcasted over UDP and the username/password are encrypted using a cryptographic protocol that appears to be derivated from Blowfish. However the symmetric key used for the encryption is also included in the packet, and thus the security of the username/password only relies on the \"obscurity\" of the encryption scheme. An attacker on the same LAN can listen to the broadcast traffic once an admin user interacts with the device, and decrypt the credentials using their own implementation of the algorithm. With this password the attacker would have full control over the device configuration, allowing them to change its ip address or even reset it to factory default."}],"metrics":{"cvssMetricV31":[{"source":"0df08a0e-a200-4957-9bb0-084f562506f9","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.8}]},"weaknesses":[{"source":"0df08a0e-a200-4957-9bb0-084f562506f9","type":"Secondary","description":[{"lang":"en","value":"CWE-656"}]}],"references":[{"url":"https://talosintelligence.com/vulnerability_reports/","source":"0df08a0e-a200-4957-9bb0-084f562506f9"},{"url":"https://www.geovision.com.tw/cyber_security.php","source":"0df08a0e-a200-4957-9bb0-084f562506f9"}]}},{"cve":{"id":"CVE-2026-22077","sourceIdentifier":"security@oppo.com","published":"2026-04-27T08:16:01.120","lastModified":"2026-05-19T15:29:06.417","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"OPPO Wallet APP contains a trusted domain validation flaw that allows attackers to bypass protected interface access restrictions, which may lead to account token hijacking and sensitive information disclosure."}],"metrics":{"cvssMetricV40":[{"source":"security@oppo.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:D/RE:L/U:Amber","baseScore":5.6,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"AUTOMATIC","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"LOW","providerUrgency":"AMBER"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-346"}]}],"references":[{"url":"https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-2048652556296790016","source":"security@oppo.com"}]}},{"cve":{"id":"CVE-2025-15626","sourceIdentifier":"db4dfee8-a97e-4877-bfae-eba6d14a2166","published":"2026-04-27T14:16:21.513","lastModified":"2026-05-19T15:30:46.070","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Authenticated user can bypass authorization in Ribblr - Crochet & Knitting iOS application"}],"metrics":{"cvssMetricV40":[{"source":"db4dfee8-a97e-4877-bfae-eba6d14a2166","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"db4dfee8-a97e-4877-bfae-eba6d14a2166","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://ribblr.com/","source":"db4dfee8-a97e-4877-bfae-eba6d14a2166"}]}},{"cve":{"id":"CVE-2026-3325","sourceIdentifier":"cve-coordination@incibe.es","published":"2026-04-29T09:16:24.130","lastModified":"2026-05-19T15:43:28.500","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SQL injection (SQLi) in MegaCMS v12.0.0, specifically in the “id_territorio” parameter of the “/web_comunications/cms/get_provincias” endpoint. The vulnerability arises from inadequate validation and sanitisation of user input. Specifically, via a POST request, the “id_territorio” parameter, used immediately after the registration form is submitted, could be manipulated by an unauthenticated attacker to execute arbitrary SQL queries."}],"metrics":{"cvssMetricV40":[{"source":"cve-coordination@incibe.es","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"cve-coordination@incibe.es","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-megacms-crm-sistemas-de-fidelizacion","source":"cve-coordination@incibe.es"}]}},{"cve":{"id":"CVE-2026-25852","sourceIdentifier":"security@acronis.com","published":"2026-04-29T15:16:05.313","lastModified":"2026-05-19T15:05:11.970","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212."}],"metrics":{"cvssMetricV30":[{"source":"security@acronis.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":5.9}]},"weaknesses":[{"source":"security@acronis.com","type":"Primary","description":[{"lang":"en","value":"CWE-427"}]}],"references":[{"url":"https://security-advisory.acronis.com/advisories/SEC-7217","source":"security@acronis.com"}]}},{"cve":{"id":"CVE-2026-41220","sourceIdentifier":"security@acronis.com","published":"2026-04-29T15:16:05.950","lastModified":"2026-05-19T15:05:11.970","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Local privilege escalation due to improper input validation. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212, Acronis Cyber Protect Cloud Agent (Windows) before build 42183."}],"metrics":{"cvssMetricV30":[{"source":"security@acronis.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"security@acronis.com","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"references":[{"url":"https://security-advisory.acronis.com/advisories/SEC-10296","source":"security@acronis.com"}]}},{"cve":{"id":"CVE-2026-41952","sourceIdentifier":"security@acronis.com","published":"2026-04-29T15:16:06.417","lastModified":"2026-05-19T15:05:11.970","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Local privilege escalation due to improper input validation. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212, Acronis Cyber Protect Cloud Agent (Windows) before build 42183."}],"metrics":{"cvssMetricV30":[{"source":"security@acronis.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"security@acronis.com","type":"Primary","description":[{"lang":"en","value":"CWE-123"}]}],"references":[{"url":"https://security-advisory.acronis.com/advisories/SEC-7790","source":"security@acronis.com"}]}},{"cve":{"id":"CVE-2026-7701","sourceIdentifier":"cna@vuldb.com","published":"2026-05-03T16:15:57.757","lastModified":"2026-05-19T15:16:32.720","vulnStatus":"Deferred","cveTags":[{"sourceIdentifier":"cna@vuldb.com","tags":["disputed"]}],"descriptions":[{"lang":"en","value":"A security vulnerability has been detected in Telegram Desktop up to 6.7.5. This vulnerability affects the function RequestButton of the file Telegram/SourceFiles/boxes/url_auth_box.cpp of the component Bot API. The manipulation of the argument login_url leads to null pointer dereference. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. There is ongoing doubt regarding the real existence of this vulnerability. Upgrading to version 6.7.6 is able to resolve this issue. Upgrading the affected component is recommended. The vendor provides this rationale for the dispute: \"[T]he described scenario does not lead to any security issue or vulnerability, and only causes a one-time crash. In the outlined scenario, the targeted user must perform an active action, which doesn't produce any consequences after the app is relaunched.\""}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-404"},{"lang":"en","value":"CWE-476"}]}],"references":[{"url":"https://vuldb.com/submit/804341","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/360870","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/360870/cti","source":"cna@vuldb.com"},{"url":"https://www.youtube.com/watch?v=xo9Bplsy1K8","source":"cna@vuldb.com"},{"url":"https://www.youtube.com/watch?v=xo9Bplsy1K8","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-42369","sourceIdentifier":"0df08a0e-a200-4957-9bb0-084f562506f9","published":"2026-05-04T01:16:04.153","lastModified":"2026-05-19T15:22:14.957","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"GV-VMS V20 is a Video Monitoring Software used to gather the feeds of many surveillance cameras and manage other security devices. It is a native application accessed locally, but it is also possible to enable remote access via the \"WebCam Server\" feature.  Once enabled, it is possible to access to the management and monitoring feature via a regular Web interface. This webersever is another native application, compiled without ASLR, which makes exploitation much easier and more likely. \n\n\n\nMost of the features require authentication before being reachable and leverage a standard login page to grant access. However the `gvapi` endpoint uses its own authentication mechanism via an `HTTP Authorization` header. It supports both `Basic` authentication and the `Digest` modes of authentication.  \n\n\n\n#### Stack-overflow via unbound copy of base64 decoded string\n\nThe `b64decoder` string is sized dynamically, but it is then copied to the `Buffer` stack variable one character at the time at [0], and there's no bound-check. As such, if the decoded string is bigger than 256 characters (the size of the `Buffer` variable) then a stack overflow occurs. Because the data can be fully controlled by an attacker and lack of ASLR, this vulnerability can easily be exploited to gain full code execution as SYSTEM on the machine running the service."}],"metrics":{"cvssMetricV31":[{"source":"0df08a0e-a200-4957-9bb0-084f562506f9","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}]},"weaknesses":[{"source":"0df08a0e-a200-4957-9bb0-084f562506f9","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"references":[{"url":"https://https://talosintelligence.com/vulnerability_reports/","source":"0df08a0e-a200-4957-9bb0-084f562506f9"},{"url":"https://www.geovision.com.tw/cyber_security.php","source":"0df08a0e-a200-4957-9bb0-084f562506f9"}]}},{"cve":{"id":"CVE-2026-7841","sourceIdentifier":"0df08a0e-a200-4957-9bb0-084f562506f9","published":"2026-05-06T08:16:04.490","lastModified":"2026-05-19T15:22:14.957","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A remote code execution vulnerability\nexists in Notification Settings on GeoVision GV-ASWeb 6.2.0. An authenticated\nuser with System Setting permissions can execute arbitrary commands on the\nserver by sending a crafted HTTP POST request to the ASWebCommon.srf backend\nendpoint to bypass the frontend restrictions."}],"metrics":{"cvssMetricV31":[{"source":"0df08a0e-a200-4957-9bb0-084f562506f9","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"0df08a0e-a200-4957-9bb0-084f562506f9","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://www.geovision.com.tw/cyber_security.php","source":"0df08a0e-a200-4957-9bb0-084f562506f9"}]}},{"cve":{"id":"CVE-2026-43090","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-06T10:16:22.313","lastModified":"2026-05-19T20:44:03.047","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: fix refcount leak in xfrm_migrate_policy_find\n\nsyzkaller reported a memory leak in xfrm_policy_alloc:\n\n  BUG: memory leak\n  unreferenced object 0xffff888114d79000 (size 1024):\n    comm \"syz.1.17\", pid 931\n    ...\n    xfrm_policy_alloc+0xb3/0x4b0 net/xfrm/xfrm_policy.c:432\n\nThe root cause is a double call to xfrm_pol_hold_rcu() in\nxfrm_migrate_policy_find(). The lookup function already returns\na policy with held reference, making the second call redundant.\n\nRemove the redundant xfrm_pol_hold_rcu() call to fix the refcount\nimbalance and prevent the memory leak.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12","versionEndExcluding":"6.12.83","matchCriteriaId":"A8BAD957-8E20-401C-A129-DFF3655CA0B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.24","matchCriteriaId":"8126B8B8-6D0B-4443-86C1-672AEE893555"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.14","matchCriteriaId":"D6A8A074-BBF4-4803-ABED-519A839435BB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*","matchCriteriaId":"512EE3A8-A590-4501-9A94-5D4B268D6138"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/21e235a36cfb6d145cefb10728f12f5dc5412f54","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/70c2a89a3bc207c3bfbf6f21bb439809e0a4a27a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/83317cce60a032c49480dcdabe146435bd689d03","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/836ee1b0426ea3db31531e9581cc32f513d24e32","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43091","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-06T10:16:22.433","lastModified":"2026-05-19T20:42:35.963","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: Wait for RCU readers during policy netns exit\n\nxfrm_policy_fini() frees the policy_bydst hash tables after flushing the\npolicy work items and deleting all policies, but it does not wait for\nconcurrent RCU readers to leave their read-side critical sections first.\n\nThe policy_bydst tables are published via rcu_assign_pointer() and are\nlooked up through rcu_dereference_check(), so netns teardown must also\nwait for an RCU grace period before freeing the table memory.\n\nFix this by adding synchronize_rcu() before freeing the policy hash tables."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9","versionEndExcluding":"6.6.136","matchCriteriaId":"F2AB5131-D1D3-4634-BAD0-DCDA846721A3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.83","matchCriteriaId":"7F0AE5B5-23AC-4DCC-B37A-51CA1DAE7BA8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.24","matchCriteriaId":"8126B8B8-6D0B-4443-86C1-672AEE893555"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.14","matchCriteriaId":"D6A8A074-BBF4-4803-ABED-519A839435BB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*","matchCriteriaId":"512EE3A8-A590-4501-9A94-5D4B268D6138"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/069daad4f2ae9c5c108131995529d5f02392c446","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/33a3149dd81a1e2f52b80ee1e0fc380b39f3d028","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3733fce2871c9bca9dd18a1a23b1432ea215a094","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/438b1f668ad58f46ce699bb48e4698a7839e3f9e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b66920a3348c0f63ba18365248fa21fbf0b3a937","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43092","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-06T10:16:22.550","lastModified":"2026-05-19T20:41:46.020","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: validate MTU against usable frame size on bind\n\nAF_XDP bind currently accepts zero-copy pool configurations without\nverifying that the device MTU fits into the usable frame space provided\nby the UMEM chunk.\n\nThis becomes a problem since we started to respect tailroom which is\nsubtracted from chunk_size (among with headroom). 2k chunk size might\nnot provide enough space for standard 1500 MTU, so let us catch such\nsettings at bind time. Furthermore, validate whether underlying HW will\nbe able to satisfy configured MTU wrt XSK's frame size multiplied by\nsupported Rx buffer chain length (that is exposed via\nnet_device::xdp_zc_max_segs)."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6","versionEndExcluding":"6.6.136","matchCriteriaId":"D1C8822E-08AF-49C3-8A31-F806E5FAE5E7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.83","matchCriteriaId":"7F0AE5B5-23AC-4DCC-B37A-51CA1DAE7BA8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.24","matchCriteriaId":"8126B8B8-6D0B-4443-86C1-672AEE893555"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.14","matchCriteriaId":"D6A8A074-BBF4-4803-ABED-519A839435BB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*","matchCriteriaId":"512EE3A8-A590-4501-9A94-5D4B268D6138"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/25e1e91a8da819924df0b16e3812d7b24c8ce133","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/36ee60b569ba0dfb6f961333b90d19ab5b323fa9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a55793e5a97d4e39bdb380873a9780fe0010bff6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b2f4daa6422fd6cc0cec969794dab4a88ea4cea1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f669d60db11dbabb96279f2b20f9d1cba43cddb2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43093","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-06T10:16:22.667","lastModified":"2026-05-19T20:40:28.657","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: tighten UMEM headroom validation to account for tailroom and min frame\n\nThe current headroom validation in xdp_umem_reg() could leave us with\ninsufficient space dedicated to even receive minimum-sized ethernet\nframe. Furthermore if multi-buffer would come to play then\nskb_shared_info stored at the end of XSK frame would be corrupted.\n\nHW typically works with 128-aligned sizes so let us provide this value\nas bare minimum.\n\nMulti-buffer setting is known later in the configuration process so\nbesides accounting for 128 bytes, let us also take care of tailroom space\nupfront."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.118","versionEndExcluding":"4.20","matchCriteriaId":"C1D66A78-E0DD-4D66-9446-03DE28F5FE2F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.35","versionEndExcluding":"5.5","matchCriteriaId":"4ED55BB9-F8CA-4CCD-94DD-BC6F5E60E5D9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6.7","versionEndExcluding":"5.7","matchCriteriaId":"30A44027-1F59-4AF5-B227-86E61A43A865"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7.1","versionEndExcluding":"6.6.136","matchCriteriaId":"1D0E985F-975A-4107-B163-94D4DCD5FD9B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.83","matchCriteriaId":"7F0AE5B5-23AC-4DCC-B37A-51CA1DAE7BA8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.24","matchCriteriaId":"8126B8B8-6D0B-4443-86C1-672AEE893555"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.14","matchCriteriaId":"D6A8A074-BBF4-4803-ABED-519A839435BB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.7:-:*:*:*:*:*:*","matchCriteriaId":"3D23CE42-BDB2-4216-8495-230ABE98FCDD"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.7:rc2:*:*:*:*:*:*","matchCriteriaId":"2AAE09B2-58C0-42B8-ACDA-578904723270"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.7:rc3:*:*:*:*:*:*","matchCriteriaId":"59EEFC0E-2E5A-4113-A58D-2EE2CC7CFA3B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.7:rc4:*:*:*:*:*:*","matchCriteriaId":"3CC0A9A2-D528-49AA-AB7F-37C5EA7AB76D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.7:rc5:*:*:*:*:*:*","matchCriteriaId":"512FF86F-0B8C-4DEB-9041-8BD384DD2E58"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.7:rc6:*:*:*:*:*:*","matchCriteriaId":"F1AB4A11-C03C-4ABB-B596-0EB3B0F1A8DF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.7:rc7:*:*:*:*:*:*","matchCriteriaId":"9D26AE9C-D49F-4FE9-8A6A-5A7199B7436E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*","matchCriteriaId":"512EE3A8-A590-4501-9A94-5D4B268D6138"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0ec4d3f6e6934deb843b561ae048cd17218e5ad1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6523bc1b40e69301f24c14338b762af4739d6d39","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9ea6ba4f3195dcba6e8b3e7b2e748593b7cafb12","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a03975beb9f6af0d8ac051e30b2abeabe618414f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a315e022a72d95ef5f1d4e58e903cb492b0ad931","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43094","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-06T10:16:22.790","lastModified":"2026-05-19T20:38:59.263","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nixgbevf: add missing negotiate_features op to Hyper-V ops table\n\nCommit a7075f501bd3 (\"ixgbevf: fix mailbox API compatibility by\nnegotiating supported features\") added the .negotiate_features callback\nto ixgbe_mac_operations and populated it in ixgbevf_mac_ops, but forgot\nto add it to ixgbevf_hv_mac_ops. This leaves the function pointer NULL\non Hyper-V VMs.\n\nDuring probe, ixgbevf_negotiate_api() calls ixgbevf_set_features(),\nwhich unconditionally dereferences hw->mac.ops.negotiate_features().\nOn Hyper-V this results in a NULL pointer dereference:\n\n  BUG: kernel NULL pointer dereference, address: 0000000000000000\n  [...]\n  Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine [...]\n  Workqueue: events work_for_cpu_fn\n  RIP: 0010:0x0\n  [...]\n  Call Trace:\n   ixgbevf_negotiate_api+0x66/0x160 [ixgbevf]\n   ixgbevf_sw_init+0xe4/0x1f0 [ixgbevf]\n   ixgbevf_probe+0x20f/0x4a0 [ixgbevf]\n   local_pci_probe+0x50/0xa0\n   work_for_cpu_fn+0x1a/0x30\n   [...]\n\nAdd ixgbevf_hv_negotiate_features_vf() that returns -EOPNOTSUPP and\nwire it into ixgbevf_hv_mac_ops. The caller already handles -EOPNOTSUPP\ngracefully."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.158","versionEndExcluding":"6.2","matchCriteriaId":"269CADBB-7B11-43CF-9BF8-954B5BBE3FC9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.114","versionEndExcluding":"6.6.136","matchCriteriaId":"3B4693AB-5652-430E-AA6D-D6005BC338E1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12.55","versionEndExcluding":"6.12.83","matchCriteriaId":"BC685D6B-EAAE-4AB3-B934-49C67FD3333D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.17.5","versionEndExcluding":"6.18","matchCriteriaId":"27929282-2519-484B-B04C-5B62B31FBC5E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.18.1","versionEndExcluding":"6.18.24","matchCriteriaId":"A96857B3-E61E-41C6-AEFD-BCF93E7D64AC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.14","matchCriteriaId":"D6A8A074-BBF4-4803-ABED-519A839435BB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.18:-:*:*:*:*:*:*","matchCriteriaId":"DCE57113-2223-4308-A0F2-5E6ECFBB3C23"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.18:rc2:*:*:*:*:*:*","matchCriteriaId":"A8A65C5A-918F-4E0B-8E98-08A29FFBA58A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.18:rc3:*:*:*:*:*:*","matchCriteriaId":"26CA425A-E44F-49D2-92D9-1DDD56398440"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.18:rc4:*:*:*:*:*:*","matchCriteriaId":"BEEBB43A-4C9F-46BE-AA6D-9DBFD2244E55"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.18:rc5:*:*:*:*:*:*","matchCriteriaId":"2545FB83-C4A6-4F62-9ED1-09F75D2E3C78"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.18:rc6:*:*:*:*:*:*","matchCriteriaId":"E955EC5D-4684-4B5D-AE4D-F2BF9ADDBA1D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.18:rc7:*:*:*:*:*:*","matchCriteriaId":"38C4D89F-9A13-4D29-8645-C9785C142C07"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*","matchCriteriaId":"512EE3A8-A590-4501-9A94-5D4B268D6138"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1455ff8809843e6e83f1f5b5c0bcc2224c99a3cb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2270ebab53128fb73c4a70a292be09094074737f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4821d563cd7f251ae728be1a6d04af82a294a5b9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4db7b61ec1d1b2b67c0881b62fc4f9583bc21484","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d8a747057a17ffc79e31df1abb11d05e1669d8e5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43095","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-06T10:16:22.913","lastModified":"2026-05-19T20:20:42.227","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SDCA: Fix errors in IRQ cleanup\n\nIRQs are enabled through sdca_irq_populate() from component probe\nusing devm_request_threaded_irq(), this however means the IRQs can\npersist if the sound card is torn down. Some of the IRQ handlers\nstore references to the card and the kcontrols which can then\nfail. Some detail of the crash was explained in [1].\n\nGenerally it is not advised to use devm outside of bus probe, so\nthe code is updated to not use devm. The IRQ requests are not moved\nto bus probe time as it makes passing the snd_soc_component into\nthe IRQs very awkward and would the require a second step once the\ncomponent is available, so it is simpler to just register the IRQs\nat this point, even though that necessitates some manual cleanup."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.17.1","versionEndExcluding":"6.19.14","matchCriteriaId":"22CB17E9-BDA0-4794-A588-7A955EDB9A83"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.17:-:*:*:*:*:*:*","matchCriteriaId":"7CC8B11D-82DC-4958-8DC7-BF5CC829A5E9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*","matchCriteriaId":"512EE3A8-A590-4501-9A94-5D4B268D6138"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/4e53116437e919c4b9a9d95fb73ae14fe0cfc8f9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b022da127bd9d2217e8f285e643caf5aff6f7f14","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43096","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-06T10:16:23.027","lastModified":"2026-05-19T20:20:13.650","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmshv: Fix infinite fault loop on permission-denied GPA intercepts\n\nPrevent infinite fault loops when guests access memory regions without\nproper permissions. Currently, mshv_handle_gpa_intercept() attempts to\nremap pages for all faults on movable memory regions, regardless of\nwhether the access type is permitted. When a guest writes to a read-only\nregion, the remap succeeds but the region remains read-only, causing\nimmediate re-fault and spinning the vCPU indefinitely.\n\nValidate intercept access type against region permissions before\nattempting remaps. Reject writes to non-writable regions and executes to\nnon-executable regions early, returning false to let the VMM handle the\nintercept appropriately.\n\nThis also closes a potential DoS vector where malicious guests could\nintentionally trigger these fault loops to consume host resources."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-835"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.14","matchCriteriaId":"D6A8A074-BBF4-4803-ABED-519A839435BB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*","matchCriteriaId":"512EE3A8-A590-4501-9A94-5D4B268D6138"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/02226839079ccc558820a3b25c4c46812927b4ba","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/16cbec24897624051b324aa3a85859c38ca65fde","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-42278","sourceIdentifier":"security-advisories@github.com","published":"2026-05-08T05:16:10.900","lastModified":"2026-05-19T18:19:44.153","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"UltraDAG is a minimal DAG-BFT blockchain in Rust. Prior to commit fb6ef59, the UltraDAG StateEngine implementation of SmartTransferTx contains a critical logic flaw in its policy enforcement pipeline. When a transaction originates from a \"Pocket\" (a derived sub-address documented in the protocol as a way to organize funds), the engine fails to resolve the pocket's parent account before checking the spending policy. Because pockets are \"virtual\" addresses that exist only as entries in the pocket_to_parent map and do not have their own SmartAccountConfig entries, the check_spending_policy method defaults to an \"authorized/no policy\" result. This allow any user (or attacker in possession of a parent key) to instantly drain every pocket on an account, even if the parent account has a strict 24-hour vault delay or a 1 UDAG daily limit. This issue has been patched via commit fb6ef59."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"},{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/UltraDAGcom/core/commit/fb6ef59d6c1385400e7acea7ae31fc6a473c3051","source":"security-advisories@github.com"},{"url":"https://github.com/UltraDAGcom/core/security/advisories/GHSA-9chc-gjfr-6hrq","source":"security-advisories@github.com"},{"url":"https://github.com/UltraDAGcom/core/security/advisories/GHSA-9chc-gjfr-6hrq","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-43379","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:49.100","lastModified":"2026-05-19T19:56:32.510","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix use-after-free in smb_lazy_parent_lease_break_close()\n\nopinfo pointer obtained via rcu_dereference(fp->f_opinfo) is being\naccessed after rcu_read_unlock() has been called. This creates a\nrace condition where the memory could be freed by a concurrent\nwriter between the unlock and the subsequent pointer dereferences\n(opinfo->is_lease, etc.), leading to a use-after-free."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.32","versionEndExcluding":"6.6.130","matchCriteriaId":"D1E711D7-AEFA-4401-A4BA-765B56DBA77E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.9","versionEndExcluding":"6.12.78","matchCriteriaId":"D1D90B78-24E3-418D-A238-3FE23C32239B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/960699317d39f46611f4ebeb69edc567c1f4e6b6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b3568347c51c46e2cabc356bc34676df98296619","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bf4d66d72e4a9e268c1012c331ce9eaedb5e2086","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/dbbd328cf58261ca239756fe1c0d10c9518d3399","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/eac3361e3d5dd8067b3258c69615888eb45e9f25","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-42346","sourceIdentifier":"security-advisories@github.com","published":"2026-05-08T23:16:37.903","lastModified":"2026-05-19T18:19:44.153","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Postiz is an AI social media scheduling tool. From version 2.16.6 to before version 2.21.7, all SSRF protections added in v2.21.4–v2.21.6 share a fundamental TOCTOU (Time-of-Check-Time-of-Use) vulnerability: isSafePublicHttpsUrl() resolves DNS to validate the target IP, but subsequent fetch() calls resolve DNS independently. An attacker controlling a DNS server can exploit this gap via DNS rebinding to redirect requests to internal network addresses. This issue has been patched in version 2.21.7."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":4.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/gitroomhq/postiz-app/commit/071143dcb01cdeb9d5d7019892f4c6ff7b19dbeb","source":"security-advisories@github.com"},{"url":"https://github.com/gitroomhq/postiz-app/releases/tag/v2.21.7","source":"security-advisories@github.com"},{"url":"https://github.com/gitroomhq/postiz-app/security/advisories/GHSA-f7jj-p389-4w45","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-8212","sourceIdentifier":"cna@vuldb.com","published":"2026-05-09T23:16:33.113","lastModified":"2026-05-19T20:01:14.583","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The exploit has been published and may be used. Upgrading to version 3.13.0RC1 addresses this issue. This patch is called 3e04c0385630e4d42517046d9a4967dfccfeb7fd. The affected component should be upgraded."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:S/C:P/I:P/A:P","baseScore":4.3,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.1,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-119"},{"lang":"en","value":"CWE-122"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:*","versionEndIncluding":"3.12.4","matchCriteriaId":"42C34F23-189A-408C-B8DF-A7CD215EDB9D"},{"vulnerable":true,"criteria":"cpe:2.3:a:osgeo:gdal:3.13.0:beta1:*:*:*:*:*:*","matchCriteriaId":"CBBA367E-AC85-4772-9522-12C10B9794EB"},{"vulnerable":true,"criteria":"cpe:2.3:a:osgeo:gdal:3.13.0:beta2:*:*:*:*:*:*","matchCriteriaId":"A2E18623-F659-4CD5-8252-3F79C065A8CA"}]}]}],"references":[{"url":"https://github.com/OSGeo/gdal/","source":"cna@vuldb.com","tags":["Product"]},{"url":"https://github.com/OSGeo/gdal/commit/3e04c0385630e4d42517046d9a4967dfccfeb7fd","source":"cna@vuldb.com","tags":["Patch"]},{"url":"https://github.com/OSGeo/gdal/issues/14398","source":"cna@vuldb.com","tags":["Exploit","Issue Tracking","Mitigation","Patch"]},{"url":"https://github.com/OSGeo/gdal/releases/tag/v3.13.0RC1","source":"cna@vuldb.com","tags":["Patch","Release Notes"]},{"url":"https://github.com/biniamf/pocs/tree/main/gdal-swsdfldsrch_oob-read","source":"cna@vuldb.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://vuldb.com/submit/808127","source":"cna@vuldb.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/362429","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/362429/cti","source":"cna@vuldb.com","tags":["Permissions Required","VDB Entry"]}]}},{"cve":{"id":"CVE-2026-8213","sourceIdentifier":"cna@vuldb.com","published":"2026-05-09T23:16:33.290","lastModified":"2026-05-19T19:58:24.740","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 3.13.0RC1 can resolve this issue. The identifier of the patch is 3e04c0385630e4d42517046d9a4967dfccfeb7fd. It is suggested to upgrade the affected component."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:S/C:P/I:P/A:P","baseScore":4.3,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.1,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-119"},{"lang":"en","value":"CWE-122"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:*","versionEndIncluding":"3.12.4","matchCriteriaId":"42C34F23-189A-408C-B8DF-A7CD215EDB9D"},{"vulnerable":true,"criteria":"cpe:2.3:a:osgeo:gdal:3.13.0:beta1:*:*:*:*:*:*","matchCriteriaId":"CBBA367E-AC85-4772-9522-12C10B9794EB"},{"vulnerable":true,"criteria":"cpe:2.3:a:osgeo:gdal:3.13.0:beta2:*:*:*:*:*:*","matchCriteriaId":"A2E18623-F659-4CD5-8252-3F79C065A8CA"}]}]}],"references":[{"url":"https://github.com/OSGeo/gdal/","source":"cna@vuldb.com","tags":["Product"]},{"url":"https://github.com/OSGeo/gdal/commit/3e04c0385630e4d42517046d9a4967dfccfeb7fd","source":"cna@vuldb.com","tags":["Patch"]},{"url":"https://github.com/OSGeo/gdal/issues/14399","source":"cna@vuldb.com","tags":["Issue Tracking","Mitigation","Exploit","Patch"]},{"url":"https://github.com/OSGeo/gdal/releases/tag/v3.13.0RC1","source":"cna@vuldb.com","tags":["Release Notes","Patch"]},{"url":"https://github.com/biniamf/pocs/tree/main/gdal-gdsdfldsrch_oob-read","source":"cna@vuldb.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://vuldb.com/submit/808128","source":"cna@vuldb.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/362430","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/362430/cti","source":"cna@vuldb.com","tags":["Permissions Required","VDB Entry"]}]}},{"cve":{"id":"CVE-2026-42883","sourceIdentifier":"security-advisories@github.com","published":"2026-05-11T20:25:44.593","lastModified":"2026-05-19T18:19:44.153","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the GET /api/libraries/:id/download endpoint validates that the requesting user has access to the library specified in the URL path, but fetches downloadable items solely by attacker-provided IDs without constraining them to that library. An authenticated user with download permission and access to any one library can exfiltrate the full file contents of items belonging to any other library, including libraries they are explicitly denied access to. This vulnerability is fixed in 2.32.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-6rvg-w3f5-9gq5","source":"security-advisories@github.com"},{"url":"https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-6rvg-w3f5-9gq5","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-0541","sourceIdentifier":"product-security@axis.com","published":"2026-05-12T07:16:09.200","lastModified":"2026-05-19T15:40:24.140","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"ACAP applications can gain elevated privileges due to improper input validation during the installation process, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application."}],"metrics":{"cvssMetricV31":[{"source":"product-security@axis.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":5.9}]},"weaknesses":[{"source":"product-security@axis.com","type":"Secondary","description":[{"lang":"en","value":"CWE-732"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*","versionStartIncluding":"12.0.0","versionEndExcluding":"12.9.32","matchCriteriaId":"018CD5A3-827B-49D3-BCB6-FEA7E4272F08"}]}]}],"references":[{"url":"https://www.axis.com/dam/public/fa/50/c7/cve-2026-0541pdf-en-US-530730.pdf","source":"product-security@axis.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-0802","sourceIdentifier":"product-security@axis.com","published":"2026-05-12T07:16:09.460","lastModified":"2026-05-19T16:05:03.773","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An ACAP configuration file lacked sufficient input validation, which could allow command injection and potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application."}],"metrics":{"cvssMetricV31":[{"source":"product-security@axis.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":0.8,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":5.9}]},"weaknesses":[{"source":"product-security@axis.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*","versionStartIncluding":"12.0.0","versionEndExcluding":"12.9.33","matchCriteriaId":"919811B0-A474-4DD9-8465-633253A6E9F6"}]}]}],"references":[{"url":"https://www.axis.com/dam/public/67/b8/75/cve-2026-0802pdf-en-US-530731.pdf","source":"product-security@axis.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-0804","sourceIdentifier":"product-security@axis.com","published":"2026-05-12T07:16:09.597","lastModified":"2026-05-19T16:06:01.233","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application."}],"metrics":{"cvssMetricV31":[{"source":"product-security@axis.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":5.9}]},"weaknesses":[{"source":"product-security@axis.com","type":"Secondary","description":[{"lang":"en","value":"CWE-35"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*","versionStartIncluding":"12.0.0","versionEndExcluding":"12.10.4","matchCriteriaId":"95D7438C-ED4D-432E-B1EE-36424B3B1DB3"}]}]}],"references":[{"url":"https://www.axis.com/dam/public/51/64/ea/cve-2026-0804pdf-en-US-530732.pdf","source":"product-security@axis.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-1185","sourceIdentifier":"product-security@axis.com","published":"2026-05-12T07:16:09.720","lastModified":"2026-05-19T16:07:33.100","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A configuration file on the local file system had improper input validation which could allow code execution and potentially lead to privilege escalation. This vulnerability can only be exploited if an attacker can log in to the Axis device using SSH."}],"metrics":{"cvssMetricV31":[{"source":"product-security@axis.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"product-security@axis.com","type":"Secondary","description":[{"lang":"en","value":"CWE-732"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*","versionStartIncluding":"12.0.0","versionEndExcluding":"12.10.37","matchCriteriaId":"3CD3401A-1B20-4192-9B1D-90FDC768689E"}]}]}],"references":[{"url":"https://www.axis.com/dam/public/69/df/8d/cve-2026-1185pdf-en-US-530733.pdf","source":"product-security@axis.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8388","sourceIdentifier":"security@mozilla.org","published":"2026-05-12T14:17:11.813","lastModified":"2026-05-19T18:16:31.167","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect boundary conditions in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*","versionEndExcluding":"150.0.3","matchCriteriaId":"B13F359A-1C15-48B4-8319-AD42CC852E8C"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2036978","source":"security@mozilla.org","tags":["Permissions Required"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-45/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-47/","source":"security@mozilla.org"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-48/","source":"security@mozilla.org"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-51/","source":"security@mozilla.org"}]}},{"cve":{"id":"CVE-2026-8391","sourceIdentifier":"security@mozilla.org","published":"2026-05-12T14:17:12.173","lastModified":"2026-05-19T18:16:31.347","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*","versionEndExcluding":"150.0.3","matchCriteriaId":"B13F359A-1C15-48B4-8319-AD42CC852E8C"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2038575","source":"security@mozilla.org","tags":["Permissions Required"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-45/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-47/","source":"security@mozilla.org"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-48/","source":"security@mozilla.org"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-51/","source":"security@mozilla.org"}]}},{"cve":{"id":"CVE-2026-8368","sourceIdentifier":"9b29abf9-4ab0-4765-b253-1875cd9b441e","published":"2026-05-12T15:16:19.690","lastModified":"2026-05-19T18:16:30.983","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects.\n\nOn a 3xx response, the redirect handler strips only Host and Cookie before issuing the follow-up request. Caller-supplied Authorization and Proxy-Authorization headers are sent unchanged to the redirect target, including across scheme, host, or port changes.\n\nA redirect to an attacker controlled host therefore discloses the caller's credentials to that host."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","type":"Secondary","description":[{"lang":"en","value":"CWE-522"}]}],"references":[{"url":"https://github.com/libwww-perl/libwww-perl/commit/9c4aeb6f2dd32f2b7eaf2d7827cade31ea6cb2c6.patch","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://github.com/libwww-perl/libwww-perl/pull/284","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://github.com/libwww-perl/libwww-perl/pull/512","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://metacpan.org/release/OALDERS/libwww-perl-6.83/changes","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"http://www.openwall.com/lists/oss-security/2026/05/12/7","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-8401","sourceIdentifier":"security@mozilla.org","published":"2026-05-12T15:16:20.100","lastModified":"2026-05-19T18:16:31.523","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-693"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*","versionEndExcluding":"150.0.3","matchCriteriaId":"B13F359A-1C15-48B4-8319-AD42CC852E8C"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2038679","source":"security@mozilla.org","tags":["Permissions Required"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-45/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-47/","source":"security@mozilla.org"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-48/","source":"security@mozilla.org"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-51/","source":"security@mozilla.org"}]}},{"cve":{"id":"CVE-2026-31226","sourceIdentifier":"cve@mitre.org","published":"2026-05-12T16:16:14.530","lastModified":"2026-05-19T18:14:16.780","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The TinyZero project thru commit 6652a63c57fa7e5ccde3fc9c598c7176ff15b839 (2025-58-24) contains a critical command injection vulnerability (CWE-78) in its HDFS file operation utilities. The vulnerability arises from the unsafe construction and execution of shell commands via os.system() without proper input sanitization or escaping. User-controlled input (such as file paths) is directly interpolated into shell command strings using f-strings within the _copy() function. An attacker can inject arbitrary OS commands by supplying a specially crafted path parameter through the Hydra configuration framework. This leads to remote code execution with the privileges of the user running the TinyZero training process."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/Jiayi-Pan/TinyZero","source":"cve@mitre.org"},{"url":"https://www.notion.so/CVE-2026-31226-35d1e139318881d19af5d63095c74579","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-35436","sourceIdentifier":"secure@microsoft.com","published":"2026-05-12T18:17:13.903","lastModified":"2026-05-19T18:05:31.780","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally."}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":6.0}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Primary","description":[{"lang":"en","value":"CWE-1220"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*","matchCriteriaId":"3259EBFE-AE2D-48B8-BE9A-E22BBDB31378"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*","matchCriteriaId":"CD25F492-9272-4836-832C-8439EBE64CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*","matchCriteriaId":"CF5DDD09-902E-4881-98D0-CB896333B4AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*","matchCriteriaId":"26A3B226-5D7C-4556-9350-5222DC8EFC2C"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x64:*","matchCriteriaId":"851BAC4E-9965-4F40-9A6C-B73D9004F4C1"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x86:*","matchCriteriaId":"23B2FA23-76F4-4D83-A718-B8D04D7EA37B"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x64:*","matchCriteriaId":"D31E509A-0B2E-4B41-88C4-0099E800AFE6"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x86:*","matchCriteriaId":"017A7041-BEF1-4E4E-AC8A-EFC6AFEB01FE"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35436","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-35440","sourceIdentifier":"secure@microsoft.com","published":"2026-05-12T18:17:14.287","lastModified":"2026-05-19T18:05:26.863","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally."}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Primary","description":[{"lang":"en","value":"CWE-552"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*","matchCriteriaId":"3259EBFE-AE2D-48B8-BE9A-E22BBDB31378"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*","matchCriteriaId":"CD25F492-9272-4836-832C-8439EBE64CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*","matchCriteriaId":"CF5DDD09-902E-4881-98D0-CB896333B4AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*","matchCriteriaId":"26A3B226-5D7C-4556-9350-5222DC8EFC2C"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x64:*","matchCriteriaId":"851BAC4E-9965-4F40-9A6C-B73D9004F4C1"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x86:*","matchCriteriaId":"23B2FA23-76F4-4D83-A718-B8D04D7EA37B"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x64:*","matchCriteriaId":"D31E509A-0B2E-4B41-88C4-0099E800AFE6"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x86:*","matchCriteriaId":"017A7041-BEF1-4E4E-AC8A-EFC6AFEB01FE"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:x64:*","matchCriteriaId":"E1FE9E95-4874-46EF-AC93-9E485F7A2AC0"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:x86:*","matchCriteriaId":"38479B5D-66F9-4260-A18A-F6E3D9B6991E"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35440","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-40358","sourceIdentifier":"secure@microsoft.com","published":"2026-05-12T18:17:14.543","lastModified":"2026-05-19T18:05:23.993","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in Microsoft Office allows an unauthorized attacker to execute code locally."}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":5.9}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*","matchCriteriaId":"3259EBFE-AE2D-48B8-BE9A-E22BBDB31378"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*","matchCriteriaId":"CD25F492-9272-4836-832C-8439EBE64CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x64:*","matchCriteriaId":"72324216-4EB3-4243-A007-FEF3133C7DF9"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x86:*","matchCriteriaId":"0FBB0E61-7997-4F26-9C07-54912D3F1C10"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*","matchCriteriaId":"CF5DDD09-902E-4881-98D0-CB896333B4AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*","matchCriteriaId":"26A3B226-5D7C-4556-9350-5222DC8EFC2C"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x64:*","matchCriteriaId":"851BAC4E-9965-4F40-9A6C-B73D9004F4C1"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x86:*","matchCriteriaId":"23B2FA23-76F4-4D83-A718-B8D04D7EA37B"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*","matchCriteriaId":"BF0E8112-5B6F-4E55-8E40-38ADCF6FC654"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x64:*","matchCriteriaId":"D31E509A-0B2E-4B41-88C4-0099E800AFE6"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x86:*","matchCriteriaId":"017A7041-BEF1-4E4E-AC8A-EFC6AFEB01FE"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:macos:*:*","matchCriteriaId":"EF3E56B5-E6A6-4061-9380-D421E52B9199"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40358","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-40359","sourceIdentifier":"secure@microsoft.com","published":"2026-05-12T18:17:14.673","lastModified":"2026-05-19T18:05:21.283","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally."}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*","matchCriteriaId":"3259EBFE-AE2D-48B8-BE9A-E22BBDB31378"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*","matchCriteriaId":"CD25F492-9272-4836-832C-8439EBE64CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:*","matchCriteriaId":"CD88F667-6773-4DB7-B6C3-9C7B769C0808"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:*","matchCriteriaId":"B342EF98-B414-44D0-BAFB-FCA24294EECE"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*","matchCriteriaId":"CF5DDD09-902E-4881-98D0-CB896333B4AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*","matchCriteriaId":"26A3B226-5D7C-4556-9350-5222DC8EFC2C"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x64:*","matchCriteriaId":"851BAC4E-9965-4F40-9A6C-B73D9004F4C1"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x86:*","matchCriteriaId":"23B2FA23-76F4-4D83-A718-B8D04D7EA37B"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*","matchCriteriaId":"BF0E8112-5B6F-4E55-8E40-38ADCF6FC654"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x64:*","matchCriteriaId":"D31E509A-0B2E-4B41-88C4-0099E800AFE6"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x86:*","matchCriteriaId":"017A7041-BEF1-4E4E-AC8A-EFC6AFEB01FE"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:macos:*:*","matchCriteriaId":"EF3E56B5-E6A6-4061-9380-D421E52B9199"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_online_server:*:*:*:*:*:*:*:*","versionEndExcluding":"16.0.10417.20128","matchCriteriaId":"3E735B7A-DAEB-4275-8B77-4CD6CD946DB7"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40359","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-40360","sourceIdentifier":"secure@microsoft.com","published":"2026-05-12T18:17:14.817","lastModified":"2026-05-19T18:05:18.790","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally."}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*","matchCriteriaId":"3259EBFE-AE2D-48B8-BE9A-E22BBDB31378"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*","matchCriteriaId":"CD25F492-9272-4836-832C-8439EBE64CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:*","matchCriteriaId":"CD88F667-6773-4DB7-B6C3-9C7B769C0808"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:*","matchCriteriaId":"B342EF98-B414-44D0-BAFB-FCA24294EECE"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*","matchCriteriaId":"CF5DDD09-902E-4881-98D0-CB896333B4AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*","matchCriteriaId":"26A3B226-5D7C-4556-9350-5222DC8EFC2C"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x64:*","matchCriteriaId":"851BAC4E-9965-4F40-9A6C-B73D9004F4C1"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x86:*","matchCriteriaId":"23B2FA23-76F4-4D83-A718-B8D04D7EA37B"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*","matchCriteriaId":"BF0E8112-5B6F-4E55-8E40-38ADCF6FC654"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x64:*","matchCriteriaId":"D31E509A-0B2E-4B41-88C4-0099E800AFE6"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x86:*","matchCriteriaId":"017A7041-BEF1-4E4E-AC8A-EFC6AFEB01FE"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:macos:*:*","matchCriteriaId":"EF3E56B5-E6A6-4061-9380-D421E52B9199"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_online_server:*:*:*:*:*:*:*:*","versionEndExcluding":"16.0.10417.20128","matchCriteriaId":"3E735B7A-DAEB-4275-8B77-4CD6CD946DB7"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40360","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-40361","sourceIdentifier":"secure@microsoft.com","published":"2026-05-12T18:17:14.950","lastModified":"2026-05-19T18:05:16.207","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally."}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":5.9}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*","matchCriteriaId":"3259EBFE-AE2D-48B8-BE9A-E22BBDB31378"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*","matchCriteriaId":"CD25F492-9272-4836-832C-8439EBE64CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*","matchCriteriaId":"CF5DDD09-902E-4881-98D0-CB896333B4AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*","matchCriteriaId":"26A3B226-5D7C-4556-9350-5222DC8EFC2C"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x64:*","matchCriteriaId":"851BAC4E-9965-4F40-9A6C-B73D9004F4C1"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x86:*","matchCriteriaId":"23B2FA23-76F4-4D83-A718-B8D04D7EA37B"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*","matchCriteriaId":"BF0E8112-5B6F-4E55-8E40-38ADCF6FC654"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x64:*","matchCriteriaId":"D31E509A-0B2E-4B41-88C4-0099E800AFE6"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x86:*","matchCriteriaId":"017A7041-BEF1-4E4E-AC8A-EFC6AFEB01FE"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:macos:*:*","matchCriteriaId":"EF3E56B5-E6A6-4061-9380-D421E52B9199"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:x64:*","matchCriteriaId":"E1FE9E95-4874-46EF-AC93-9E485F7A2AC0"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:x86:*","matchCriteriaId":"38479B5D-66F9-4260-A18A-F6E3D9B6991E"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40361","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-40362","sourceIdentifier":"secure@microsoft.com","published":"2026-05-12T18:17:15.077","lastModified":"2026-05-19T18:05:13.300","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally."}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Primary","description":[{"lang":"en","value":"CWE-122"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*","matchCriteriaId":"3259EBFE-AE2D-48B8-BE9A-E22BBDB31378"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*","matchCriteriaId":"CD25F492-9272-4836-832C-8439EBE64CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:*","matchCriteriaId":"CD88F667-6773-4DB7-B6C3-9C7B769C0808"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:*","matchCriteriaId":"B342EF98-B414-44D0-BAFB-FCA24294EECE"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*","matchCriteriaId":"CF5DDD09-902E-4881-98D0-CB896333B4AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*","matchCriteriaId":"26A3B226-5D7C-4556-9350-5222DC8EFC2C"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x64:*","matchCriteriaId":"851BAC4E-9965-4F40-9A6C-B73D9004F4C1"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x86:*","matchCriteriaId":"23B2FA23-76F4-4D83-A718-B8D04D7EA37B"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*","matchCriteriaId":"BF0E8112-5B6F-4E55-8E40-38ADCF6FC654"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x64:*","matchCriteriaId":"D31E509A-0B2E-4B41-88C4-0099E800AFE6"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x86:*","matchCriteriaId":"017A7041-BEF1-4E4E-AC8A-EFC6AFEB01FE"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:macos:*:*","matchCriteriaId":"EF3E56B5-E6A6-4061-9380-D421E52B9199"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_online_server:*:*:*:*:*:*:*:*","versionEndExcluding":"16.0.10417.20128","matchCriteriaId":"3E735B7A-DAEB-4275-8B77-4CD6CD946DB7"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40362","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-40363","sourceIdentifier":"secure@microsoft.com","published":"2026-05-12T18:17:15.217","lastModified":"2026-05-19T18:05:10.807","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally."}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":5.9}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Primary","description":[{"lang":"en","value":"CWE-122"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*","matchCriteriaId":"3259EBFE-AE2D-48B8-BE9A-E22BBDB31378"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*","matchCriteriaId":"CD25F492-9272-4836-832C-8439EBE64CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:*:*:*:*:*:android:*:*","versionEndExcluding":"16.0.19822.20190","matchCriteriaId":"D6226193-F09C-4C63-8020-E13666AED43D"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x64:*","matchCriteriaId":"72324216-4EB3-4243-A007-FEF3133C7DF9"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x86:*","matchCriteriaId":"0FBB0E61-7997-4F26-9C07-54912D3F1C10"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*","matchCriteriaId":"CF5DDD09-902E-4881-98D0-CB896333B4AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*","matchCriteriaId":"26A3B226-5D7C-4556-9350-5222DC8EFC2C"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x64:*","matchCriteriaId":"851BAC4E-9965-4F40-9A6C-B73D9004F4C1"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x86:*","matchCriteriaId":"23B2FA23-76F4-4D83-A718-B8D04D7EA37B"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*","matchCriteriaId":"BF0E8112-5B6F-4E55-8E40-38ADCF6FC654"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x64:*","matchCriteriaId":"D31E509A-0B2E-4B41-88C4-0099E800AFE6"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x86:*","matchCriteriaId":"017A7041-BEF1-4E4E-AC8A-EFC6AFEB01FE"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:macos:*:*","matchCriteriaId":"EF3E56B5-E6A6-4061-9380-D421E52B9199"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40363","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-40364","sourceIdentifier":"secure@microsoft.com","published":"2026-05-12T18:17:15.350","lastModified":"2026-05-19T18:05:08.410","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally."}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":5.9}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Primary","description":[{"lang":"en","value":"CWE-122"},{"lang":"en","value":"CWE-843"},{"lang":"en","value":"CWE-908"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*","matchCriteriaId":"3259EBFE-AE2D-48B8-BE9A-E22BBDB31378"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*","matchCriteriaId":"CD25F492-9272-4836-832C-8439EBE64CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*","matchCriteriaId":"CF5DDD09-902E-4881-98D0-CB896333B4AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*","matchCriteriaId":"26A3B226-5D7C-4556-9350-5222DC8EFC2C"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x64:*","matchCriteriaId":"851BAC4E-9965-4F40-9A6C-B73D9004F4C1"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x86:*","matchCriteriaId":"23B2FA23-76F4-4D83-A718-B8D04D7EA37B"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*","matchCriteriaId":"BF0E8112-5B6F-4E55-8E40-38ADCF6FC654"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x64:*","matchCriteriaId":"D31E509A-0B2E-4B41-88C4-0099E800AFE6"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x86:*","matchCriteriaId":"017A7041-BEF1-4E4E-AC8A-EFC6AFEB01FE"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:macos:*:*","matchCriteriaId":"EF3E56B5-E6A6-4061-9380-D421E52B9199"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:x64:*","matchCriteriaId":"E1FE9E95-4874-46EF-AC93-9E485F7A2AC0"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:x86:*","matchCriteriaId":"38479B5D-66F9-4260-A18A-F6E3D9B6991E"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40364","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-40366","sourceIdentifier":"secure@microsoft.com","published":"2026-05-12T18:17:15.610","lastModified":"2026-05-19T18:05:05.920","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally."}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":5.9}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*","matchCriteriaId":"3259EBFE-AE2D-48B8-BE9A-E22BBDB31378"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*","matchCriteriaId":"CD25F492-9272-4836-832C-8439EBE64CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*","matchCriteriaId":"CF5DDD09-902E-4881-98D0-CB896333B4AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*","matchCriteriaId":"26A3B226-5D7C-4556-9350-5222DC8EFC2C"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x64:*","matchCriteriaId":"851BAC4E-9965-4F40-9A6C-B73D9004F4C1"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x86:*","matchCriteriaId":"23B2FA23-76F4-4D83-A718-B8D04D7EA37B"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*","matchCriteriaId":"BF0E8112-5B6F-4E55-8E40-38ADCF6FC654"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x64:*","matchCriteriaId":"D31E509A-0B2E-4B41-88C4-0099E800AFE6"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x86:*","matchCriteriaId":"017A7041-BEF1-4E4E-AC8A-EFC6AFEB01FE"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:macos:*:*","matchCriteriaId":"EF3E56B5-E6A6-4061-9380-D421E52B9199"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:x64:*","matchCriteriaId":"E1FE9E95-4874-46EF-AC93-9E485F7A2AC0"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:x86:*","matchCriteriaId":"38479B5D-66F9-4260-A18A-F6E3D9B6991E"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40366","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-40374","sourceIdentifier":"secure@microsoft.com","published":"2026-05-12T18:17:16.347","lastModified":"2026-05-19T18:04:59.820","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker to disclose information over a network."}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:power_automate_for_desktop:*:*:*:*:*:*:*:*","versionEndExcluding":"2.67","matchCriteriaId":"4238565A-8114-4C12-BF12-3A064E1C5029"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40374","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-40418","sourceIdentifier":"secure@microsoft.com","published":"2026-05-12T18:17:19.940","lastModified":"2026-05-19T18:04:57.153","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally."}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*","matchCriteriaId":"3259EBFE-AE2D-48B8-BE9A-E22BBDB31378"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*","matchCriteriaId":"CD25F492-9272-4836-832C-8439EBE64CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*","matchCriteriaId":"CF5DDD09-902E-4881-98D0-CB896333B4AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*","matchCriteriaId":"26A3B226-5D7C-4556-9350-5222DC8EFC2C"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x64:*","matchCriteriaId":"851BAC4E-9965-4F40-9A6C-B73D9004F4C1"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x86:*","matchCriteriaId":"23B2FA23-76F4-4D83-A718-B8D04D7EA37B"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x64:*","matchCriteriaId":"D31E509A-0B2E-4B41-88C4-0099E800AFE6"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x86:*","matchCriteriaId":"017A7041-BEF1-4E4E-AC8A-EFC6AFEB01FE"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40418","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-40419","sourceIdentifier":"secure@microsoft.com","published":"2026-05-12T18:17:20.070","lastModified":"2026-05-19T18:04:54.260","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally."}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*","matchCriteriaId":"3259EBFE-AE2D-48B8-BE9A-E22BBDB31378"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*","matchCriteriaId":"CD25F492-9272-4836-832C-8439EBE64CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*","matchCriteriaId":"CF5DDD09-902E-4881-98D0-CB896333B4AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*","matchCriteriaId":"26A3B226-5D7C-4556-9350-5222DC8EFC2C"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x64:*","matchCriteriaId":"851BAC4E-9965-4F40-9A6C-B73D9004F4C1"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x86:*","matchCriteriaId":"23B2FA23-76F4-4D83-A718-B8D04D7EA37B"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x64:*","matchCriteriaId":"D31E509A-0B2E-4B41-88C4-0099E800AFE6"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x86:*","matchCriteriaId":"017A7041-BEF1-4E4E-AC8A-EFC6AFEB01FE"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40419","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-40420","sourceIdentifier":"secure@microsoft.com","published":"2026-05-12T18:17:20.190","lastModified":"2026-05-19T18:04:51.103","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally."}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":6.0}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*","matchCriteriaId":"3259EBFE-AE2D-48B8-BE9A-E22BBDB31378"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*","matchCriteriaId":"CD25F492-9272-4836-832C-8439EBE64CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*","matchCriteriaId":"CF5DDD09-902E-4881-98D0-CB896333B4AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*","matchCriteriaId":"26A3B226-5D7C-4556-9350-5222DC8EFC2C"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x64:*","matchCriteriaId":"851BAC4E-9965-4F40-9A6C-B73D9004F4C1"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x86:*","matchCriteriaId":"23B2FA23-76F4-4D83-A718-B8D04D7EA37B"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x64:*","matchCriteriaId":"D31E509A-0B2E-4B41-88C4-0099E800AFE6"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x86:*","matchCriteriaId":"017A7041-BEF1-4E4E-AC8A-EFC6AFEB01FE"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40420","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-40421","sourceIdentifier":"secure@microsoft.com","published":"2026-05-12T18:17:20.320","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"External control of file name or path in Microsoft Office Word allows an unauthorized attacker to disclose information over a network."}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Primary","description":[{"lang":"en","value":"CWE-73"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*","matchCriteriaId":"3259EBFE-AE2D-48B8-BE9A-E22BBDB31378"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*","matchCriteriaId":"CD25F492-9272-4836-832C-8439EBE64CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*","matchCriteriaId":"CF5DDD09-902E-4881-98D0-CB896333B4AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*","matchCriteriaId":"26A3B226-5D7C-4556-9350-5222DC8EFC2C"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2024:*:*:*:ltsc:*:x64:*","matchCriteriaId":"19F65776-446D-404C-A830-990D4232791A"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2024:*:*:*:ltsc:*:x86:*","matchCriteriaId":"017875F7-5396-4069-9F9F-0BDA05143A25"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x64:*","matchCriteriaId":"75F7306B-D1DA-48C2-AF87-4480E161D794"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x86:*","matchCriteriaId":"BA9BCD55-F71E-4920-B906-A1386843776A"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:x64:*","matchCriteriaId":"E1FE9E95-4874-46EF-AC93-9E485F7A2AC0"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:x86:*","matchCriteriaId":"38479B5D-66F9-4260-A18A-F6E3D9B6991E"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40421","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-42045","sourceIdentifier":"security-advisories@github.com","published":"2026-05-12T18:17:23.637","lastModified":"2026-05-19T18:19:44.153","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.48, when LobeChat processes custom tags in the Render process of src/features/Portal/Artifacts/Body/Renderer/index.tsx, if no type match is found, it will choose to call the default method, HTMLRenderer, for HTML rendering. If an attacker can induce the LLM to output content containing malicious tags, an XSS vulnerability can be created on the client side. Additionally, Lobechat's Electron main process exposes an IPC interface called runCommand, used to invoke system commands. This interface allows arbitrary command execution and does not filter the command parameter. Therefore, if an attacker can obtain a handle to window.parent.electronAPI via XSS and call the runCommand method of the IPC, the ipcMain process can execute arbitrary system commands with the current user's privileges. This vulnerability is fixed in 2.1.48."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:N","baseScore":6.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.0,"impactScore":4.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/lobehub/lobehub/security/advisories/GHSA-xq4x-622m-q8fq","source":"security-advisories@github.com"},{"url":"https://github.com/lobehub/lobehub/security/advisories/GHSA-xq4x-622m-q8fq","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-42831","sourceIdentifier":"secure@microsoft.com","published":"2026-05-12T18:17:25.673","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally."}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Primary","description":[{"lang":"en","value":"CWE-122"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:*:*:*:*:*:android:*:*","versionEndExcluding":"16.0.19822.20190","matchCriteriaId":"D6226193-F09C-4C63-8020-E13666AED43D"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2024:*:*:*:ltsc:macos:*:*","matchCriteriaId":"873BD998-9D5A-4C09-A3B3-4DB12ABB6F72"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*","matchCriteriaId":"BF0E8112-5B6F-4E55-8E40-38ADCF6FC654"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42831","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-42832","sourceIdentifier":"secure@microsoft.com","published":"2026-05-12T18:17:25.800","lastModified":"2026-05-19T18:38:59.530","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally."}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.5,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:excel:*:*:*:*:*:android:*:*","versionEndExcluding":"16.0.19822.20190","matchCriteriaId":"CDB078AF-7792-4833-8901-3DE793C08843"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2024:*:*:*:ltsc:macos:*:*","matchCriteriaId":"873BD998-9D5A-4C09-A3B3-4DB12ABB6F72"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*","matchCriteriaId":"BF0E8112-5B6F-4E55-8E40-38ADCF6FC654"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:word:*:*:*:*:*:android:*:*","versionEndExcluding":"16.0.19822.20190","matchCriteriaId":"8299056B-8884-4A3E-B91F-3E69AB135AF8"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42832","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44166","sourceIdentifier":"security-advisories@github.com","published":"2026-05-12T18:17:29.123","lastModified":"2026-05-19T16:20:40.930","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Pocketbase is an open source web backend written in go. Prior to 0.22.42 and 0.37.4, in some situations, if an attacker knows the email address of the victim they can create and link an unverified PocketBase user in advance by authenticating with one of the OAuth2 app providers, e.g. \"A\". When the victim gets invited or decides to sign up to your app on their own with provider \"B\" (PocketBase OAuth2 auth requires to be with a different provider because we don't allow multiple OAuth2 accounts from the same provider to be associated to a single PocketBase user), the user created previously by the attacker will be autolinked, upgraded to \"verified\" and its old password reset. This vulnerability is fixed in 0.22.42 and 0.37.4."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":4.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pocketbase:pocketbase:*:*:*:*:*:go:*:*","versionEndExcluding":"0.22.42","matchCriteriaId":"82C3D53E-1FEE-4477-985C-9392048F2F33"},{"vulnerable":true,"criteria":"cpe:2.3:a:pocketbase:pocketbase:*:*:*:*:*:go:*:*","versionStartIncluding":"0.23.0","versionEndExcluding":"0.37.4","matchCriteriaId":"4D5B2E3F-7B3E-4F34-ACFF-42FCC50A2363"}]}]}],"references":[{"url":"https://github.com/pocketbase/pocketbase/security/advisories/GHSA-pq7p-mc74-g65w","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44343","sourceIdentifier":"security-advisories@github.com","published":"2026-05-12T18:17:30.483","lastModified":"2026-05-19T16:21:34.040","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"WGDashboard is a dashboard for WireGuard VPN. Prior to 4.3.2, there are critical vulnerabilities affecting WGDashboard that, if exploited, could allow unauthorized parties to access the host file system without authentication. This vulnerability is fixed in 4.3.2."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wgdashboard:wgdashboard:*:*:*:*:*:*:*:*","versionEndExcluding":"4.3.2","matchCriteriaId":"F96F9F34-111E-4146-B5F2-E013D1D397B3"}]}]}],"references":[{"url":"https://github.com/WGDashboard/WGDashboard/commit/b15bbce9bc5554ec379d558f032c730db47fcea2","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/WGDashboard/WGDashboard/security/advisories/GHSA-rrf5-q4fp-qvgm","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-42338","sourceIdentifier":"security-advisories@github.com","published":"2026-05-12T20:16:41.130","lastModified":"2026-05-19T20:04:05.337","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group() and Address6.link() do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage (emitted by the Address6 constructor for invalid input) can contain unescaped attacker-controlled content in one branch. An application that (1) passes untrusted input to Address6 and (2) renders the output of these methods, or the thrown error's parseMessage, as HTML (e.g. via innerHTML) is vulnerable to cross-site scripting. This vulnerability is fixed in 10.1.1."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:beaugunderson:ip-address:*:*:*:*:*:node.js:*:*","versionEndExcluding":"10.1.1","matchCriteriaId":"2A574108-EE16-449B-8729-B727C061036B"}]}]}],"references":[{"url":"https://github.com/beaugunderson/ip-address/security/advisories/GHSA-v2v4-37r5-5v8g","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/beaugunderson/ip-address/security/advisories/GHSA-v2v4-37r5-5v8g","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44246","sourceIdentifier":"security-advisories@github.com","published":"2026-05-12T21:16:16.543","lastModified":"2026-05-19T20:10:38.250","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"nnU-Net is a semantic segmentation framework that automatically adapts its pipeline to a dataset. Prior to 2.4.1, the nnU-Net Issue Triage workflow in .github/workflows/issue-triage.yml is vulnerable to Agentic Workflow Injection. The workflow sets allowed_non_write_users: ${{ github.event.issue.user.login }}, which means any logged-in GitHub user who opens an issue can reach this agentic workflow with attacker-controlled content. Untrusted issue title and body content are embedded directly into the prompt of anthropics/claude-code-action, and the workflow then runs a command-capable Claude agent with permission to comment on and relabel the current issue via gh. Because this workflow is triggered automatically on issues.opened, an external attacker can submit a crafted issue that steers the agent beyond its intended issue-triage purpose and influences authenticated issue actions. This vulnerability is fixed in 2.4.1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.7}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-74"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dkfz:nnu-net:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.1","matchCriteriaId":"13B07C8B-909B-41F8-913E-B0335C722A90"}]}]}],"references":[{"url":"https://github.com/MIC-DKFZ/nnUNet/security/advisories/GHSA-63mx-j37w-gh59","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/MIC-DKFZ/nnUNet/security/advisories/GHSA-63mx-j37w-gh59","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-42844","sourceIdentifier":"security-advisories@github.com","published":"2026-05-12T22:16:34.793","lastModified":"2026-05-19T21:00:50.527","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Grav is a file-based Web platform. In Grav 2.0.0-beta.2, a low-privileged authenticated API user with api.media.write can abuse /api/v1/blueprint-upload to write an arbitrary YAML file into user/accounts/, then log in as the newly created account with api.super privileges. This results in full administrative compromise of the Grav API. This vulnerability is fixed in API 1.0.0-beta.17."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-269"},{"lang":"en","value":"CWE-434"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:getgrav:grav:2.0.0:beta2:*:*:*:*:*:*","matchCriteriaId":"23F8F687-3238-4CC0-AAC0-8D73DD13EB57"}]}]}],"references":[{"url":"https://github.com/getgrav/grav/security/advisories/GHSA-6xx2-m8wv-756h","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/getgrav/grav/security/advisories/GHSA-6xx2-m8wv-756h","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-42290","sourceIdentifier":"security-advisories@github.com","published":"2026-05-13T16:16:47.160","lastModified":"2026-05-19T20:56:15.433","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbts invoked JSDoc by building a shell command string from input file paths and executing it through child_process.exec. File paths containing shell metacharacters could therefore be interpreted by the shell instead of being passed to JSDoc as plain arguments. This vulnerability is fixed in 1.2.1 and 2.0.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:protobufjs_project:protobufjs-cli:*:*:*:*:*:node.js:*:*","versionEndExcluding":"1.2.1","matchCriteriaId":"D729851A-7B65-4068-98B3-9EDC804701F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:protobufjs_project:protobufjs-cli:*:*:*:*:*:node.js:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.0.2","matchCriteriaId":"B96D73DB-BEF0-421A-926F-1D0F5A62CA25"}]}]}],"references":[{"url":"https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-f84p-cvgm-xgjj","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44288","sourceIdentifier":"security-advisories@github.com","published":"2026-05-13T16:16:55.587","lastModified":"2026-05-19T20:46:53.323","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs includes a minimal UTF-8 decoder that accepted overlong UTF-8 byte sequences and decoded them to their canonical characters instead of replacing them. An attacker who can provide protobuf binary data decoded through the affected UTF-8 path may be able to bypass application-level checks that inspect raw bytes before protobuf string decoding. For example, bytes that do not contain certain ASCII characters could decode to strings containing those characters. This vulnerability is fixed in 7.5.6 and 8.0.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-176"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:protobufjs_project:protobufjs:*:*:*:*:*:node.js:*:*","versionEndExcluding":"7.5.6","matchCriteriaId":"BC190A12-59A1-4DEF-A65D-E4216ED5B807"},{"vulnerable":true,"criteria":"cpe:2.3:a:protobufjs_project:protobufjs:*:*:*:*:*:node.js:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.0.2","matchCriteriaId":"734292AA-F3B2-4E3E-9FA2-0EBA7AB0BB45"}]}]}],"references":[{"url":"https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-q6x5-8v7m-xcrf","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44295","sourceIdentifier":"security-advisories@github.com","published":"2026-05-13T16:16:56.507","lastModified":"2026-05-19T20:37:36.807","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbjs static code generation could emit unsafe JavaScript identifiers derived from schema-controlled names. When generating static JavaScript from a crafted schema or JSON descriptor, certain namespace, enum, service, or derived full names could be written into the generated output without sufficient sanitization. This vulnerability is fixed in 1.2.1 and 2.0.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":5.8},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":5.8}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:protobufjs_project:protobufjs-cli:*:*:*:*:*:node.js:*:*","versionEndExcluding":"1.2.1","matchCriteriaId":"D729851A-7B65-4068-98B3-9EDC804701F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:protobufjs_project:protobufjs-cli:*:*:*:*:*:node.js:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.0.2","matchCriteriaId":"B96D73DB-BEF0-421A-926F-1D0F5A62CA25"}]}]}],"references":[{"url":"https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-6r35-46g8-jcw9","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-42304","sourceIdentifier":"security-advisories@github.com","published":"2026-05-13T21:16:46.933","lastModified":"2026-05-19T16:47:32.543","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service (DoS) attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending a crafted TCP DNS packet containing deeply chained compression pointers. This flaw bypasses previous loop-prevention logic, causing the single-threaded Twisted reactor to hang while processing millions of recursive lookups, effectively freezing the server. This vulnerability is fixed in 26.4.0rc2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"},{"lang":"en","value":"CWE-407"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:twisted:twisted:*:*:*:*:*:*:*:*","versionEndExcluding":"26.4.0","matchCriteriaId":"CD1B0989-189E-4EDA-AE20-1899AC64A020"},{"vulnerable":true,"criteria":"cpe:2.3:a:twisted:twisted:26.4.0:rc1:*:*:*:*:*:*","matchCriteriaId":"2B480C5D-4E35-4F9F-95F8-00F906919315"}]}]}],"references":[{"url":"https://github.com/twisted/twisted/security/advisories/GHSA-grgv-6hw6-v9g4","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/twisted/twisted/security/advisories/GHSA-grgv-6hw6-v9g4","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8295","sourceIdentifier":"cvd@cert.pl","published":"2026-05-14T11:16:18.770","lastModified":"2026-05-19T15:17:37.183","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An integer overflow vulnerability in the simdjson document-builder API allows incorrect buffer size calculations in \"string_builder::escape_and_append()\" when processing very large input strings on platforms with limited \"size_t\" width (e.g., 32-bit builds). The overflow can cause insufficient buffer allocation, leading to out-of-bounds memory reads in SIMD routines and potentially resulting in information disclosure, memory corruption, or malformed JSON output.\nThis vulnerability has been fixed in 4.6.4 release"}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"references":[{"url":"https://cert.pl/posts/2026/05/CVE-2026-8295","source":"cvd@cert.pl"},{"url":"https://github.com/simdjson/simdjson/releases/tag/v4.6.4","source":"cvd@cert.pl"}]}},{"cve":{"id":"CVE-2026-24710","sourceIdentifier":"cve@mitre.org","published":"2026-05-14T15:16:44.710","lastModified":"2026-05-19T16:45:10.460","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 allows XSS."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:northern.tech:cfengine:*:*:*:*:enterprise:*:*:*","versionEndExcluding":"3.21.8","matchCriteriaId":"A4488D9B-4904-4337-988D-47F0507231F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:northern.tech:cfengine:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"3.24.0","versionEndExcluding":"3.24.3","matchCriteriaId":"55A89CE8-9A3E-4E8C-B738-870F6DF4848B"},{"vulnerable":true,"criteria":"cpe:2.3:a:northern.tech:cfengine:3.26.0:*:*:*:enterprise:*:*:*","matchCriteriaId":"F57CD19F-8227-4A79-B7DF-3C8D827324BB"}]}]}],"references":[{"url":"https://cfengine.com/blog/2026/cve-2026-24710-and-cve-2026-24711-and-cve-2026-24712/","source":"cve@mitre.org","tags":["Mitigation","Vendor Advisory"]},{"url":"https://northern.tech","source":"cve@mitre.org","tags":["Product"]}]}},{"cve":{"id":"CVE-2026-24711","sourceIdentifier":"cve@mitre.org","published":"2026-05-14T15:16:44.860","lastModified":"2026-05-19T16:44:42.290","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 has Incorrect Access Control."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:northern.tech:cfengine:*:*:*:*:enterprise:*:*:*","versionEndExcluding":"3.21.8","matchCriteriaId":"A4488D9B-4904-4337-988D-47F0507231F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:northern.tech:cfengine:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"3.24.0","versionEndExcluding":"3.24.3","matchCriteriaId":"55A89CE8-9A3E-4E8C-B738-870F6DF4848B"},{"vulnerable":true,"criteria":"cpe:2.3:a:northern.tech:cfengine:3.26.0:*:*:*:enterprise:*:*:*","matchCriteriaId":"F57CD19F-8227-4A79-B7DF-3C8D827324BB"}]}]}],"references":[{"url":"https://cfengine.com/blog/2026/cve-2026-24710-and-cve-2026-24711-and-cve-2026-24712/","source":"cve@mitre.org","tags":["Mitigation","Vendor Advisory"]},{"url":"https://northern.tech","source":"cve@mitre.org","tags":["Product"]}]}},{"cve":{"id":"CVE-2026-24712","sourceIdentifier":"cve@mitre.org","published":"2026-05-14T15:16:44.977","lastModified":"2026-05-19T16:43:26.550","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Northern.tech CFEngine Enterprise and Community before 3.21.8, 3.24.3, and 3.27.0 allows Command injection."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-77"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:northern.tech:cfengine:*:*:*:*:enterprise:*:*:*","versionEndExcluding":"3.21.8","matchCriteriaId":"A4488D9B-4904-4337-988D-47F0507231F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:northern.tech:cfengine:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"3.24.0","versionEndExcluding":"3.24.3","matchCriteriaId":"55A89CE8-9A3E-4E8C-B738-870F6DF4848B"},{"vulnerable":true,"criteria":"cpe:2.3:a:northern.tech:cfengine:3.26.0:*:*:*:enterprise:*:*:*","matchCriteriaId":"F57CD19F-8227-4A79-B7DF-3C8D827324BB"}]}]}],"references":[{"url":"https://cfengine.com/blog/2026/cve-2026-24710-and-cve-2026-24711-and-cve-2026-24712/","source":"cve@mitre.org","tags":["Mitigation","Vendor Advisory"]},{"url":"https://northern.tech","source":"cve@mitre.org","tags":["Product"]}]}},{"cve":{"id":"CVE-2026-46469","sourceIdentifier":"cve@mitre.org","published":"2026-05-14T18:16:50.653","lastModified":"2026-05-19T15:15:50.360","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemux_parse_trak function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":4.0,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.5,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"cve@mitre.org","type":"Primary","description":[{"lang":"en","value":"CWE-369"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:freedesktop:gst-plugins-good:*:*:*:*:*:gstreamer:*:*","versionEndExcluding":"1.28.2","matchCriteriaId":"05871681-905F-4145-A3FC-EABC633C66D0"}]}]}],"references":[{"url":"https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11243.patch","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://gstreamer.freedesktop.org/security/sa-2026-0018.html","source":"cve@mitre.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46470","sourceIdentifier":"cve@mitre.org","published":"2026-05-14T18:16:50.790","lastModified":"2026-05-19T16:34:36.630","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemux_audio_caps function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":4.0,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.5,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}]},"weaknesses":[{"source":"cve@mitre.org","type":"Primary","description":[{"lang":"en","value":"CWE-369"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:freedesktop:gst-plugins-good:*:*:*:*:*:*:*:*","versionEndExcluding":"1.28.2","matchCriteriaId":"2F50A677-26FD-4F35-96C1-C76754E2280C"}]}]}],"references":[{"url":"https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11243.patch","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://gstreamer.freedesktop.org/security/sa-2026-0018.html","source":"cve@mitre.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8510","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-14T20:17:11.577","lastModified":"2026-05-19T17:29:43.927","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Integer overflow in Skia in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-472"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.168","matchCriteriaId":"86EDE1E0-DF74-4867-802F-A9C2112DD560"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory","Release Notes"]},{"url":"https://issues.chromium.org/issues/502636904","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-8513","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-14T20:17:11.957","lastModified":"2026-05-19T17:24:45.003","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in Input in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":6.0}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.168","matchCriteriaId":"86EDE1E0-DF74-4867-802F-A9C2112DD560"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html","source":"chrome-cve-admin@google.com","tags":["Product","Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/495939973","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-8517","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-14T20:17:12.453","lastModified":"2026-05-19T17:24:04.100","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Object lifecycle issue in WebShare in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-664"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.168","matchCriteriaId":"86EDE1E0-DF74-4867-802F-A9C2112DD560"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html","source":"chrome-cve-admin@google.com","tags":["Product","Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/497531263","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-8519","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-14T20:17:12.663","lastModified":"2026-05-19T17:23:48.907","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-472"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.168","matchCriteriaId":"86EDE1E0-DF74-4867-802F-A9C2112DD560"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html","source":"chrome-cve-admin@google.com","tags":["Product","Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/498400132","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-8522","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-14T20:17:12.973","lastModified":"2026-05-19T17:23:29.660","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.168","matchCriteriaId":"86EDE1E0-DF74-4867-802F-A9C2112DD560"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html","source":"chrome-cve-admin@google.com","tags":["Product","Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/504185107","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-8525","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-14T20:17:13.290","lastModified":"2026-05-19T17:22:59.177","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":6.0}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.168","matchCriteriaId":"86EDE1E0-DF74-4867-802F-A9C2112DD560"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html","source":"chrome-cve-admin@google.com","tags":["Product","Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/497928952","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-8530","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-14T20:17:13.827","lastModified":"2026-05-19T16:27:19.920","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in Network in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":6.0}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.168","matchCriteriaId":"86EDE1E0-DF74-4867-802F-A9C2112DD560"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html","source":"chrome-cve-admin@google.com","tags":["Product","Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/491930142","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-8531","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-14T20:17:13.930","lastModified":"2026-05-19T16:27:03.773","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Heap buffer overflow in WebML in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.168","matchCriteriaId":"86EDE1E0-DF74-4867-802F-A9C2112DD560"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html","source":"chrome-cve-admin@google.com","tags":["Product","Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/492350403","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-8534","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-14T20:17:14.240","lastModified":"2026-05-19T16:26:51.627","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Integer overflow in GPU in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":6.0}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-472"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.168","matchCriteriaId":"86EDE1E0-DF74-4867-802F-A9C2112DD560"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*","matchCriteriaId":"D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html","source":"chrome-cve-admin@google.com","tags":["Product","Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/495314407","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-8535","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-14T20:17:14.350","lastModified":"2026-05-19T16:26:36.703","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Out of bounds read in Media in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted JPEG file. (Chromium security severity: High)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":3.6}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.168","matchCriteriaId":"86EDE1E0-DF74-4867-802F-A9C2112DD560"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*","matchCriteriaId":"D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html","source":"chrome-cve-admin@google.com","tags":["Product","Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/495530312","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-8536","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-14T20:17:14.457","lastModified":"2026-05-19T16:26:23.510","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Insufficient validation of untrusted input in ReadingMode in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to bypass site Isolation via a crafted HTML page. (Chromium security severity: High)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.168","matchCriteriaId":"86EDE1E0-DF74-4867-802F-A9C2112DD560"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html","source":"chrome-cve-admin@google.com","tags":["Product","Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/495857582","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-8539","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-14T20:17:14.760","lastModified":"2026-05-19T16:18:32.123","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Script injection in SanitizerAPI in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.168","matchCriteriaId":"86EDE1E0-DF74-4867-802F-A9C2112DD560"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html","source":"chrome-cve-admin@google.com","tags":["Product","Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/496524586","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-8541","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-14T20:17:14.970","lastModified":"2026-05-19T14:47:47.433","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Out of bounds read in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":3.6}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.168","matchCriteriaId":"86EDE1E0-DF74-4867-802F-A9C2112DD560"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html","source":"chrome-cve-admin@google.com","tags":["Product","Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/496645393","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-8542","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-14T20:17:15.070","lastModified":"2026-05-19T16:32:50.613","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in Core in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":6.0}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.168","matchCriteriaId":"86EDE1E0-DF74-4867-802F-A9C2112DD560"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html","source":"chrome-cve-admin@google.com","tags":["Product","Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/497066659","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-8543","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-14T20:17:15.173","lastModified":"2026-05-19T16:33:09.130","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Out of bounds read in FileSystem in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":3.6}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.168","matchCriteriaId":"86EDE1E0-DF74-4867-802F-A9C2112DD560"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html","source":"chrome-cve-admin@google.com","tags":["Product","Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/497095799","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-8544","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-14T20:17:15.270","lastModified":"2026-05-19T14:53:57.780","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.168","matchCriteriaId":"86EDE1E0-DF74-4867-802F-A9C2112DD560"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html","source":"chrome-cve-admin@google.com","tags":["Product","Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/497151750","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-8545","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-14T20:17:15.377","lastModified":"2026-05-19T14:53:42.253","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Object corruption in Compositing in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-119"},{"lang":"en","value":"CWE-284"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.168","matchCriteriaId":"86EDE1E0-DF74-4867-802F-A9C2112DD560"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html","source":"chrome-cve-admin@google.com","tags":["Product","Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/497486030","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-8546","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-14T20:17:15.500","lastModified":"2026-05-19T16:33:18.803","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Out of bounds read in GPU in Google Chrome on Mac and Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":3.6}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.168","matchCriteriaId":"86EDE1E0-DF74-4867-802F-A9C2112DD560"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html","source":"chrome-cve-admin@google.com","tags":["Product","Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/497531791","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-8547","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-14T20:17:15.607","lastModified":"2026-05-19T16:33:29.400","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Insufficient policy enforcement in Passwords in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: High)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.168","matchCriteriaId":"86EDE1E0-DF74-4867-802F-A9C2112DD560"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html","source":"chrome-cve-admin@google.com","tags":["Product","Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/497632199","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-8548","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-14T20:17:15.700","lastModified":"2026-05-19T17:02:58.467","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Out of bounds write in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":6.0}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.168","matchCriteriaId":"86EDE1E0-DF74-4867-802F-A9C2112DD560"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html","source":"chrome-cve-admin@google.com","tags":["Product","Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/497821764","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-8549","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-14T20:17:15.807","lastModified":"2026-05-19T16:58:07.313","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.168","matchCriteriaId":"86EDE1E0-DF74-4867-802F-A9C2112DD560"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html","source":"chrome-cve-admin@google.com","tags":["Product","Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/497985088","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-8550","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-14T20:17:15.917","lastModified":"2026-05-19T16:51:10.847","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in Google Lens in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.168","matchCriteriaId":"86EDE1E0-DF74-4867-802F-A9C2112DD560"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html","source":"chrome-cve-admin@google.com","tags":["Product","Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/498322453","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-8552","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-14T20:17:16.300","lastModified":"2026-05-19T14:27:34.767","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Heap buffer overflow in GPU in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.168","matchCriteriaId":"86EDE1E0-DF74-4867-802F-A9C2112DD560"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html","source":"chrome-cve-admin@google.com","tags":["Product","Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/498706958","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-8554","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-14T20:17:16.817","lastModified":"2026-05-19T14:27:22.310","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Type Confusion in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-843"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.168","matchCriteriaId":"86EDE1E0-DF74-4867-802F-A9C2112DD560"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html","source":"chrome-cve-admin@google.com","tags":["Product","Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/499131214","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-8555","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-14T20:17:17.000","lastModified":"2026-05-19T14:26:38.400","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in GTK in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.168","matchCriteriaId":"86EDE1E0-DF74-4867-802F-A9C2112DD560"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html","source":"chrome-cve-admin@google.com","tags":["Product","Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/500033878","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-8556","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-14T20:17:17.250","lastModified":"2026-05-19T14:26:47.593","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Inappropriate implementation in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-119"},{"lang":"en","value":"CWE-284"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.168","matchCriteriaId":"86EDE1E0-DF74-4867-802F-A9C2112DD560"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html","source":"chrome-cve-admin@google.com","tags":["Product","Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/500052361","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-8559","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-14T20:17:17.977","lastModified":"2026-05-19T14:26:54.783","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Integer overflow in Internationalization in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-472"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.168","matchCriteriaId":"86EDE1E0-DF74-4867-802F-A9C2112DD560"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html","source":"chrome-cve-admin@google.com","tags":["Product","Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/504629701","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-8560","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-14T20:17:18.083","lastModified":"2026-05-19T14:27:07.213","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Heap buffer overflow in SwiftShader in Google Chrome on Mac and iOS prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.168","matchCriteriaId":"86EDE1E0-DF74-4867-802F-A9C2112DD560"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*","matchCriteriaId":"B5415705-33E5-46D5-8E4D-9EBADC8C5705"},{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html","source":"chrome-cve-admin@google.com","tags":["Product","Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/328109821","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-8566","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-14T20:17:18.787","lastModified":"2026-05-19T17:29:18.540","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Insufficient policy enforcement in Payments in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.168","matchCriteriaId":"86EDE1E0-DF74-4867-802F-A9C2112DD560"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory","Release Notes"]},{"url":"https://issues.chromium.org/issues/470646792","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-8567","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-14T20:17:18.900","lastModified":"2026-05-19T19:28:06.320","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Medium)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-472"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.168","matchCriteriaId":"86EDE1E0-DF74-4867-802F-A9C2112DD560"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory","Release Notes"]},{"url":"https://issues.chromium.org/issues/484986863","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-8568","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-14T20:17:19.017","lastModified":"2026-05-19T15:18:10.043","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Insufficient policy enforcement in AI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to bypass Site Isolation via a crafted HTML page. (Chromium security severity: Medium)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-693"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.168","matchCriteriaId":"86EDE1E0-DF74-4867-802F-A9C2112DD560"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/488728570","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-8570","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-14T20:17:19.260","lastModified":"2026-05-19T15:18:15.843","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-843"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.168","matchCriteriaId":"86EDE1E0-DF74-4867-802F-A9C2112DD560"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/490353576","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-8571","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-14T20:17:19.383","lastModified":"2026-05-19T17:28:44.130","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Insufficient policy enforcement in GPU in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":6.0}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-693"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.168","matchCriteriaId":"86EDE1E0-DF74-4867-802F-A9C2112DD560"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory","Release Notes"]},{"url":"https://issues.chromium.org/issues/491422244","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-8572","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-14T20:17:19.493","lastModified":"2026-05-19T17:28:24.710","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Insufficient policy enforcement in Network in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-693"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.168","matchCriteriaId":"86EDE1E0-DF74-4867-802F-A9C2112DD560"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory","Release Notes"]},{"url":"https://issues.chromium.org/issues/495405493","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-8573","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-14T20:17:19.610","lastModified":"2026-05-19T19:27:47.613","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Integer overflow in Codecs in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: Medium)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":6.0}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-472"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.168","matchCriteriaId":"86EDE1E0-DF74-4867-802F-A9C2112DD560"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory","Release Notes"]},{"url":"https://issues.chromium.org/issues/495417883","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-8574","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-14T20:17:19.727","lastModified":"2026-05-19T19:27:28.607","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in Core in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":6.0}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.168","matchCriteriaId":"86EDE1E0-DF74-4867-802F-A9C2112DD560"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory","Release Notes"]},{"url":"https://issues.chromium.org/issues/495902113","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-8575","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-14T20:17:19.863","lastModified":"2026-05-19T15:18:23.140","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":6.0}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.168","matchCriteriaId":"86EDE1E0-DF74-4867-802F-A9C2112DD560"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/496217775","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-8577","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-14T20:17:20.063","lastModified":"2026-05-19T15:18:29.910","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Integer overflow in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-472"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.168","matchCriteriaId":"86EDE1E0-DF74-4867-802F-A9C2112DD560"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/496302307","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-8579","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-14T20:17:20.267","lastModified":"2026-05-19T15:18:36.107","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Insufficient validation of untrusted input in Skia in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted print file. (Chromium security severity: Medium)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.168","matchCriteriaId":"86EDE1E0-DF74-4867-802F-A9C2112DD560"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/496526419","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-8580","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-14T20:17:20.367","lastModified":"2026-05-19T15:18:41.387","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":6.0}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.168","matchCriteriaId":"86EDE1E0-DF74-4867-802F-A9C2112DD560"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/496639647","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-8582","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-14T20:17:20.600","lastModified":"2026-05-19T14:30:23.883","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Object lifecycle issue in Dawn in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":3.6}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-664"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.168","matchCriteriaId":"86EDE1E0-DF74-4867-802F-A9C2112DD560"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/497594413","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-8583","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-14T20:17:20.703","lastModified":"2026-05-19T17:27:54.047","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Insufficient policy enforcement in WebXR in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":3.6}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-693"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.168","matchCriteriaId":"86EDE1E0-DF74-4867-802F-A9C2112DD560"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory","Release Notes"]},{"url":"https://issues.chromium.org/issues/497975477","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-8584","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-14T20:17:20.797","lastModified":"2026-05-19T16:29:11.903","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Inappropriate implementation in Views in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":2.5}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-451"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:148.0.7778.168:*:*:*:*:*:*:*","matchCriteriaId":"840FCBEB-83E5-4538-B8CE-231DD7582168"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*","matchCriteriaId":"B5415705-33E5-46D5-8E4D-9EBADC8C5705"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/498892595","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-8585","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-14T20:17:20.900","lastModified":"2026-05-19T16:30:24.910","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Inappropriate implementation in Media in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-693"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.168","matchCriteriaId":"86EDE1E0-DF74-4867-802F-A9C2112DD560"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*","matchCriteriaId":"B5415705-33E5-46D5-8E4D-9EBADC8C5705"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/499052720","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-7373","sourceIdentifier":"cve@rapid7.com","published":"2026-05-15T03:16:23.270","lastModified":"2026-05-19T23:16:58.587","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Rapid7 Metasploit Pro is vulnerable to a local privilege escalation attack that allows a user to gain SYSTEM level control of a Windows host. When started the metasploitPostgreSQL service would start the postgres.exe child process which would in turn load an OpenSSL configuration file from a static location. This static location would be writable by a pre-existing \"vagrant\" user, if they already existed on the system. Metasploit does not create local accounts, an Administrator would need to create it. By planting a crafted openssl.cnf file an attacker can trick the high-privilege service into executing arbitrary commands. This effectively permits the unprivileged vagrant user to bypass security controls and achieve a full host compromise under the agent's SYSTEM level access."}],"metrics":{"cvssMetricV40":[{"source":"cve@rapid7.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"cve@rapid7.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"},{"lang":"en","value":"CWE-427"},{"lang":"en","value":"CWE-829"}]}],"references":[{"url":"https://docs.rapid7.com/insight/release-notes-5.0.0-2026051301/#:~:text=Pro%3A%20We%20fixed,vulnerability%20to%20Rapid7.","source":"cve@rapid7.com"}]}},{"cve":{"id":"CVE-2026-44088","sourceIdentifier":"cvd@cert.pl","published":"2026-05-15T09:16:16.307","lastModified":"2026-05-19T15:17:37.183","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SzafirHost verifies the signature of the downloaded JAR file using class JarInputStream (reading from the beginning of the file), but loads classes using class JarFile/URLClassLoader (reading the Central Directory from the end). It can lead to remote code execution by allowing an attacker to combine a genuine, signed JAR file with a malicious ZIP file, causing the verification to pass but the malicious class to be loaded.\n\n\nThis issue was fixed in version 1.2.1."}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Primary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://cert.pl/posts/2026/05/CVE-2026-44088","source":"cvd@cert.pl"},{"url":"https://www.elektronicznypodpis.pl/","source":"cvd@cert.pl"}]}},{"cve":{"id":"CVE-2026-41552","sourceIdentifier":"cvd@cert.pl","published":"2026-05-15T13:16:18.990","lastModified":"2026-05-19T16:49:51.997","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Path Traversal due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include\n local files from the server and display them in the generated PDF.  \n\nThis issue was fixed in PDF Export Module version 0.7.6."}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dhtmlx:pdf_export_module:*:*:*:*:*:*:*:*","versionStartIncluding":"0.3.3","versionEndExcluding":"0.7.6","matchCriteriaId":"7AB18C01-5B0B-4BBB-95F5-01637BE81188"}]}]}],"references":[{"url":"https://cert.pl/en/posts/2026/05/CVE-2026-7182","source":"cvd@cert.pl","tags":["Third Party Advisory"]},{"url":"https://docs.dhtmlx.com/gantt/guides/pdf-export-module-whatsnew/#076:~:text=Fixed%20Remote%20Code%20Execution%20and%20File%20Read%20vulnerabilities","source":"cvd@cert.pl","tags":["Release Notes"]}]}},{"cve":{"id":"CVE-2026-45736","sourceIdentifier":"security-advisories@github.com","published":"2026-05-15T15:16:54.103","lastModified":"2026-05-19T14:39:20.353","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close() implementation is vulnerable to uninitialized memory disclosure when a TypedArray is passed as the reason argument. This vulnerability is fixed in 8.20.1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.7,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-908"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ws_project:ws:*:*:*:*:*:node.js:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.20.1","matchCriteriaId":"110AA5C6-9CD2-4431-BB18-B048FEBD7141"}]}]}],"references":[{"url":"https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/websockets/ws/security/advisories/GHSA-58qx-3vcg-4xpx","source":"security-advisories@github.com","tags":["Exploit","Patch","Vendor Advisory"]},{"url":"https://github.com/websockets/ws/security/advisories/GHSA-58qx-3vcg-4xpx","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-45772","sourceIdentifier":"security-advisories@github.com","published":"2026-05-15T16:16:14.987","lastModified":"2026-05-19T14:41:16.480","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Turborepo is a high-performance build system for JavaScript and TypeScript codebases. From 1.1.0 to before 2.9.14, Turborepo can be vulnerable to arbitrary code execution when run in untrusted repositories that contain malicious Yarn configuration. In affected versions, package manager detection executed yarn --version from the project directory, which could cause Yarn to load and execute a project-controlled yarnPath from .yarnrc.yml. An attacker who controls repository contents could cause code execution when a user or CI system runs affected turbo, @turbo/codemod, or @turbo/workspace conversion commands. This vulnerability is fixed in 2.9.14."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":0.0,"baseSeverity":"NONE","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-426"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vercel:turborepo:*:*:*:*:*:node.js:*:*","versionStartIncluding":"1.1.0","versionEndExcluding":"2.9.14","matchCriteriaId":"DF294351-4488-43A9-B86D-5A5A1F922A2B"}]}]}],"references":[{"url":"https://github.com/vercel/turborepo/security/advisories/GHSA-3qcw-2rhx-2726","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-45773","sourceIdentifier":"security-advisories@github.com","published":"2026-05-15T16:16:15.137","lastModified":"2026-05-19T14:41:42.990","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14, Turborepo's self-hosted login and SSO browser flows did not validate a CSRF state value on the localhost callback. While the CLI was waiting for authentication, a malicious web page could send a request to the local callback server with an attacker-controlled token. If accepted before the legitimate callback, the CLI could complete login with the wrong credentials. This affects users authenticating the turbo CLI against self-hosted remote cache/auth endpoints. Vercel-hosted login flows using device authorization are not affected. This vulnerability is fixed in 2.9.14."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-352"},{"lang":"en","value":"CWE-384"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vercel:turborepo:*:*:*:*:*:node.js:*:*","versionEndExcluding":"2.9.14","matchCriteriaId":"CE675260-6237-4F25-9D46-0CE006AC0DC2"}]}]}],"references":[{"url":"https://github.com/vercel/turborepo/security/advisories/GHSA-hcf7-66rw-9f5r","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46508","sourceIdentifier":"security-advisories@github.com","published":"2026-05-15T16:16:15.420","lastModified":"2026-05-19T15:12:37.957","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14000, the Turborepo LSP VS Code extension could execute shell commands derived from workspace-controlled values. The extension used string-based command execution for Turborepo daemon commands and task runs. A malicious workspace could provide crafted values through workspace settings or task names in the repository's source code that were interpolated into shell commands. When the extension activated or when a user ran a task through the extension, those values could be interpreted by the user's shell, allowing arbitrary command execution with the privileges of the local VS Code process. This vulnerability is fixed in 2.9.14000."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-77"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vercel:turborepo_language_server_protocol:*:*:*:*:*:visual_studio_code:*:*","versionEndExcluding":"2.9.14000","matchCriteriaId":"0279D005-0FF5-4A32-8546-974CAA5C7328"}]}]}],"references":[{"url":"https://github.com/vercel/turborepo/security/advisories/GHSA-5xc8-49mv-x4mm","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-45035","sourceIdentifier":"security-advisories@github.com","published":"2026-05-15T17:16:48.350","lastModified":"2026-05-19T19:41:53.460","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, Tabby registers itself as the handler for the tabby:// URL scheme on all platforms. The URL scheme handler supports a run command that directly executes OS commands with no user confirmation, sanitization, or sandboxing. An attacker can craft a malicious link (tabby://run?command=...) and deliver it via a website, email, chat message, or any other medium. When a victim clicks the link, the OS launches Tabby which immediately spawns the specified command as a child process with the user's full privileges. This is a zero-click-after-link-visit RCE vulnerability. This vulnerability is fixed in 1.0.233."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.4,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tabby:tabby:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.233","matchCriteriaId":"E98FEEBA-7742-4164-960E-EAE0E1004A75"}]}]}],"references":[{"url":"https://github.com/Eugeny/tabby/security/advisories/GHSA-hf8h-rjrf-3jg6","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/Eugeny/tabby/security/advisories/GHSA-hf8h-rjrf-3jg6","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-45037","sourceIdentifier":"security-advisories@github.com","published":"2026-05-15T17:16:48.623","lastModified":"2026-05-19T19:27:58.080","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.232, Tabby's terminal linkifier passes any detected URI directly to the operating system's protocol handler without validating the protocol scheme. This allows a malicious SSH or Telnet server to send crafted terminal output containing dangerous protocol URIs which Tabby renders as clickable links, triggering arbitrary OS protocol handlers on the victim's machine. This vulnerability is fixed in 1.0.232."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-184"},{"lang":"en","value":"CWE-601"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tabby:tabby:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.232","matchCriteriaId":"8E01F60F-44F5-4C19-9960-8349CEA0E1E5"}]}]}],"references":[{"url":"https://github.com/Eugeny/tabby/security/advisories/GHSA-cmpc-v2x9-j9x9","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory","Patch"]}]}},{"cve":{"id":"CVE-2026-8686","sourceIdentifier":"ff89ba41-3aa1-4d27-914a-91399e9639e5","published":"2026-05-15T19:17:05.057","lastModified":"2026-05-19T14:01:40.523","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Missing bounds validation in the MQTT v5.0 property parser in coreMQTT before 5.0.1 allows an MQTT broker to cause a denial of service by sending a crafted packet.\n\n\n\nTo remediate this issue, users should upgrade to v5.0.1."}],"metrics":{"cvssMetricV40":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}]},"weaknesses":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:freertos:coremqtt:5.0.0:*:*:*:*:*:*:*","matchCriteriaId":"63C8F015-FA45-4BAB-808F-E944652E462C"}]}]}],"references":[{"url":"https://aws.amazon.com/security/security-bulletins/2026-032-aws/","source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","tags":["Vendor Advisory"]},{"url":"https://github.com/FreeRTOS/coreMQTT/releases/tag/v5.0.1","source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","tags":["Release Notes"]},{"url":"https://github.com/FreeRTOS/coreMQTT/security/advisories/GHSA-6qh9-r6jp-2wxc","source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44553","sourceIdentifier":"security-advisories@github.com","published":"2026-05-15T20:16:46.707","lastModified":"2026-05-19T14:16:44.363","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, administrative role changes and user deletions do not iterate SESSION_POOL to disconnect affected sessions. As a result, a user whose admin role has been revoked retains admin privileges within their existing Socket.IO session for as long as they keep the connection alive (via automatic heartbeats). The gap is exclusive to the Socket.IO session cache. This vulnerability is fixed in 0.9.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-613"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*","versionEndExcluding":"0.9.0","matchCriteriaId":"0FB90EC3-1665-446E-AA35-4AEC207A2F3B"}]}]}],"references":[{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-45m8-cpm2-3v65","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44558","sourceIdentifier":"security-advisories@github.com","published":"2026-05-15T20:16:47.350","lastModified":"2026-05-19T14:16:44.630","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the channel router does not call filter_allowed_access_grants on either create or update paths. A non-admin user who can create group channels (or who owns a channel) can submit arbitrary access grants — including public wildcard grants — and those grants are stored verbatim, bypassing the admin's permission framework. This vulnerability is fixed in 0.9.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*","versionEndExcluding":"0.9.0","matchCriteriaId":"0FB90EC3-1665-446E-AA35-4AEC207A2F3B"}]}]}],"references":[{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-7rjh-px4v-5w55","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-7rjh-px4v-5w55","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-45349","sourceIdentifier":"security-advisories@github.com","published":"2026-05-15T20:16:48.823","lastModified":"2026-05-19T14:16:45.840","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a user just needs to use the API endpoint: /api/chat/completions with their own API key (generated in OWUI) and the Chat ID of another user to continue the conversation of the other user. This vulnerability is fixed in 0.9.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*","versionEndExcluding":"0.9.0","matchCriteriaId":"0FB90EC3-1665-446E-AA35-4AEC207A2F3B"}]}]}],"references":[{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-gfm2-xm6c-37qc","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-gfm2-xm6c-37qc","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-45675","sourceIdentifier":"security-advisories@github.com","published":"2026-05-15T20:16:49.220","lastModified":"2026-05-19T14:16:46.820","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, he LDAP and OAuth authentication flows use a TOCTOU (Time-of-Check-Time-of-Use) pattern for first-user admin role assignment. The regular signup handler (signup_handler in auths.py, line 663) was explicitly patched to prevent this race with the comment \"Insert with default role first to avoid TOCTOU race\", but the LDAP and OAuth code paths were never updated with the same fix. This vulnerability is fixed in 0.9.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-269"},{"lang":"en","value":"CWE-362"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*","versionEndExcluding":"0.9.0","matchCriteriaId":"0FB90EC3-1665-446E-AA35-4AEC207A2F3B"}]}]}],"references":[{"url":"https://github.com/open-webui/open-webui/commit/96a0b3239b1aadb23fc359bf10849c9ba12fd6ec","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/open-webui/open-webui/pull/23626","source":"security-advisories@github.com","tags":["Issue Tracking"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-h3ww-q6xx-w7x3","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44721","sourceIdentifier":"security-advisories@github.com","published":"2026-05-15T21:16:36.370","lastModified":"2026-05-19T14:16:45.347","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a stored cross-site scripting (XSS) vulnerability that allows any authenticated user with model creation permission (workspace.models) to execute arbitrary JavaScript in the browser of any other user (including admins) who views the malicious model in the chat UI. This vulnerability is fixed in 0.9.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*","versionEndExcluding":"0.9.0","matchCriteriaId":"0FB90EC3-1665-446E-AA35-4AEC207A2F3B"}]}]}],"references":[{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-gf5m-wcrh-7928","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-gf5m-wcrh-7928","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-45386","sourceIdentifier":"security-advisories@github.com","published":"2026-05-15T21:16:37.043","lastModified":"2026-05-19T14:16:46.417","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, Pin/Unpin is a write operation (modifies the message's is_pinned , pinned_by, pinned_at fields), but in standard channels it only checks read permission, allowing users with read-only access to pin/unpin any message. This vulnerability is fixed in 0.9.5."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*","versionEndExcluding":"0.9.5","matchCriteriaId":"19F64B41-71DA-4E31-A040-1C351A537567"}]}]}],"references":[{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-5gc6-xhv4-2wg6","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-5gc6-xhv4-2wg6","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-45672","sourceIdentifier":"security-advisories@github.com","published":"2026-05-15T21:16:38.510","lastModified":"2026-05-19T16:39:01.077","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.12, the /api/v1/utils/code/execute endpoint executes arbitrary Python code via Jupyter for any verified user, even when the admin has set ENABLE_CODE_EXECUTION=false. The feature gate is not enforced on the API endpoint — the configuration says \"disabled\" but code still executes. This vulnerability is fixed in 0.8.12."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*","versionEndExcluding":"0.8.12","matchCriteriaId":"8670A01F-78D4-4183-AD4D-FF9D75991248"}]}]}],"references":[{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-482j-2pq6-q5w4","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-482j-2pq6-q5w4","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8696","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-15T21:16:39.360","lastModified":"2026-05-19T14:16:49.757","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_pids_list() function within the GDB client core that allows remote attackers to cause a denial of service or potentially execute arbitrary code by sending malformed thread information responses. Attackers can trigger the vulnerability by causing qsThreadInfo to fail after qfThreadInfo successfully allocates RDebugPid structures, resulting in double-free memory corruption when the error path attempts to clean up the list."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:*","versionEndIncluding":"6.1.4","matchCriteriaId":"A0892CC4-EF51-4204-A759-3C6328FEBDFF"}]}]}],"references":[{"url":"https://github.com/radareorg/radare2/commit/c213ad6894a1eb9086ac8bf5fae35757e9e1683c","source":"disclosure@vulncheck.com","tags":["Patch"]},{"url":"https://github.com/radareorg/radare2/issues/25836","source":"disclosure@vulncheck.com","tags":["Exploit","Issue Tracking"]},{"url":"https://www.vulncheck.com/advisories/radare2-use-after-free-via-gdbr-pids-list","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://github.com/radareorg/radare2/issues/25836","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Issue Tracking"]}]}},{"cve":{"id":"CVE-2026-44549","sourceIdentifier":"security-advisories@github.com","published":"2026-05-15T22:16:52.490","lastModified":"2026-05-19T16:38:53.350","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, Excel file attachments are previewed in an unsafe way. A crafted XLSX file payload can be used to cause the sheetjs function sheet_to_html to embed an XSS payload into the generated HTML. This is subsequently added to the DOM unsanitized via @html causing the payload to trigger. This vulnerability is fixed in 0.8.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":5.8}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*","versionEndExcluding":"0.8.0","matchCriteriaId":"D1CB836C-E6D5-4BFB-845D-004EC3CEAA31"}]}]}],"references":[{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-jwf8-pv5p-vhmc","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-jwf8-pv5p-vhmc","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44565","sourceIdentifier":"security-advisories@github.com","published":"2026-05-15T22:16:52.780","lastModified":"2026-05-19T16:38:33.030","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.10, when uploading an audio file, the name of the file is derived from the original HTTP upload request and is not validated or sanitized. This allows for users to upload files with names containing dot-segments in the file path and traverse out of the intended uploads directory. Effectively, users can upload files anywhere on the filesystem the user running the web server has permission. This vulnerability is fixed in 0.6.10."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*","versionEndExcluding":"0.6.10","matchCriteriaId":"6F9FE07D-BB9A-4A4B-9F37-B09B61913965"}]}]}],"references":[{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-j3fw-wc48-29g3","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-j3fw-wc48-29g3","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44566","sourceIdentifier":"security-advisories@github.com","published":"2026-05-15T22:16:52.920","lastModified":"2026-05-19T20:12:16.540","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.1.124, when attaching files to a promp, the name of the file is derived from the original HTTP upload request and is not validated or sanitized. This allows for users to upload files with names containing dot-segments in the file path and traverse out of the intended uploads directory. Effectively, users can upload files anywhere on the filesystem the user running the web server has permission. This vulnerability is fixed in 0.1.124."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-434"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*","versionEndExcluding":"0.1.124","matchCriteriaId":"CA2AF09D-ABFB-4C43-9B6F-87AA292B548D"}]}]}],"references":[{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-9pgh-j74g-qj6m","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-9pgh-j74g-qj6m","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44567","sourceIdentifier":"security-advisories@github.com","published":"2026-05-15T22:16:53.050","lastModified":"2026-05-19T16:38:15.117","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.1.124, the API does not properly validate that the user has an authorized user role of user. By default, when Open WebUI is configured with new sign-ups enabled, the default user role is set to pending. In this configuration, an administrator is required to go into the Admin management panel following a new user registration and reconfigure the user to have a role of either user or admin before that user is able to access the web application. This vulnerability is fixed in 0.1.124."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-602"},{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*","versionEndExcluding":"0.1.124","matchCriteriaId":"CA2AF09D-ABFB-4C43-9B6F-87AA292B548D"}]}]}],"references":[{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-4vg5-rp28-gvjf","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory","Mitigation"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-4vg5-rp28-gvjf","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory","Mitigation"]}]}},{"cve":{"id":"CVE-2026-44569","sourceIdentifier":"security-advisories@github.com","published":"2026-05-15T22:16:53.187","lastModified":"2026-05-19T16:38:23.317","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.19, there's an IDOR in the channels message management system that allows authenticated users to modify or delete any message within channels they have read access to. The vulnerability exists in the message update and delete endpoints, which implement channel-level authorization but completely lack message ownership validation. While the frontend correctly implements ownership checks (showing edit/delete buttons only for message owners or admins), the backend APIs bypass these protections by only validating channel access permissions without verifying that the requesting user owns the target message. This creates a client-side security control bypass where attackers can directly call the APIs to modify other users' messages. This vulnerability is fixed in 0.6.19."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":4.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*","versionEndExcluding":"0.6.19","matchCriteriaId":"CB111701-6A70-43BB-AC17-F93510A630BC"}]}]}],"references":[{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-jxwr-g6r6-j3fx","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-jxwr-g6r6-j3fx","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-45303","sourceIdentifier":"security-advisories@github.com","published":"2026-05-15T22:16:53.977","lastModified":"2026-05-19T14:16:45.687","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.5, through the HTML rendering view, scripts can be injected and executed. The frontend provides a function to visualize the HTML content of a current chat. The content is embedded in an iFrame with the allow-scripts allow-forms allow-same-origin sandbox directive. This means that the content is placed in a sandbox but with permission to execute scripts and access the parent’s data (e.g., local storage). As a result, only a few functions are restricted (e.g., displaying an alert box), but in effect, the sandbox attribute is largely nullified. This vulnerability is fixed in 0.6.5."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.3,"impactScore":5.8}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*","versionEndExcluding":"0.6.5","matchCriteriaId":"484A1225-C648-4D16-AF73-49D6858AE35F"}]}]}],"references":[{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-4vrc-m9ch-6m3r","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-4vrc-m9ch-6m3r","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-45315","sourceIdentifier":"security-advisories@github.com","published":"2026-05-15T22:16:54.250","lastModified":"2026-05-19T18:16:21.950","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the audio transcription upload endpoint takes the file extension from the user-supplied filename and saves the file under CACHE_DIR/audio/transcriptions/.. The /cache/{path} route serves these files via FileResponse, which sets Content-Type from the on-disk extension and emits no Content-Disposition. A verified user with the default-on chat.stt permission can upload a polyglot WAV+HTML file named pwn.html and trick any other user into opening the resulting URL — the response comes back as text/html and any embedded <script> runs in the Open WebUI origin. This vulnerability is fixed in 0.9.3."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":5.8}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-434"},{"lang":"en","value":"CWE-646"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*","versionEndExcluding":"0.9.3","matchCriteriaId":"289624DF-DC93-4E9F-9D2C-502D95BAF58A"}]}]}],"references":[{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-m8f9-9whg-f4xr","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-m8f9-9whg-f4xr","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-45365","sourceIdentifier":"security-advisories@github.com","published":"2026-05-15T22:16:55.590","lastModified":"2026-05-19T14:16:46.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, an internal-only bypass_filter parameter is exposed on the /openai/chat/completions and /ollama/api/chat HTTP endpoints via FastAPI query string binding, allowing any authenticated user to append ?bypass_filter=true and bypass model access control checks to invoke admin-restricted models. This vulnerability is fixed in 0.8.11."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-285"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*","versionEndExcluding":"0.8.11","matchCriteriaId":"5075875A-B6AB-4CC6-BA97-9C1D7E130C20"}]}]}],"references":[{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-v6qf-75pr-p96m","source":"security-advisories@github.com","tags":["Exploit","Patch","Vendor Advisory"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-v6qf-75pr-p96m","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8656","sourceIdentifier":"report@snyk.io","published":"2026-05-16T06:16:18.347","lastModified":"2026-05-19T15:38:48.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Cross-site Scripting (XSS) via the annotated formatter due to improper sanitization of JSON values and property names. If an application compares untrusted JSON/object data and renders annotated formatter output in the DOM, attacker-controlled HTML can be interpreted by the browser, resulting in XSS."}],"metrics":{"cvssMetricV40":[{"source":"report@snyk.io","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.0,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"report@snyk.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"report@snyk.io","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://gist.github.com/yuki-matsuhashi/72ed072d919f3c52adba298faa6a7da5","source":"report@snyk.io"},{"url":"https://github.com/benjamine/jsondiffpatch/commit/232338b34c4653148ca2f44e897a765b72c8c98f","source":"report@snyk.io"},{"url":"https://security.snyk.io/vuln/SNYK-JS-JSONDIFFPATCH-16635946","source":"report@snyk.io"},{"url":"https://gist.github.com/yuki-matsuhashi/72ed072d919f3c52adba298faa6a7da5","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-8657","sourceIdentifier":"report@snyk.io","published":"2026-05-16T06:16:18.727","lastModified":"2026-05-19T15:38:48.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Prototype Pollution via the jsondiffpatch.patch() and jsondiffpatch/formatters/jsonpatch.patch() APIs. An attacker can perform prototype pollution by supplying crafted delta or JSON Patch documents, as attacker-controlled property names and path segments are used to traverse and modify objects without restricting access to special properties like __proto__ or constructor.prototype, allowing modification of Object.prototype."}],"metrics":{"cvssMetricV40":[{"source":"report@snyk.io","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"report@snyk.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.2}]},"weaknesses":[{"source":"report@snyk.io","type":"Secondary","description":[{"lang":"en","value":"CWE-1321"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-1321"}]}],"references":[{"url":"https://gist.github.com/yuki-matsuhashi/e570fb1579ae1f3190059b622b0473fb","source":"report@snyk.io"},{"url":"https://github.com/benjamine/jsondiffpatch/blob/96112c35a98f9201dd75d67fcee68a952c79e2fe/packages/jsondiffpatch/src/filters/nested.ts%23L107-L115","source":"report@snyk.io"},{"url":"https://github.com/benjamine/jsondiffpatch/blob/96112c35a98f9201dd75d67fcee68a952c79e2fe/packages/jsondiffpatch/src/filters/nested.ts%23L82-L87","source":"report@snyk.io"},{"url":"https://github.com/benjamine/jsondiffpatch/blob/96112c35a98f9201dd75d67fcee68a952c79e2fe/packages/jsondiffpatch/src/formatters/jsonpatch-apply.ts%23L146-L168","source":"report@snyk.io"},{"url":"https://github.com/benjamine/jsondiffpatch/blob/96112c35a98f9201dd75d67fcee68a952c79e2fe/packages/jsondiffpatch/src/formatters/jsonpatch-apply.ts%23L171-L199","source":"report@snyk.io"},{"url":"https://github.com/benjamine/jsondiffpatch/commit/381c0125efab49f6f0dbc08317d01d55717672af","source":"report@snyk.io"},{"url":"https://security.snyk.io/vuln/SNYK-JS-JSONDIFFPATCH-16322990","source":"report@snyk.io"},{"url":"https://gist.github.com/yuki-matsuhashi/e570fb1579ae1f3190059b622b0473fb","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-46719","sourceIdentifier":"9b29abf9-4ab0-4765-b253-1875cd9b441e","published":"2026-05-16T14:16:37.507","lastModified":"2026-05-19T14:16:47.137","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric injections.\n\nThe metric names were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}]},"weaknesses":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","type":"Secondary","description":[{"lang":"en","value":"CWE-93"}]}],"references":[{"url":"https://github.com/robrwo/Net-Statsd-Lite/commit/e1a8ab866d75c2827982134e9cf7e51a7f771153.patch","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://metacpan.org/release/RRWO/Net-Statsd-Lite-v0.9.0/changes","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"http://www.openwall.com/lists/oss-security/2026/05/16/9","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-8724","sourceIdentifier":"cna@vuldb.com","published":"2026-05-17T02:16:45.127","lastModified":"2026-05-19T19:04:13.180","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A security flaw has been discovered in Dataease 2.10.20. Impacted is the function SqlparserUtils.transFilter of the file SqlparserUtils.java of the component Data Dashboard. The manipulation results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.0,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.2,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:M/C:P/I:P/A:P","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"MULTIPLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":6.4,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"},{"lang":"en","value":"CWE-89"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dataease:dataease:2.10.20:*:*:*:*:*:*:*","matchCriteriaId":"18D868D6-1009-4FC3-BD02-394B2353EB66"}]}]}],"references":[{"url":"https://github.com/xpp3901/CVE_APPLY/tree/main/V-D001_DataEase_SqlVariable_Injection","source":"cna@vuldb.com","tags":["Exploit","Mitigation","Third Party Advisory"]},{"url":"https://vuldb.com/submit/804256","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/364315","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/364315/cti","source":"cna@vuldb.com","tags":["Permissions Required","VDB Entry"]},{"url":"https://vuldb.com/submit/804256","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2026-8750","sourceIdentifier":"cna@vuldb.com","published":"2026-05-17T11:16:35.423","lastModified":"2026-05-19T18:22:34.980","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was identified in h2oai h2o-3 up to 7402. Affected by this issue is the function importFiles of the file h2o-core/src/main/java/water/persist/PersistNFS.java of the component ImportFile API. Such manipulation leads to information disclosure. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-284"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:h2o:h2o:*:*:*:*:*:*:*:*","versionEndIncluding":"7402","matchCriteriaId":"243F1AAC-368C-4C02-85BC-79B10C37992D"}]}]}],"references":[{"url":"https://vuldb.com/submit/810105","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/364377","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/364377/cti","source":"cna@vuldb.com","tags":["Permissions Required","VDB Entry"]},{"url":"https://vulnplus-note.wetolink.com/share/wWjmsfKHRJi3","source":"cna@vuldb.com","tags":["Broken Link"]}]}},{"cve":{"id":"CVE-2026-8751","sourceIdentifier":"cna@vuldb.com","published":"2026-05-17T12:16:42.533","lastModified":"2026-05-19T17:46:04.787","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A security flaw has been discovered in h2oai h2o-3 up to 7402. This affects the function importBinaryModel of the file h2o-core/src/main/java/hex/Model.java of the component JAR Handler. Performing a manipulation results in deserialization. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:h2o:h2o:*:*:*:*:*:*:*:*","versionEndIncluding":"7402","matchCriteriaId":"243F1AAC-368C-4C02-85BC-79B10C37992D"}]}]}],"references":[{"url":"https://vuldb.com/submit/810107","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/364378","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/364378/cti","source":"cna@vuldb.com","tags":["Permissions Required","VDB Entry"]},{"url":"https://vulnplus-note.wetolink.com/share/b5nsQg6EcsBS","source":"cna@vuldb.com","tags":["Broken Link"]}]}},{"cve":{"id":"CVE-2026-8752","sourceIdentifier":"cna@vuldb.com","published":"2026-05-17T12:16:43.330","lastModified":"2026-05-19T17:44:01.197","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A weakness has been identified in h2oai h2o-3 up to 7402. This vulnerability affects the function exec of the file h2o-core/src/main/java/water/rapids/ast/prims/misc/AstSetProperty.java of the component Rapids setproperty Primitive Handler. Executing a manipulation can lead to improper access controls. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-266"},{"lang":"en","value":"CWE-284"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:h2o:h2o:*:*:*:*:*:*:*:*","versionEndIncluding":"7402","matchCriteriaId":"243F1AAC-368C-4C02-85BC-79B10C37992D"}]}]}],"references":[{"url":"https://vuldb.com/submit/810108","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/364379","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/364379/cti","source":"cna@vuldb.com","tags":["Permissions Required","VDB Entry"]},{"url":"https://vulnplus-note.wetolink.com/share/pyVa0GWPuAZE","source":"cna@vuldb.com","tags":["Broken Link"]}]}},{"cve":{"id":"CVE-2026-8757","sourceIdentifier":"cna@vuldb.com","published":"2026-05-17T14:16:21.380","lastModified":"2026-05-19T21:26:53.437","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was found in adenhq hive up to 0.11.0. This affects the function _read_events_tail of the file core/framework/server/routes_sessions.py of the component Delete Request Handler. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adenhq:hive:*:*:*:*:*:*:*:*","versionEndIncluding":"0.11.0","matchCriteriaId":"2944D82B-B930-4FDD-9F39-B9BF019C0A8D"}]}]}],"references":[{"url":"https://gist.github.com/YLChen-007/ff3ff201b05d13d41f949f86e9187bd2","source":"cna@vuldb.com","tags":["Third Party Advisory"]},{"url":"https://vuldb.com/submit/811276","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/364384","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/364384/cti","source":"cna@vuldb.com","tags":["Permissions Required","VDB Entry"]}]}},{"cve":{"id":"CVE-2026-8765","sourceIdentifier":"cna@vuldb.com","published":"2026-05-17T23:17:02.480","lastModified":"2026-05-19T21:21:18.060","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was detected in Kilo-Org kilocode up to 7.0.47. This vulnerability affects the function Bun.file of the file packages/opencode/src/kilocode/review/worktree-diff.ts of the component File Diff API Endpoint. Performing a manipulation of the argument File results in path traversal. It is possible to initiate the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:kilo:kilo_code:*:*:*:*:*:visual_studio_code:*:*","versionStartIncluding":"7.0.0","versionEndIncluding":"7.0.47","matchCriteriaId":"C12E0A2F-FDF6-4CAE-82CB-6E26A756CF6A"}]}]}],"references":[{"url":"https://gist.github.com/YLChen-007/1770f4530b0c933dc61f15b02aa0629d","source":"cna@vuldb.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://vuldb.com/submit/811401","source":"cna@vuldb.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/364390","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/364390/cti","source":"cna@vuldb.com","tags":["Permissions Required","VDB Entry"]}]}},{"cve":{"id":"CVE-2026-8767","sourceIdentifier":"cna@vuldb.com","published":"2026-05-17T23:17:02.810","lastModified":"2026-05-19T14:29:31.927","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been found in vercel ai up to 3.0.97. Impacted is the function run of the file .github/workflows/prettier-on-automerge.yml of the component PR Branch Name Interpolation. The manipulation leads to os command injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is considered difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:S/C:P/I:P/A:P","baseScore":4.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-77"},{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vercel:ai:*:*:*:*:*:*:*:*","versionEndIncluding":"3.0.97","matchCriteriaId":"9C80CA5C-3BEC-499F-85D5-5E81491D37D6"}]}]}],"references":[{"url":"https://gist.github.com/YLChen-007/870bd6966cd84703d91ce54dfea3bdd0","source":"cna@vuldb.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://vuldb.com/submit/811402","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/364392","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/364392/cti","source":"cna@vuldb.com","tags":["Permissions Required","VDB Entry"]}]}},{"cve":{"id":"CVE-2026-8768","sourceIdentifier":"cna@vuldb.com","published":"2026-05-17T23:17:02.997","lastModified":"2026-05-19T15:24:27.987","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages/provider-utils/src/download-blob.ts of the component provider-utils. The manipulation results in server-side request forgery. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vercel:ai:*:*:*:*:*:*:*:*","versionEndIncluding":"3.0.97","matchCriteriaId":"9C80CA5C-3BEC-499F-85D5-5E81491D37D6"}]}]}],"references":[{"url":"https://gist.github.com/YLChen-007/07d149bd68adbee58165b4207a2abc71","source":"cna@vuldb.com","tags":["Not Applicable"]},{"url":"https://gist.github.com/YLChen-007/cf7e47e4dda392f474ca77a66d1d847f","source":"cna@vuldb.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://vuldb.com/submit/811404","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/submit/811405","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/364393","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/364393/cti","source":"cna@vuldb.com","tags":["Permissions Required","VDB Entry"]}]}},{"cve":{"id":"CVE-2026-8769","sourceIdentifier":"cna@vuldb.com","published":"2026-05-17T23:17:03.180","lastModified":"2026-05-19T15:27:30.900","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was determined in vercel ai up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource consumption. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:N/A:P","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-400"},{"lang":"en","value":"CWE-404"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vercel:ai:*:*:*:*:*:*:*:*","versionEndIncluding":"3.0.97","matchCriteriaId":"9C80CA5C-3BEC-499F-85D5-5E81491D37D6"}]}]}],"references":[{"url":"https://gist.github.com/YLChen-007/fb1096bc8428bed9a428f764d9d103bb","source":"cna@vuldb.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://vuldb.com/submit/811406","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/364394","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/364394/cti","source":"cna@vuldb.com","tags":["Permissions Required","VDB Entry"]}]}},{"cve":{"id":"CVE-2026-8770","sourceIdentifier":"cna@vuldb.com","published":"2026-05-18T00:16:37.343","lastModified":"2026-05-19T17:30:31.000","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was identified in continuedev continue up to 1.2.22. This affects the function lsTool of the file core/tools/implementations/lsTool.ts of the component JSON-RPC Server. Such manipulation of the argument dirPath leads to path traversal. An attack has to be approached locally. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:S/C:P/I:N/A:N","baseScore":1.7,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.1,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:continue:continue:*:*:*:*:*:visual_studio_code:*:*","versionStartIncluding":"1.2.0","versionEndIncluding":"1.2.22","matchCriteriaId":"1DB788B1-D5B2-4876-BCE2-6144CE16F22B"}]}]}],"references":[{"url":"https://gist.github.com/YLChen-007/da04e032993a4b2324df915f9ecf9831","source":"cna@vuldb.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://vuldb.com/submit/811428","source":"cna@vuldb.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/364395","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/364395/cti","source":"cna@vuldb.com","tags":["Permissions Required","VDB Entry"]},{"url":"https://vuldb.com/submit/811428","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2026-8786","sourceIdentifier":"cna@vuldb.com","published":"2026-05-18T04:16:34.743","lastModified":"2026-05-19T14:30:36.710","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been found in Tencent WeKnora up to 0.3.6. Affected by this issue is the function getKnowledgeBaseForInitialization of the file internal/handler/initialization.go of the component Config API Endpoint. The manipulation of the argument kbId leads to authorization bypass. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-285"},{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tencent:weknora:*:*:*:*:*:*:*:*","versionEndIncluding":"0.3.6","matchCriteriaId":"B29C772E-3C0E-4C3E-836A-8FA73DEFDFFB"}]}]}],"references":[{"url":"https://gist.github.com/YLChen-007/1cdc50418f29af7ae671466425e52c7b","source":"cna@vuldb.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://vuldb.com/submit/812172","source":"cna@vuldb.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/364410","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/364410/cti","source":"cna@vuldb.com","tags":["Permissions Required","VDB Entry"]}]}},{"cve":{"id":"CVE-2026-3495","sourceIdentifier":"responsibledisclosure@mattermost.com","published":"2026-05-18T08:16:13.900","lastModified":"2026-05-19T17:37:07.027","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to escape some variables that could contain malicious content during error page composition which allows an attacker with access to edit some site configuration to execute some malicious code via injecting some JS as part of those values.. Mattermost Advisory ID: MMSA-2026-00622"}],"metrics":{"cvssMetricV31":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N","baseScore":3.8,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7}]},"weaknesses":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"10.11.0","versionEndExcluding":"10.11.14","matchCriteriaId":"413D9405-79C3-4299-B0DC-40D9EE5CC717"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"11.5.0","versionEndExcluding":"11.5.2","matchCriteriaId":"726AD6AD-6C01-45BB-9115-B8209717A6D4"}]}]}],"references":[{"url":"https://mattermost.com/security-updates","source":"responsibledisclosure@mattermost.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-3637","sourceIdentifier":"responsibledisclosure@mattermost.com","published":"2026-05-18T08:16:14.040","lastModified":"2026-05-19T17:34:01.570","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to check the create_post channel permission during post edit operations which allows an authenticated attacker with revoked posting privileges to modify their existing posts via direct API requests to the post update and patch endpoints.. Mattermost Advisory ID: MMSA-2026-00627"}],"metrics":{"cvssMetricV31":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"10.11.0","versionEndExcluding":"10.11.14","matchCriteriaId":"413D9405-79C3-4299-B0DC-40D9EE5CC717"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"11.4.0","versionEndExcluding":"11.4.4","matchCriteriaId":"CF171039-837A-4D23-87EB-F328AD04976C"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"11.5.0","versionEndExcluding":"11.5.2","matchCriteriaId":"726AD6AD-6C01-45BB-9115-B8209717A6D4"}]}]}],"references":[{"url":"https://mattermost.com/security-updates","source":"responsibledisclosure@mattermost.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-4273","sourceIdentifier":"responsibledisclosure@mattermost.com","published":"2026-05-18T08:16:14.180","lastModified":"2026-05-19T17:23:36.817","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to validate that the RefreshedToken differs from the original invite token during remote cluster invite confirmation which allows an authenticated attacker to bypass token rotation and reuse the original invite token via sending a crafted invite confirmation with a RefreshedToken matching the original token. Mattermost Advisory ID: MMSA-2026-00575"}],"metrics":{"cvssMetricV31":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"10.11.0","versionEndExcluding":"10.11.14","matchCriteriaId":"413D9405-79C3-4299-B0DC-40D9EE5CC717"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"11.5.0","versionEndExcluding":"11.5.2","matchCriteriaId":"726AD6AD-6C01-45BB-9115-B8209717A6D4"}]}]}],"references":[{"url":"https://mattermost.com/security-updates","source":"responsibledisclosure@mattermost.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-6340","sourceIdentifier":"responsibledisclosure@mattermost.com","published":"2026-05-18T08:16:14.450","lastModified":"2026-05-19T17:21:26.553","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to validate 7zip archive structure before processing which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted 7zip file with excessive folder declarations.. Mattermost Advisory ID: MMSA-2026-00573"}],"metrics":{"cvssMetricV31":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","description":[{"lang":"en","value":"CWE-789"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"10.11.0","versionEndExcluding":"10.11.14","matchCriteriaId":"413D9405-79C3-4299-B0DC-40D9EE5CC717"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"11.4.0","versionEndExcluding":"11.4.4","matchCriteriaId":"CF171039-837A-4D23-87EB-F328AD04976C"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"11.5.0","versionEndExcluding":"11.5.2","matchCriteriaId":"726AD6AD-6C01-45BB-9115-B8209717A6D4"}]}]}],"references":[{"url":"https://mattermost.com/security-updates","source":"responsibledisclosure@mattermost.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8788","sourceIdentifier":"9b29abf9-4ab0-4765-b253-1875cd9b441e","published":"2026-05-18T08:16:15.320","lastModified":"2026-05-19T14:16:50.060","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Net::Statsd::Lite versions through 0.10.0 for Perl allowed metric injections.\n\nThe values from the set_add method were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics.\n\nNote that version 0.9.0 fixed a similar issue CVE-2026-46719 for metric names."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}]},"weaknesses":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","type":"Secondary","description":[{"lang":"en","value":"CWE-93"}]}],"references":[{"url":"https://metacpan.org/release/RRWO/Net-Statsd-Lite-v0.10.1/changes","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-46719","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"}]}},{"cve":{"id":"CVE-2026-28732","sourceIdentifier":"responsibledisclosure@mattermost.com","published":"2026-05-18T09:16:22.570","lastModified":"2026-05-19T17:18:19.690","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 Fail to enforce slash command trigger-word uniqueness during command updates which allows an authenticated team member with Manage Own Slash Commands permission to hijack and impersonate existing system or custom slash commands via editing their own slash command trigger to an already-registered trigger through the command update API. Mattermost Advisory ID: MMSA-2026-00597"}],"metrics":{"cvssMetricV31":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"10.11.0","versionEndExcluding":"10.11.14","matchCriteriaId":"413D9405-79C3-4299-B0DC-40D9EE5CC717"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"11.4.0","versionEndExcluding":"11.4.4","matchCriteriaId":"CF171039-837A-4D23-87EB-F328AD04976C"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"11.5.0","versionEndExcluding":"11.5.2","matchCriteriaId":"726AD6AD-6C01-45BB-9115-B8209717A6D4"}]}]}],"references":[{"url":"https://mattermost.com/security-updates","source":"responsibledisclosure@mattermost.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-6333","sourceIdentifier":"responsibledisclosure@mattermost.com","published":"2026-05-18T09:16:23.430","lastModified":"2026-05-19T17:51:43.453","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to validate the Host header when constructing response URLs for custom slash commands which allows an authenticated attacker to redirect slash command responses to an attacker-controlled server via a spoofed Host header.. Mattermost Advisory ID: MMSA-2026-00582"}],"metrics":{"cvssMetricV31":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N","baseScore":3.5,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":1.4}]},"weaknesses":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"10.11.0","versionEndExcluding":"10.11.14","matchCriteriaId":"413D9405-79C3-4299-B0DC-40D9EE5CC717"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"11.5.0","versionEndExcluding":"11.5.2","matchCriteriaId":"726AD6AD-6C01-45BB-9115-B8209717A6D4"}]}]}],"references":[{"url":"https://mattermost.com/security-updates","source":"responsibledisclosure@mattermost.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-7301","sourceIdentifier":"cret@cert.org","published":"2026-05-18T12:16:16.480","lastModified":"2026-05-19T13:49:27.027","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"SGLangs multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls pickle.loads() on incoming messages, enabling RCE when exposed to the internet."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:lmsys:sglang:0.5.10:-:*:*:*:*:*:*","matchCriteriaId":"E0022BC8-935B-474C-AD8D-B01417AC7092"}]}]}],"references":[{"url":"https://antiproof.ai/blog/three-rces-in-sglang/","source":"cret@cert.org","tags":["Permissions Required"]},{"url":"https://github.com/sgl-project/sglang/tree/main/python/sglang","source":"cret@cert.org","tags":["Product"]}]}},{"cve":{"id":"CVE-2026-7302","sourceIdentifier":"cret@cert.org","published":"2026-05-18T12:16:16.600","lastModified":"2026-05-19T13:43:48.420","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by including ../ sequences in the upload filename when sent to specific endpoints."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-35"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:lmsys:sglang:0.5.10:-:*:*:*:*:*:*","matchCriteriaId":"E0022BC8-935B-474C-AD8D-B01417AC7092"}]}]}],"references":[{"url":"https://antiproof.ai/blog/three-rces-in-sglang/","source":"cret@cert.org","tags":["Permissions Required"]},{"url":"https://github.com/sgl-project/sglang/tree/main/python/sglang","source":"cret@cert.org","tags":["Product"]}]}},{"cve":{"id":"CVE-2026-7304","sourceIdentifier":"cret@cert.org","published":"2026-05-18T12:16:16.713","lastModified":"2026-05-19T13:38:09.460","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"SGLangs multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor option is enabled, as Python objects loaded via dill.loads() will be deserialized without validation."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:lmsys:sglang:0.5.10:-:*:*:*:*:*:*","matchCriteriaId":"E0022BC8-935B-474C-AD8D-B01417AC7092"}]}]}],"references":[{"url":"https://antiproof.ai/blog/three-rces-in-sglang/","source":"cret@cert.org","tags":["Permissions Required"]},{"url":"https://github.com/sgl-project/sglang/tree/main/python/sglang","source":"cret@cert.org","tags":["Product"]}]}},{"cve":{"id":"CVE-2026-41947","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-18T15:16:25.827","lastModified":"2026-05-19T19:24:48.007","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Dify version 1.14.1 and prior contains an authorization bypass vulnerability that allows authenticated editor users to set and enable trace configurations for any application regardless of tenant ownership. Attackers can exploit missing tenant ownership checks in the trace configuration endpoints to redirect all messages and responses from victim applications to attacker-controlled LLM trace providers. NOTE: Dify Cloud allows unauthenticated free self-registration, making account creation trivially accessible to any attacker."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dify:dify:*:*:*:*:*:*:*:*","versionEndIncluding":"1.14.1","matchCriteriaId":"A125CFA5-D056-4A11-8EE1-0B5FC5628CF3"}]}]}],"references":[{"url":"https://github.com/langgenius/dify/pull/35793","source":"disclosure@vulncheck.com","tags":["Issue Tracking","Mitigation","Patch"]},{"url":"https://huntr.com/bounties/a43076b2-fbc8-4750-9647-89a036b52f52","source":"disclosure@vulncheck.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.vulncheck.com/advisories/dify-authorization-bypass-via-trace-configuration-endpoints","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-41948","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-18T15:16:25.977","lastModified":"2026-05-19T19:25:04.927","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API by exploiting insufficient URL path sanitization. Attackers can traverse out of their authorized tenant path using unencoded dot sequences in task identifiers or manipulated filename parameters to access internal endpoints such as debug interfaces, requiring only knowledge of the victim tenant's UUID. NOTE: Dify Cloud allows unauthenticated free self-registration, making account creation trivially accessible to any attacker."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":5.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L","baseScore":9.4,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":5.5}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-23"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dify:dify:*:*:*:*:*:*:*:*","versionEndIncluding":"1.14.1","matchCriteriaId":"A125CFA5-D056-4A11-8EE1-0B5FC5628CF3"}]}]}],"references":[{"url":"https://github.com/langgenius/dify/pull/35796","source":"disclosure@vulncheck.com","tags":["Issue Tracking","Mitigation","Patch"]},{"url":"https://huntr.com/bounties/35b7ad59-e35d-443f-bf77-387bfb932ec0","source":"disclosure@vulncheck.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.vulncheck.com/advisories/dify-path-traversal-via-plugin-daemon-internal-api-access","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-41949","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-18T15:16:26.137","lastModified":"2026-05-19T19:24:21.587","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Dify version 1.14.1 and prior contain an authorization bypass vulnerability in the file preview endpoint that allows any authenticated user to read up to 3,000 characters of any uploaded document across all tenants and workspaces using only the file's UUID. Attackers can access the /console/api/files/{file_id}/preview endpoint with an intercepted file UUID to extract sensitive content from documents without ownership or workspace permission verification. NOTE: Dify Cloud allows unauthenticated free self-registration, making account creation trivially accessible to any attacker."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dify:dify:*:*:*:*:*:*:*:*","versionEndIncluding":"1.14.1","matchCriteriaId":"A125CFA5-D056-4A11-8EE1-0B5FC5628CF3"}]}]}],"references":[{"url":"https://github.com/langgenius/dify/pull/35797","source":"disclosure@vulncheck.com","tags":["Issue Tracking","Patch","Mitigation"]},{"url":"https://huntr.com/bounties/d50a0240-7951-4939-b989-9bded66c7682","source":"disclosure@vulncheck.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.vulncheck.com/advisories/dify-authorization-bypass-via-file-preview-endpoint","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-36438","sourceIdentifier":"cve@mitre.org","published":"2026-05-18T16:16:29.873","lastModified":"2026-05-19T14:16:41.783","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An issue in Intelbras VIP-1230-D-G4 Version V2.800.00IB00C.0.T allows a remote attacker to obtain sensitive information via password reset functionality under /OutsideCmd"}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-640"}]}],"references":[{"url":"https://backend.intelbras.com/sites/default/files/2023-03/Datasheet%20UNIFICADO%20-%20VIP%201230%20B.D.G4-v2.pdf","source":"cve@mitre.org"},{"url":"https://github.com/kensh1k/CVE-2026-36438/tree/main","source":"cve@mitre.org"},{"url":"https://www.intelbras.com/pt-br/camera-dome-wi-fi-vip-1230-d-w-g4","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-45829","sourceIdentifier":"6f8de1f0-f67e-45a6-b68f-98777fdb759c","published":"2026-05-18T17:16:34.040","lastModified":"2026-05-19T14:16:46.977","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trust_remote_code set to true in the /api/v2/tenants/{tenant}/databases/{db}/collections endpoint."}],"metrics":{"cvssMetricV40":[{"source":"6f8de1f0-f67e-45a6-b68f-98777fdb759c","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"6f8de1f0-f67e-45a6-b68f-98777fdb759c","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/chroma-core/chroma/issues/6717","source":"6f8de1f0-f67e-45a6-b68f-98777fdb759c"},{"url":"https://www.hiddenlayer.com/research/chromatoast-served-pre-auth","source":"6f8de1f0-f67e-45a6-b68f-98777fdb759c"},{"url":"https://www.hiddenlayer.com/research/chromatoast-served-pre-auth","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2023-24215","sourceIdentifier":"cve@mitre.org","published":"2026-05-18T18:17:20.053","lastModified":"2026-05-19T15:16:25.950","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to obtain administrator credentials via a crafted POST request."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"http://airgate.com","source":"cve@mitre.org"},{"url":"http://novus.com","source":"cve@mitre.org"},{"url":"https://github.com/sql3t0/cve-disclosures/blob/main/00_-_CVE-2023-24215.md","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-29962","sourceIdentifier":"cve@mitre.org","published":"2026-05-18T18:17:21.383","lastModified":"2026-05-19T17:21:35.583","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"HSC MailInspector v5.3.3-7 contains a Local File Inclusion (LFI) vulnerability caused by improper control of user-supplied file paths. The endpoint /vendor/phpunit/phpunit.php processes user-controlled parameters that directly affect file access operations without adequate validation, sanitization, or path restriction. This allows a remote attacker to exploit Path Traversal techniques to read arbitrary files from the underlying operating system and application directories, leading to sensitive information disclosure."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-73"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hsclabs:mailinspector:5.3.3-7:*:*:*:*:*:*:*","matchCriteriaId":"5A2C551A-C71C-468F-A438-7ED1F576338A"}]}]}],"references":[{"url":"https://github.com/sql3t0/cve-disclosures","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://github.com/sql3t0/cve-disclosures/blob/main/01_-_CVE-2026-29962_LFI%2BPath_Traversal.md","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://hsclabs.com/pt-br/mailinspector","source":"cve@mitre.org","tags":["Product"]}]}},{"cve":{"id":"CVE-2026-29963","sourceIdentifier":"cve@mitre.org","published":"2026-05-18T18:17:21.517","lastModified":"2026-05-19T17:21:05.690","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"HSC MailInspector 5.3.3-7 has a Path Traversal vulnerability due to improper validation of user-supplied input in the /tap/dw.php endpoint. The text parameter is used to construct file paths without adequate normalization or restriction to a safe base directory. A remote attacker can exploit this flaw to access arbitrary files on the underlying operating system, resulting in unauthorized disclosure of sensitive information."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hsclabs:mailinspector:5.3.3-7:*:*:*:*:*:*:*","matchCriteriaId":"5A2C551A-C71C-468F-A438-7ED1F576338A"}]}]}],"references":[{"url":"https://github.com/sql3t0/cve-disclosures","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://github.com/sql3t0/cve-disclosures/blob/main/02_-_CVE-2026-29963_LFI%2BPath_Traversal.md","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://hsclabs.com/pt-br/mailinspector/","source":"cve@mitre.org","tags":["Product"]}]}},{"cve":{"id":"CVE-2026-29964","sourceIdentifier":"cve@mitre.org","published":"2026-05-18T18:17:21.650","lastModified":"2026-05-19T17:20:32.380","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"HSC MailInspector v5.3.3-7 contains a Cross-Site Scripting (XSS) vulnerability in the /tap/tap.php endpoint due to improper neutralization of user-controlled input using alternate or obfuscated JavaScript syntax. The endpoint reflects unsanitized user input in HTTP responses without adequate output encoding, allowing a remote attacker to execute arbitrary JavaScript code in the context of a victim's browser."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hsclabs:mailinspector:5.3.3-7:*:*:*:*:*:*:*","matchCriteriaId":"5A2C551A-C71C-468F-A438-7ED1F576338A"}]}]}],"references":[{"url":"https://github.com/sql3t0/cve-disclosures","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://github.com/sql3t0/cve-disclosures/blob/main/03_-_CVE-2026-29964_XSS.md","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://hsclabs.com/pt-br/mailinspector/","source":"cve@mitre.org","tags":["Product"]}]}},{"cve":{"id":"CVE-2026-29965","sourceIdentifier":"cve@mitre.org","published":"2026-05-18T18:17:21.773","lastModified":"2026-05-19T17:19:58.520","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"HSC MailInspector 5.3.3-7 is vulnerable to Cross Site Scripting (XSS) in the /police/WarningUrlPage.php endpoint due to improper neutralization of user-supplied input that uses alternate or obfuscated JavaScript syntax."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hsclabs:mailinspector:5.3.3-7:*:*:*:*:*:*:*","matchCriteriaId":"5A2C551A-C71C-468F-A438-7ED1F576338A"}]}]}],"references":[{"url":"https://github.com/sql3t0/cve-disclosures","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://github.com/sql3t0/cve-disclosures/blob/main/04_-_CVE-2026-29965_XSS.md","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://hsclabs.com/pt-br/mailinspector/","source":"cve@mitre.org","tags":["Product"]}]}},{"cve":{"id":"CVE-2026-45492","sourceIdentifier":"secure@microsoft.com","published":"2026-05-18T18:17:37.897","lastModified":"2026-05-19T15:03:24.000","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network."}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:-:*:*:*","versionEndExcluding":"148.0.3967.70","matchCriteriaId":"219AF9F0-FF7A-42E6-82A9-6D4D23FE0655"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45492","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-45494","sourceIdentifier":"secure@microsoft.com","published":"2026-05-18T18:17:38.390","lastModified":"2026-05-19T15:06:38.277","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft Edge (Chromium-based) Spoofing Vulnerability"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:-:*:*:*","versionEndExcluding":"148.0.3967.70","matchCriteriaId":"219AF9F0-FF7A-42E6-82A9-6D4D23FE0655"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45494","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-45495","sourceIdentifier":"secure@microsoft.com","published":"2026-05-18T18:17:38.600","lastModified":"2026-05-19T15:35:18.720","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-94"},{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:-:*:*:*","versionEndExcluding":"148.0.3967.70","matchCriteriaId":"219AF9F0-FF7A-42E6-82A9-6D4D23FE0655"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45495","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-22810","sourceIdentifier":"security-advisories@github.com","published":"2026-05-18T21:16:39.373","lastModified":"2026-05-19T15:03:31.370","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions prior to 3.5.7 contain a path traversal vulnerability in the importer which allows overwriting arbitrary files on disk. The OneNote converter does not sanitize the names of embedded files before writing them to disk. As a result, it's possible for an attacker to create a malicious .one file that includes file names containing ../../, that are then interpreted as part of the target path when extracting attachments from the .one file. This issue has been patched in version 3.5.7."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.5,"impactScore":6.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-24"}]}],"references":[{"url":"https://github.com/laurent22/joplin/blob/af5108d70233b1db9410346958c1587cf7c1b16d/packages/onenote-converter/renderer/src/page/embedded_file.rs#L13-L16","source":"security-advisories@github.com"},{"url":"https://github.com/laurent22/joplin/commit/791668455e1aae50501ff57ea4783b3fba9d377c","source":"security-advisories@github.com"},{"url":"https://github.com/laurent22/joplin/pull/13736","source":"security-advisories@github.com"},{"url":"https://github.com/laurent22/joplin/releases/tag/v3.5.7","source":"security-advisories@github.com"},{"url":"https://github.com/laurent22/joplin/security/advisories/GHSA-gcmj-c9gg-9vh6","source":"security-advisories@github.com"},{"url":"https://github.com/laurent22/joplin/security/advisories/GHSA-gcmj-c9gg-9vh6","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-25244","sourceIdentifier":"security-advisories@github.com","published":"2026-05-18T21:16:39.547","lastModified":"2026-05-19T21:08:29.203","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"WebdriverIO is a test automation framework for unit, e2e and component testing using WebDriver, WebDriver BiDi and Appium. Versions below 9.24.0 contain a command injection vulnerability leading to remote code execution (RCE) in test orchestration. Git permits branch names containing shell metacharacters, and getGitMetadataForAISelection() interpolates these names directly into execSync() calls without sanitization. An attacker can exploit this by supplying a malicious repository (via testOrchestrationOptions.runSmartSelection.source, or the current directory if unset) whose branch name carries a payload, causing the shell to execute arbitrary code. This enables remote code execution on CI/CD servers and developer machines, leading to credential and secret disclosure, source code and SSH key exfiltration, system compromise, and supply chain attacks via tampered build artifacts. The issue has been fixed in version 9.24.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openjsf:webdriverio:*:*:*:*:*:node.js:*:*","versionEndExcluding":"9.24.0","matchCriteriaId":"3D9F8ED3-55D8-4830-A602-CBE9D68AF626"}]}]}],"references":[{"url":"https://github.com/webdriverio/webdriverio/blob/ea0e3e00288abced4c739ff9e46c46977b7cdbd2/packages/wdio-browserstack-service/src/testorchestration/helpers.ts#L204","source":"security-advisories@github.com","tags":["Product"]},{"url":"https://github.com/webdriverio/webdriverio/releases/tag/v9.24.0","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/webdriverio/webdriverio/security/advisories/GHSA-5c46-x3qw-q7j7","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/webdriverio/webdriverio/security/advisories/GHSA-5c46-x3qw-q7j7","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-26978","sourceIdentifier":"security-advisories@github.com","published":"2026-05-18T21:16:39.723","lastModified":"2026-05-19T15:04:09.490","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"FreePBX is an open source IP PBX. In versions below 16.0.71 and 17.0.6, the backup module does not properly sanitize data during restore operations, potentially leading to compromise if the backup contains carefully crafted hostile data. During backup restore operations, FreePBX extracts selected files from a user-supplied tar archive. If a malicious file exists in the archive, it is read and passed directly to unserialize() without validation, class restrictions, or integrity checks. This issue allows Remote Code Execution during restoration of the backup as the web server user (typically asterisk or www-data). The attack does not require shell access, CLI access, or filesystem write permissions beyond the normal restore workflow. Authentication with a known username that has sufficient access permissions and/or write access to backup files is required. This issue has been fixed in versions 16.0.71 and 17.0.6."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://github.com/FreePBX/backup/commit/45c57e1207cbf9fd1c5f76f8a3e72d204a69a472","source":"security-advisories@github.com"},{"url":"https://github.com/FreePBX/backup/commit/64781af5c80cce0cff21a981be4d8e6a7a71f2c4","source":"security-advisories@github.com"},{"url":"https://github.com/FreePBX/security-reporting/security/advisories/GHSA-5v7h-49gr-jcwr","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-27130","sourceIdentifier":"security-advisories@github.com","published":"2026-05-18T21:16:39.890","lastModified":"2026-05-19T17:16:21.520","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Dokploy is a free, self-hostable Platform as a Service (PaaS). Versions 0.26.6 and below have OS command injection through the appName parameter. 3 chained issues cause this problem: inadequate input sanitization, lack of schema validation and direct shell interpolation. User-controlled application names are passed through inadequate sanitization (cleanAppName function only replaces spaces and converts to lowercase) before being interpolated directly into shell commands executed via execAsync() and execAsyncRemote(). An authenticated attacker can inject shell metacharacters (e.g., ;, $(), backticks, |, &) in the appName field during application creation, which are then executed with server-level privileges when service operations (start, stop, remove, scale) are triggered. This issue has been resolved in version 0.26.7."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/Dokploy/dokploy/commit/960892fd8dcf12b7a73a00edaa1b7090fca860c7","source":"security-advisories@github.com"},{"url":"https://github.com/Dokploy/dokploy/security/advisories/GHSA-fcgq-jjfg-hrhj","source":"security-advisories@github.com"},{"url":"https://github.com/Dokploy/dokploy/security/advisories/GHSA-fcgq-jjfg-hrhj","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-4137","sourceIdentifier":"security@huntr.dev","published":"2026-05-18T21:16:40.710","lastModified":"2026-05-19T15:03:31.370","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In mlflow/mlflow versions prior to 3.11.0, the `get_or_create_nfs_tmp_dir()` function in `mlflow/utils/file_utils.py` creates temporary directories with world-writable permissions (0o777), and the `_create_model_downloading_tmp_dir()` function in `mlflow/pyfunc/__init__.py` creates directories with group-writable permissions (0o770). These insecure permissions allow local attackers to tamper with model artifacts, such as cloudpickle-serialized Python objects, and achieve arbitrary code execution when the tampered artifacts are deserialized via `cloudpickle.load()`. This vulnerability is particularly critical in environments with shared NFS mounts, such as Databricks, where NFS is enabled by default. The issue is a continuation of the vulnerability class addressed in CVE-2025-10279, which was only partially fixed."}],"metrics":{"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-378"}]}],"references":[{"url":"https://github.com/mlflow/mlflow/commit/1dcbb0c2fbd1f446c328830e601ca13a28219b8a","source":"security@huntr.dev"},{"url":"https://huntr.com/bounties/648dc30b-76c7-4433-86b8-f43d926fd8d6","source":"security@huntr.dev"},{"url":"https://huntr.com/bounties/648dc30b-76c7-4433-86b8-f43d926fd8d6","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-8838","sourceIdentifier":"ff89ba41-3aa1-4d27-914a-91399e9639e5","published":"2026-05-18T21:16:41.623","lastModified":"2026-05-19T14:24:20.997","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Unsafe use of Python's eval() on server-received data in the vector_in() function in amazon-redshift-python-driver before 2.1.14 allows a rogue server or man-in-the-middle actor to execute arbitrary code on the client. \n\n\n\nTo remediate this issue, users should upgrade to version 2.1.14."}],"metrics":{"cvssMetricV40":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://aws.amazon.com/security/security-bulletins/2026-033-aws/","source":"ff89ba41-3aa1-4d27-914a-91399e9639e5"},{"url":"https://github.com/aws/amazon-redshift-python-driver/releases/tag/v2.1.14","source":"ff89ba41-3aa1-4d27-914a-91399e9639e5"},{"url":"https://github.com/aws/amazon-redshift-python-driver/security/advisories/GHSA-29h4-r29x-hchv","source":"ff89ba41-3aa1-4d27-914a-91399e9639e5"}]}},{"cve":{"id":"CVE-2026-8851","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-18T21:16:41.777","lastModified":"2026-05-19T15:16:33.277","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SOGo versions 5.12.7 and prior contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to extract arbitrary data from the database by injecting SQL subqueries through the uid parameter of the addUserInAcls endpoint. Attackers can inject malicious SQL code to write extracted data into the sogo_acl table and retrieve it through the /acls API, establishing an out-of-band data exfiltration channel."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/Alinto/sogo/releases/tag/SOGo-5.12.8","source":"disclosure@vulncheck.com"},{"url":"https://www.sogo.nu/news/2026/sogo-v5128-released.html","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/sogo-sql-injection-via-adduserinacls-endpoint","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-27737","sourceIdentifier":"security-advisories@github.com","published":"2026-05-18T22:16:37.523","lastModified":"2026-05-19T15:04:09.490","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"BigBlueButton is an open-source virtual classroom. In versions prior to 3.0.19, the recording playback (presentation format) was not sanitizing user's input in public chat. This allowed for a malicious actor to craft and carry out a targeted XSS attack, activated on anyone replaying the recording. This issue has been fixed 3.0.19."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/bigbluebutton/bbb-playback/commit/09e89bfe4ff8488b68c3ff040d3081e419dc89b1","source":"security-advisories@github.com"},{"url":"https://github.com/bigbluebutton/bigbluebutton/commit/69f45aa1b963dc7d80179d0155acc670aec5c4fc","source":"security-advisories@github.com"},{"url":"https://github.com/bigbluebutton/bigbluebutton/releases/tag/v3.0.19","source":"security-advisories@github.com"},{"url":"https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-8vv7-vj94-q2pv","source":"security-advisories@github.com"},{"url":"https://github.com/blindsidenetworks/scalelite/releases/tag/v1.7.0","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-27891","sourceIdentifier":"security-advisories@github.com","published":"2026-05-18T22:16:38.370","lastModified":"2026-05-19T15:16:27.463","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"FacturaScripts is an open source accounting and invoicing software. Versions 2026 and below contain a critical vulnerability in the Plugins::add() function. The system fails to properly validate the file paths within uploaded ZIP archives. This allows an attacker to perform a Zip Slip attack, leading to Arbitrary File Write and Remote Code Execution (RCE) by overwriting sensitive .php files outside the designated plugins directory. The vulnerability is located in Plugins.php. While the testZipFile function attempts to validate that the ZIP contains only one root folder, it does not sanitize or validate the individual file paths within that folder. An attacker can bypass this check by naming a file ValidPluginName/../../shell.php. The explode function will see ValidPluginName as the root folder, satisfying the count($folders) != 1 check. However, during extraction, the ../../ sequence triggers a path traversal, allowing the file to be written anywhere the web server has permissions the root directory. This issue is fixed in version 2026.1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://github.com/NeoRazorX/facturascripts/commit/2dda7c6f3b241fa84a0629166783720b882725fd","source":"security-advisories@github.com"},{"url":"https://github.com/NeoRazorX/facturascripts/security/advisories/GHSA-3pgc-xqg9-cfr6","source":"security-advisories@github.com"},{"url":"https://github.com/NeoRazorX/facturascripts/security/advisories/GHSA-3pgc-xqg9-cfr6","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-27892","sourceIdentifier":"security-advisories@github.com","published":"2026-05-18T22:16:38.543","lastModified":"2026-05-19T14:44:43.127","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"FacturaScripts is an open source accounting and invoicing software. In versions prior to 2026, the Library module stores and serves uploaded images byte-for-byte, without stripping EXIF/XMP/IPTC metadata. Any authenticated user who downloaded an image could extract the uploader's embedded metadata, which included GPS coordinates, device information, timestamps, embedded comments/notes, thumbnail previews, and other personally identifiable information (PII) preserved in the image metadata. Of all FacturaScripts' image upload features, only the Library module combined unrestricted uploads, persistent storage, authenticated download access, and a total lack of server-side metadata sanitization. This vulnerability carries significant real-world impact: an employee uploading a photo taken at their home inadvertently discloses their precise home address to every user with Library download access. This issue has been fixed in version 2026."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-212"}]}],"references":[{"url":"https://github.com/NeoRazorX/facturascripts/commit/b0725147a61a9a377b7180589af33ff52b4751e2","source":"security-advisories@github.com"},{"url":"https://github.com/NeoRazorX/facturascripts/security/advisories/GHSA-q7f2-rv22-2xgr","source":"security-advisories@github.com"},{"url":"https://github.com/NeoRazorX/facturascripts/security/advisories/GHSA-q7f2-rv22-2xgr","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-27964","sourceIdentifier":"security-advisories@github.com","published":"2026-05-18T22:16:38.703","lastModified":"2026-05-19T14:44:43.127","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"FacturaScripts is an open source accounting and invoicing software. Versions 2025.7 and prior contain a Reflected Cross-Site Scripting (XSS) vulnerability through the fsNick cookie parameter. The application reflects the cookie's value directly into the HTML without sanitization. The fsNick cookie is rendered into the DOM without encoding. While the server does reject the modified session and forces a logout, the HTML containing the payload reaches the browser first. This lets the script execute immediately upon load, effectively beating the redirect. This issue has been fixed in version 2025.8."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N","baseScore":3.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.3,"impactScore":2.5}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/NeoRazorX/facturascripts/commit/9066e10326029adf012114e27eb5f3f33f78ecfd","source":"security-advisories@github.com"},{"url":"https://github.com/NeoRazorX/facturascripts/security/advisories/GHSA-gq5c-rw37-g46c","source":"security-advisories@github.com"},{"url":"https://github.com/NeoRazorX/facturascripts/security/advisories/GHSA-gq5c-rw37-g46c","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-30950","sourceIdentifier":"security-advisories@github.com","published":"2026-05-18T23:16:33.190","lastModified":"2026-05-19T15:16:28.720","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.6.36 through 0.6.50 are vulnerable to Authenticated Session Hijacking via IDOR. If an authenticated attacker can determine the session_id of another user's session, they can take it over, reading any messages in it and locking the legitimate user out. The PATCH /sessions/{session_id}/assign-user endpoint authenticates the caller but never verifies session ownership: the service layer invokes the session lookup with user_id=None, which the data access layer interprets as a privileged/system call that bypasses the ownership filter, allowing any authenticated user to reassign an arbitrary session to themselves. This issue has been patched in version 0.6.51."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":4.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/Significant-Gravitas/AutoGPT/commit/eca7b5e79370c34ed75e80badb824023d7d8629d","source":"security-advisories@github.com"},{"url":"https://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-q58p-v9r9-7gqj","source":"security-advisories@github.com"},{"url":"https://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-q58p-v9r9-7gqj","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-32244","sourceIdentifier":"security-advisories@github.com","published":"2026-05-19T00:16:37.100","lastModified":"2026-05-19T14:44:04.023","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous and unprivileged users who cannot regenerate summaries. This issue has been fixed in versions 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1. To work around this issue, restrict summary generation by tightening the allowed groups on the summarization Personas."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-524"},{"lang":"en","value":"CWE-672"}]}],"references":[{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-hjmg-2mww-vfvx","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-32312","sourceIdentifier":"security-advisories@github.com","published":"2026-05-19T00:16:37.283","lastModified":"2026-05-19T15:03:31.370","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, an authenticated user with forms READ permission can export the structure of unauthorized forms. This issue has been fixed in version 11.0.7."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/glpi-project/glpi/releases/tag/11.0.7","source":"security-advisories@github.com"},{"url":"https://github.com/glpi-project/glpi/security/advisories/GHSA-cg63-qchq-q626","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-32323","sourceIdentifier":"security-advisories@github.com","published":"2026-05-19T02:16:14.367","lastModified":"2026-05-19T15:03:31.370","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Mullvad VPN is a VPN client app for desktop and mobile. When using macOS with versions 2026.1 and below, Mullvad VPN may allow local privilege escalation during installation or upgrade. The installer package executes binaries from /Applications/Mullvad VPN.app without verifying if the bundle is attacker-controlled or that the path is the legitimate Mullvad application. A user in the admin group can pre-place a crafted application bundle at that location and may be able to achieve code execution as root. Since the issue only affected the installer, there is no immediate need for users to update if they are already running an older version. This issue has been fixed in version 2026.2-beta1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-269"},{"lang":"en","value":"CWE-345"},{"lang":"en","value":"CWE-427"}]}],"references":[{"url":"https://github.com/mullvad/mullvadvpn-app/commit/032fdcb927c0b6d3e5e1aba4140d33adf22a6bfb","source":"security-advisories@github.com"},{"url":"https://github.com/mullvad/mullvadvpn-app/security/advisories/GHSA-c2g6-w5fq-vw3m","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-33052","sourceIdentifier":"security-advisories@github.com","published":"2026-05-19T02:16:15.503","lastModified":"2026-05-19T15:04:09.490","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.0 and 2.28.1 allow a low-privileged authenticated user assigned the \"add_profile_threshold\" permission to create a global profile despite not having manage_global_profile_threshold, by tampering with the user_id parameter in a valid profile creation request. This issue has been fixed in version 2.28.2."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/mantisbt/mantisbt/commit/3f952e68fa864e0e60abc3e84adecf3cfa84c75e","source":"security-advisories@github.com"},{"url":"https://github.com/mantisbt/mantisbt/security/advisories/GHSA-68w5-w573-q2r8","source":"security-advisories@github.com"},{"url":"https://mantisbt.org/bugs/view.php?id=36974","source":"security-advisories@github.com"},{"url":"https://mantisbt.org/bugs/view.php?id=36974","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-33232","sourceIdentifier":"security-advisories@github.com","published":"2026-05-19T02:16:15.677","lastModified":"2026-05-19T15:04:09.490","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.4.2 through 0.6.51 are vulnerable to an unauthenticated Denial of Service (DoS) through the server due to uncontrolled disk space consumption. The download_agent_file endpoint creates persistent temporary files for every request but fails to delete them after they are served. An unauthenticated attacker can repeatedly call this endpoint to exhaust the server's disk space, causing\n the database or other system services to fail due to \"No space left on device\" errors, rendering the entire AutoGPT Platform backend unavailable to all users. This issue has been patched in version 0.6.52."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"},{"lang":"en","value":"CWE-459"},{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://github.com/Significant-Gravitas/AutoGPT/releases/tag/autogpt-platform-beta-v0.6.52","source":"security-advisories@github.com"},{"url":"https://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-374w-2pxq-c9jp","source":"security-advisories@github.com"},{"url":"https://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-374w-2pxq-c9jp","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-33233","sourceIdentifier":"security-advisories@github.com","published":"2026-05-19T02:16:15.840","lastModified":"2026-05-19T15:16:30.033","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.6.34 through 0.6.51, the backend deserializes Redis cache bytes using pickle.loads without integrity/authenticity checks. The write path serializes values with pickle.dumps(...) into Redis and the read path blindly invokes pickle.loads(...) on bytes with no HMAC/signature or strict schema validation gating deserialization. If an attacker can poison a shared-cache key in Redis, arbitrary command execution is possible in the backend container context, affecting confidentiality, integrity, and availability. This issue has been fixed in version 0.6.52."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":6.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"},{"lang":"en","value":"CWE-345"},{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://github.com/Significant-Gravitas/AutoGPT/releases/tag/autogpt-platform-beta-v0.6.52","source":"security-advisories@github.com"},{"url":"https://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-rfg2-37xq-w4m9","source":"security-advisories@github.com"},{"url":"https://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-rfg2-37xq-w4m9","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-33234","sourceIdentifier":"security-advisories@github.com","published":"2026-05-19T02:16:16.010","lastModified":"2026-05-19T17:16:21.817","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.1.0 through 0.6.51,  SendEmailBlock in autogpt_platform/backend/backend/blocks/email_block.py accepts a user-supplied smtp_server (string) and smtp_port (integer) as per-execution block inputs, then passes them directly to Python's smtplib.SMTP() to open a raw TCP connection with no IP address validation. This completely bypasses the platform's hardened SSRF protections in backend/util/request.py — the validate_url_host() function and BLOCKED_IP_NETWORKS blocklist that every other block uses to block connections to private, loopback, link-local, and cloud metadata addresses. An authenticated user on a shared AutoGPT deployment can use this to perform non-blind internal network port scanning and service fingerprinting: smtplib reads the target's TCP banner on connect and embeds it in the exception message, which is persisted as user-visible block output via the execution framework. This issue has been fixed in version 0.6.52."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/Significant-Gravitas/AutoGPT/releases/tag/autogpt-platform-beta-v0.6.52","source":"security-advisories@github.com"},{"url":"https://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-4jwj-6mg5-wrwf","source":"security-advisories@github.com"},{"url":"https://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-4jwj-6mg5-wrwf","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-33514","sourceIdentifier":"security-advisories@github.com","published":"2026-05-19T02:16:16.210","lastModified":"2026-05-19T14:44:04.023","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, an authenticated user on a Discourse instance with the form templates feature enabled can read the name and structured content of form templates that are intended exclusively for categories they are not authorized to access. Impact is limited to disclosure of site configuration metadata. This issue has been fixed in versions 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/discourse/discourse/commit/ae5c9570fb918442c4d96abc83c1e7e169909b02","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-w6g7-p2p9-2m5h","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-22069","sourceIdentifier":"security@oppo.com","published":"2026-05-19T04:16:25.963","lastModified":"2026-05-19T14:50:07.413","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A local privilege escalation vulnerability exists in O+ Connect because it fails to validate the identity of the caller on the pipe interface."}],"metrics":{"cvssMetricV31":[{"source":"security@oppo.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":1.5,"impactScore":5.3}]},"weaknesses":[{"source":"security@oppo.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"}]}],"references":[{"url":"https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-2056566978633801728","source":"security@oppo.com"}]}},{"cve":{"id":"CVE-2026-24792","sourceIdentifier":"scy@openharmony.io","published":"2026-05-19T04:16:27.907","lastModified":"2026-05-19T14:25:04.340","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps."}],"metrics":{"cvssMetricV31":[{"source":"scy@openharmony.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"scy@openharmony.io","type":"Primary","description":[{"lang":"en","value":"CWE-364"}]}],"references":[{"url":"https://gitcode.com/openharmony/security/tree/master/zh/security-disclosure/2026/2026-04.md","source":"scy@openharmony.io"}]}},{"cve":{"id":"CVE-2026-25110","sourceIdentifier":"scy@openharmony.io","published":"2026-05-19T04:16:28.137","lastModified":"2026-05-19T14:25:04.340","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS."}],"metrics":{"cvssMetricV31":[{"source":"scy@openharmony.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":1.4}]},"weaknesses":[{"source":"scy@openharmony.io","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"references":[{"url":"https://gitcode.com/openharmony/security/tree/master/zh/security-disclosure/2026/2026-04.md","source":"scy@openharmony.io"}]}},{"cve":{"id":"CVE-2026-25781","sourceIdentifier":"scy@openharmony.io","published":"2026-05-19T04:16:28.280","lastModified":"2026-05-19T14:25:04.340","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS and it cannot be recovered."}],"metrics":{"cvssMetricV31":[{"source":"scy@openharmony.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.0,"impactScore":5.8}]},"weaknesses":[{"source":"scy@openharmony.io","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"references":[{"url":"https://gitcode.com/openharmony/security/tree/master/zh/security-disclosure/2026/2026-05.md","source":"scy@openharmony.io"}]}},{"cve":{"id":"CVE-2026-25850","sourceIdentifier":"scy@openharmony.io","published":"2026-05-19T04:16:28.423","lastModified":"2026-05-19T14:25:04.340","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak"}],"metrics":{"cvssMetricV31":[{"source":"scy@openharmony.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"scy@openharmony.io","type":"Primary","description":[{"lang":"en","value":"CWE-281"}]}],"references":[{"url":"https://gitcode.com/openharmony/security/tree/master/zh/security-disclosure/2026/2026-05.md","source":"scy@openharmony.io"}]}},{"cve":{"id":"CVE-2026-27648","sourceIdentifier":"scy@openharmony.io","published":"2026-05-19T04:16:28.563","lastModified":"2026-05-19T14:25:04.340","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps."}],"metrics":{"cvssMetricV31":[{"source":"scy@openharmony.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"scy@openharmony.io","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"references":[{"url":"https://gitcode.com/openharmony/security/tree/master/zh/security-disclosure/2026/2026-04.md","source":"scy@openharmony.io"}]}},{"cve":{"id":"CVE-2026-27766","sourceIdentifier":"scy@openharmony.io","published":"2026-05-19T04:16:28.693","lastModified":"2026-05-19T14:25:04.340","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak."}],"metrics":{"cvssMetricV31":[{"source":"scy@openharmony.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"scy@openharmony.io","type":"Primary","description":[{"lang":"en","value":"CWE-364"}]}],"references":[{"url":"https://gitcode.com/openharmony/security/tree/master/zh/security-disclosure/2026/2026-05.md","source":"scy@openharmony.io"}]}},{"cve":{"id":"CVE-2026-27781","sourceIdentifier":"scy@openharmony.io","published":"2026-05-19T04:16:28.833","lastModified":"2026-05-19T14:25:04.340","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS."}],"metrics":{"cvssMetricV31":[{"source":"scy@openharmony.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":1.4}]},"weaknesses":[{"source":"scy@openharmony.io","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"references":[{"url":"https://gitcode.com/openharmony/security/tree/master/zh/security-disclosure/2026/2026-04.md","source":"scy@openharmony.io"}]}},{"cve":{"id":"CVE-2026-28733","sourceIdentifier":"scy@openharmony.io","published":"2026-05-19T04:16:30.247","lastModified":"2026-05-19T14:25:04.340","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"in OpenHarmony v6.0 and prior versions allow a local attacker arbitrary code execution."}],"metrics":{"cvssMetricV31":[{"source":"scy@openharmony.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":4.0}]},"weaknesses":[{"source":"scy@openharmony.io","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"references":[{"url":"https://gitcode.com/openharmony/security/tree/master/zh/security-disclosure/2026/2026-05.md","source":"scy@openharmony.io"}]}},{"cve":{"id":"CVE-2026-28751","sourceIdentifier":"scy@openharmony.io","published":"2026-05-19T04:16:31.053","lastModified":"2026-05-19T14:25:04.340","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS."}],"metrics":{"cvssMetricV31":[{"source":"scy@openharmony.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":1.4}]},"weaknesses":[{"source":"scy@openharmony.io","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://gitcode.com/openharmony/security/tree/master/zh/security-disclosure/2026/2026-04.md","source":"scy@openharmony.io"}]}},{"cve":{"id":"CVE-2026-33565","sourceIdentifier":"scy@openharmony.io","published":"2026-05-19T04:16:31.183","lastModified":"2026-05-19T14:25:04.340","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS."}],"metrics":{"cvssMetricV31":[{"source":"scy@openharmony.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":1.4}]},"weaknesses":[{"source":"scy@openharmony.io","type":"Primary","description":[{"lang":"en","value":"CWE-364"}]}],"references":[{"url":"https://gitcode.com/openharmony/security/tree/master/zh/security-disclosure/2026/2026-05.md","source":"scy@openharmony.io"}]}},{"cve":{"id":"CVE-2026-47307","sourceIdentifier":"PSIRT@samsung.com","published":"2026-05-19T04:16:31.317","lastModified":"2026-05-19T14:25:40.320","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"NULL pointer dereference vulnerability in Samsung Open Source Walrus allows an attacker to cause a denial of service via a crafted WebAssembly module containing deeply nested instructions.\n\nThis issue affects Walrus: f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9."}],"metrics":{"cvssMetricV31":[{"source":"PSIRT@samsung.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"PSIRT@samsung.com","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]}],"references":[{"url":"https://github.com/Samsung/walrus/pull/409","source":"PSIRT@samsung.com"}]}},{"cve":{"id":"CVE-2026-32994","sourceIdentifier":"support@hackerone.com","published":"2026-05-19T05:16:23.787","lastModified":"2026-05-19T14:50:07.413","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The /api/v1/autotranslate.translateMessage endpoint in versions <8.5.0, <8.4.2, <8.3.4, <8.2.4, <8.1.5, <8.0.6, <7.13.8, and <7.10.12 allows any authenticated user to retrieve the full content of any message from any room (private groups, direct messages, channels) by simply providing the target message ID. The endpoint fetches the message via Messages.findOneById(messageId) with no room access check (canAccessRoomIdAsync is never called), returning the complete IMessage object including message text, sender info, room ID, timestamps, and markdown content."}],"metrics":{"cvssMetricV30":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":3.6}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://hackerone.com/reports/3713682","source":"support@hackerone.com"}]}},{"cve":{"id":"CVE-2026-47308","sourceIdentifier":"PSIRT@samsung.com","published":"2026-05-19T05:16:25.490","lastModified":"2026-05-19T14:25:40.320","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"NULL pointer dereference vulnerability in Samsung Open Source Walrus allows Pointer Manipulation.\n\nThis issue affects Walrus: f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9."}],"metrics":{"cvssMetricV31":[{"source":"PSIRT@samsung.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"PSIRT@samsung.com","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]}],"references":[{"url":"https://github.com/Samsung/walrus/pull/409","source":"PSIRT@samsung.com"}]}},{"cve":{"id":"CVE-2025-15609","sourceIdentifier":"contact@wpscan.com","published":"2026-05-19T07:16:29.327","lastModified":"2026-05-19T14:38:39.660","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive customer information, like past orders, PII, etc."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"references":[{"url":"https://wpscan.com/vulnerability/220f72ea-e3b4-44c9-8c9b-15662aebb6cb/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-47309","sourceIdentifier":"PSIRT@samsung.com","published":"2026-05-19T07:16:29.813","lastModified":"2026-05-19T14:25:40.320","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Uncontrolled Recursion vulnerability in Samsung Open Source Escargot allows Oversized Serialized Data Payloads.\n\nThis issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3."}],"metrics":{"cvssMetricV31":[{"source":"PSIRT@samsung.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"PSIRT@samsung.com","type":"Secondary","description":[{"lang":"en","value":"CWE-674"}]}],"references":[{"url":"https://github.com/Samsung/escargot/pull/1565","source":"PSIRT@samsung.com"}]}},{"cve":{"id":"CVE-2026-47310","sourceIdentifier":"PSIRT@samsung.com","published":"2026-05-19T07:16:29.953","lastModified":"2026-05-19T14:25:40.320","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free vulnerability in Samsung Open Source Escargot allows Pointer Manipulation.\n\nThis issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3."}],"metrics":{"cvssMetricV31":[{"source":"PSIRT@samsung.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"PSIRT@samsung.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"references":[{"url":"https://github.com/Samsung/escargot/pull/1565","source":"PSIRT@samsung.com"}]}},{"cve":{"id":"CVE-2026-47311","sourceIdentifier":"PSIRT@samsung.com","published":"2026-05-19T07:16:30.070","lastModified":"2026-05-19T14:25:40.320","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers.\n\nThis issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3."}],"metrics":{"cvssMetricV31":[{"source":"PSIRT@samsung.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"PSIRT@samsung.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]}],"references":[{"url":"https://github.com/Samsung/escargot/pull/1565","source":"PSIRT@samsung.com"}]}},{"cve":{"id":"CVE-2026-8813","sourceIdentifier":"report@snyk.io","published":"2026-05-19T07:16:30.193","lastModified":"2026-05-19T15:38:48.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"This affects versions of the package exifreader before 4.39.0. A crafted image containing an ICC mluc tag can set an attacker-controlled record count together with a zero record size. During parsing, ExifReader repeatedly processes the same record and appends entries to an array without sufficient bounds validation, causing excessive memory growth. In applications that parse attacker-supplied images, this may lead to denial of service through memory exhaustion."}],"metrics":{"cvssMetricV40":[{"source":"report@snyk.io","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"report@snyk.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"report@snyk.io","type":"Secondary","description":[{"lang":"en","value":"CWE-1284"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-1284"}]}],"references":[{"url":"https://gist.github.com/yuki-matsuhashi/3243ea38e5fbf8cfe19b624f04c9f4b4","source":"report@snyk.io"},{"url":"https://github.com/mattiasw/ExifReader/commit/c9d88b67e127b2dcc7b46e328df468257fb2dc30","source":"report@snyk.io"},{"url":"https://security.snyk.io/vuln/SNYK-JS-EXIFREADER-16689335","source":"report@snyk.io"},{"url":"https://security.snyk.io/vuln/SNYK-JS-EXIFREADER-16689335","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-8814","sourceIdentifier":"report@snyk.io","published":"2026-05-19T07:16:30.357","lastModified":"2026-05-19T15:38:48.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Versions of the package exifreader before 4.39.0 are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) due to decompressing PNG zTXt metadata without enforcing a built-in maximum decompressed output size. When asynchronous parsing is enabled, a crafted PNG file containing a highly compressed zTXt chunk can cause ExifReader to materialize a disproportionately large Comment value in memory."}],"metrics":{"cvssMetricV40":[{"source":"report@snyk.io","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"report@snyk.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"report@snyk.io","type":"Secondary","description":[{"lang":"en","value":"CWE-409"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-409"}]}],"references":[{"url":"https://gist.github.com/yuki-matsuhashi/cad1a45d936062438b4ab24613c34c55","source":"report@snyk.io"},{"url":"https://github.com/mattiasw/ExifReader/commit/5f116128adc19f674902f8bf582bfe7dd0a36375","source":"report@snyk.io"},{"url":"https://security.snyk.io/vuln/SNYK-JS-EXIFREADER-16689340","source":"report@snyk.io"},{"url":"https://security.snyk.io/vuln/SNYK-JS-EXIFREADER-16689340","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-8830","sourceIdentifier":"secalert@redhat.com","published":"2026-05-19T07:16:30.500","lastModified":"2026-05-19T14:25:40.320","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScript. This occurs because the server-side processAction() fails to validate that the newly created credential's parameters, such as public key algorithms, match the realm's configured WebAuthn policies. This could lead to the creation of credentials that do not adhere to administrative security requirements, potentially weakening the overall security posture of the system by allowing non-compliant authentication methods."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Primary","description":[{"lang":"en","value":"CWE-603"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-8830","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479565","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-47312","sourceIdentifier":"PSIRT@samsung.com","published":"2026-05-19T08:16:15.030","lastModified":"2026-05-19T14:25:40.320","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Release of invalid pointer or reference vulnerability in Samsung Open Source Escargot allows Buffer Manipulation.\n\nThis issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3."}],"metrics":{"cvssMetricV31":[{"source":"PSIRT@samsung.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"PSIRT@samsung.com","type":"Secondary","description":[{"lang":"en","value":"CWE-763"}]}],"references":[{"url":"https://github.com/Samsung/escargot/pull/1565","source":"PSIRT@samsung.com"}]}},{"cve":{"id":"CVE-2026-47313","sourceIdentifier":"PSIRT@samsung.com","published":"2026-05-19T08:16:15.603","lastModified":"2026-05-19T14:25:40.320","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Memory allocation with excessive size value vulnerability in Samsung Open Source Escargot allows Excessive Allocation.\n\nThis issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3."}],"metrics":{"cvssMetricV31":[{"source":"PSIRT@samsung.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"PSIRT@samsung.com","type":"Secondary","description":[{"lang":"en","value":"CWE-789"}]}],"references":[{"url":"https://github.com/Samsung/escargot/pull/1565","source":"PSIRT@samsung.com"}]}},{"cve":{"id":"CVE-2026-47314","sourceIdentifier":"PSIRT@samsung.com","published":"2026-05-19T08:16:15.730","lastModified":"2026-05-19T14:25:40.320","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers.\n\nThis issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3."}],"metrics":{"cvssMetricV31":[{"source":"PSIRT@samsung.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"PSIRT@samsung.com","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"references":[{"url":"https://github.com/Samsung/escargot/pull/1565","source":"PSIRT@samsung.com"}]}},{"cve":{"id":"CVE-2026-47315","sourceIdentifier":"PSIRT@samsung.com","published":"2026-05-19T08:16:15.853","lastModified":"2026-05-19T14:25:40.320","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Check for Unusual or Exceptional Conditions vulnerability in Samsung Open Source Escargot allows Input Data Manipulation.\n\nThis issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3."}],"metrics":{"cvssMetricV31":[{"source":"PSIRT@samsung.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"PSIRT@samsung.com","type":"Secondary","description":[{"lang":"en","value":"CWE-754"}]}],"references":[{"url":"https://github.com/Samsung/escargot/pull/1565","source":"PSIRT@samsung.com"}]}},{"cve":{"id":"CVE-2026-47316","sourceIdentifier":"PSIRT@samsung.com","published":"2026-05-19T08:16:15.977","lastModified":"2026-05-19T14:25:40.320","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Check or Handling of Exceptional Conditions vulnerability in Samsung Open Source Escargot allows Input Data Manipulation.\n\nThis issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3."}],"metrics":{"cvssMetricV31":[{"source":"PSIRT@samsung.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"PSIRT@samsung.com","type":"Secondary","description":[{"lang":"en","value":"CWE-703"}]}],"references":[{"url":"https://github.com/Samsung/escargot/pull/1565","source":"PSIRT@samsung.com"}]}},{"cve":{"id":"CVE-2026-47317","sourceIdentifier":"PSIRT@samsung.com","published":"2026-05-19T08:16:16.093","lastModified":"2026-05-19T14:25:40.320","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Uncontrolled Recursion vulnerability in Samsung Open Source Escargot allows Excessive Allocation.\n\nThis issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3."}],"metrics":{"cvssMetricV31":[{"source":"PSIRT@samsung.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"PSIRT@samsung.com","type":"Secondary","description":[{"lang":"en","value":"CWE-674"}]}],"references":[{"url":"https://github.com/Samsung/escargot/pull/1565","source":"PSIRT@samsung.com"}]}},{"cve":{"id":"CVE-2026-4885","sourceIdentifier":"security@wordfence.com","published":"2026-05-19T08:16:16.223","lastModified":"2026-05-19T14:38:39.660","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'pafe_ajax_form_builder' function in all versions up to, and including, 7.1.70. The plugin uses an incomplete extension blacklist that only blocks php, phpt, php5, php7, and exe extensions, while allowing dangerous extensions such as .phar or .phtml to be uploaded. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. Note: The exploit can only be exploited if a file field is added to the form."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://pafe.piotnet.com/","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ffff2ff3-769d-4eb2-acbe-d8ce6f042581?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-8922","sourceIdentifier":"secalert@redhat.com","published":"2026-05-19T08:16:18.343","lastModified":"2026-05-19T14:25:40.320","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Keycloak. When both realm-level and client-level `notBefore` revocation policies are configured, Keycloak's OpenID Connect (OIDC) Introspection feature fails to properly honor the realm-level policy. This allows tokens that should have been revoked to remain active, potentially leading to unauthorized access or continued session validity. This could impact the security of systems utilizing Keycloak for identity and access management."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Primary","description":[{"lang":"en","value":"CWE-303"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-8922","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479586","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-44408","sourceIdentifier":"psirt@zte.com.cn","published":"2026-05-19T09:16:20.020","lastModified":"2026-05-19T14:50:07.413","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"There is an unauthorized access vulnerability in ZTE MU5250. Due to improper permission control of the Web interface, an unauthorized attacker can  modify configuration through the interface."}],"metrics":{"cvssMetricV31":[{"source":"psirt@zte.com.cn","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":4.2}]},"weaknesses":[{"source":"psirt@zte.com.cn","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/2657904255874650158","source":"psirt@zte.com.cn"}]}},{"cve":{"id":"CVE-2026-29207","sourceIdentifier":"security@apache.org","published":"2026-05-19T10:16:22.390","lastModified":"2026-05-19T19:16:46.603","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz.\n\nThis issue affects Apache OFBiz: before 24.09.06.\n\nUsers are recommended to upgrade to version 24.09.06, which fixes the issue.\n\nPlease note that in the updated version, \"Data Resource\" records with dataTemplateTypeId = \"FTL\" are no longer supported.\n\nAdditionally, in the updated version, the \"Ecommerce Customer\" security group no longer includes content management grants. Users are advised to remove these permissions from any production site as well."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-1336"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*","versionEndExcluding":"24.09.06","matchCriteriaId":"CEB63EC9-E307-4D7E-98E3-142E0225D178"}]}]}],"references":[{"url":"https://lists.apache.org/thread/3rcrp8bh3x6ovrj5xnc0fm1f0nrn52r0","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/19/14","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-29220","sourceIdentifier":"security@apache.org","published":"2026-05-19T10:16:22.610","lastModified":"2026-05-19T19:16:46.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.\n\nThis issue affects Apache OFBiz: before 24.09.06.\n\nUsers are recommended to upgrade to version 24.09.06, which fixes the issue."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*","versionEndExcluding":"24.09.06","matchCriteriaId":"CEB63EC9-E307-4D7E-98E3-142E0225D178"}]}]}],"references":[{"url":"https://lists.apache.org/thread/5hjnmt9no6mmtg8sxq3mhonzff1vkd5m","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/19/15","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-29226","sourceIdentifier":"security@apache.org","published":"2026-05-19T10:16:22.730","lastModified":"2026-05-19T19:16:46.960","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz via Content component operations.\n\nThis issue affects Apache OFBiz: before 24.09.06.\n\nUsers are recommended to upgrade to version 24.09.06, which fixes the issue."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*","versionEndExcluding":"24.09.06","matchCriteriaId":"CEB63EC9-E307-4D7E-98E3-142E0225D178"}]}]}],"references":[{"url":"https://lists.apache.org/thread/6707wys8jxzmowxggn4cmtwwk9ygl2tr","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/19/16","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-2611","sourceIdentifier":"security@huntr.dev","published":"2026-05-19T10:16:22.983","lastModified":"2026-05-19T15:03:31.370","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in its /ajax-api endpoints. This vulnerability allows a remote attacker to exploit cross-origin requests from a malicious webpage to interact with the MLflow Assistant running on a victim's local machine. By bypassing the loopback-only restriction, the attacker can modify the Assistant's configuration to enable full access, which in turn allows the execution of arbitrary commands via the Claude Code sub-agent. This issue is resolved in version 3.10.0."}],"metrics":{"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":6.0}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-346"}]}],"references":[{"url":"https://github.com/mlflow/mlflow/commit/8f9c8a53af90842944101eb8b7d60706822c81bc","source":"security@huntr.dev"},{"url":"https://huntr.com/bounties/8462addd-b464-4a84-b6a2-5529604e6e5a","source":"security@huntr.dev"},{"url":"https://huntr.com/bounties/8462addd-b464-4a84-b6a2-5529604e6e5a","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-31378","sourceIdentifier":"security@apache.org","published":"2026-05-19T10:16:23.137","lastModified":"2026-05-19T19:16:47.147","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Input Validation vulnerability in Apache OFBiz.\n\nThis issue affects Apache OFBiz: before 24.09.06.\n\nUsers are recommended to upgrade to version 24.09.06, which fixes the issue."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*","versionEndExcluding":"24.09.06","matchCriteriaId":"CEB63EC9-E307-4D7E-98E3-142E0225D178"}]}]}],"references":[{"url":"https://lists.apache.org/thread/cbl8qkqtxv90m6ssfwd58bnoh933v38t","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/19/17","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-31379","sourceIdentifier":"security@apache.org","published":"2026-05-19T10:16:23.253","lastModified":"2026-05-19T19:16:47.323","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz.\n\nThis issue affects Apache OFBiz: before 24.09.06.\n\nUsers are recommended to upgrade to version 24.09.06, which fixes the issue."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*","versionEndExcluding":"24.09.06","matchCriteriaId":"CEB63EC9-E307-4D7E-98E3-142E0225D178"}]}]}],"references":[{"url":"https://lists.apache.org/thread/1tcnkxjm0s6n1ohfb21brl25dt0hv9by","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/19/18","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-31380","sourceIdentifier":"security@apache.org","published":"2026-05-19T10:16:23.377","lastModified":"2026-05-19T19:16:47.500","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') vulnerability in Apache OFBiz.\n\nThis issue affects Apache OFBiz: before 24.09.06.\n\nUsers are recommended to upgrade to version 24.09.06, which fixes the issue."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-917"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*","versionEndExcluding":"24.09.06","matchCriteriaId":"CEB63EC9-E307-4D7E-98E3-142E0225D178"}]}]}],"references":[{"url":"https://lists.apache.org/thread/v2brvq1tf4q491obkxv8p7fc5qfshc08","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/19/19","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-31387","sourceIdentifier":"security@apache.org","published":"2026-05-19T10:16:23.500","lastModified":"2026-05-19T19:16:47.667","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Authentication vulnerability in Apache OFBiz.\n\nThis issue affects Apache OFBiz: before 24.09.06.\n\nUsers are recommended to upgrade to version 24.09.06, which fixes the issue."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*","versionEndExcluding":"24.09.06","matchCriteriaId":"CEB63EC9-E307-4D7E-98E3-142E0225D178"}]}]}],"references":[{"url":"https://lists.apache.org/thread/3wgybgdvmbfvly24zm4sb4y53fc1pqcf","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/19/20","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-31388","sourceIdentifier":"security@apache.org","published":"2026-05-19T10:16:23.643","lastModified":"2026-05-19T19:16:47.840","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Access Control vulnerability in Apache OFBiz in multi-tenant deployments.\n\nThis issue affects Apache OFBiz: before 24.09.06.\n\nUsers are recommended to upgrade to version 24.09.06, which fixes the issue."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*","versionEndExcluding":"24.09.06","matchCriteriaId":"CEB63EC9-E307-4D7E-98E3-142E0225D178"}]}]}],"references":[{"url":"https://lists.apache.org/thread/npjchvnpnosoqpto46s2om12jd9s7py7","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/19/21","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-31906","sourceIdentifier":"security@apache.org","published":"2026-05-19T10:16:23.777","lastModified":"2026-05-19T19:16:48.000","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache OFBiz.\n\nThis issue affects Apache OFBiz: before 24.09.06.\n\nUsers are recommended to upgrade to version 24.09.06, which fixes the issue."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*","versionEndExcluding":"24.09.06","matchCriteriaId":"CEB63EC9-E307-4D7E-98E3-142E0225D178"}]}]}],"references":[{"url":"https://lists.apache.org/thread/1fblqdo89d3ps8kgtcnkcq8sh7gwkcpn","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/19/22","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-31909","sourceIdentifier":"security@apache.org","published":"2026-05-19T10:16:23.913","lastModified":"2026-05-19T19:16:48.170","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache OFBiz.\n\nThis issue affects Apache OFBiz: before 24.09.06.\n\nUsers are recommended to upgrade to version 24.09.06, which fixes the issue."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*","versionEndExcluding":"24.09.06","matchCriteriaId":"CEB63EC9-E307-4D7E-98E3-142E0225D178"}]}]}],"references":[{"url":"https://lists.apache.org/thread/0hpopzz1qrhkzsbt3ncofs6qo0545r2h","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/19/23","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-31910","sourceIdentifier":"security@apache.org","published":"2026-05-19T10:16:24.037","lastModified":"2026-05-19T19:16:48.340","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz.\n\nThis issue affects Apache OFBiz: before 24.09.06.\n\nUsers are recommended to upgrade to version 24.09.06, which fixes the issue."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*","versionEndExcluding":"24.09.06","matchCriteriaId":"CEB63EC9-E307-4D7E-98E3-142E0225D178"}]}]}],"references":[{"url":"https://lists.apache.org/thread/2smc4c4o056ovd2hoq1l29593y5y29vh","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/19/24","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-31986","sourceIdentifier":"security@apache.org","published":"2026-05-19T10:16:24.143","lastModified":"2026-05-19T19:16:48.527","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Use of Hard-coded Cryptographic Key vulnerability in Apache OFBiz.\n\nThis issue affects Apache OFBiz: before 24.09.06.\n\nUsers are recommended to upgrade to version 24.09.06, which fixes the issue."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-321"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*","versionEndExcluding":"24.09.06","matchCriteriaId":"CEB63EC9-E307-4D7E-98E3-142E0225D178"}]}]}],"references":[{"url":"https://lists.apache.org/thread/2hl9xoqm8tq8b22x6vnmtp7tg3opcqgc","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/19/25","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-35086","sourceIdentifier":"security@apache.org","published":"2026-05-19T10:16:24.263","lastModified":"2026-05-19T19:16:49.850","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Control of Generation of Code ('Code Injection') vulnerability in email services of Apache OFBiz.\n\nThis issue affects Apache OFBiz: before 24.09.06.\n\nUsers are recommended to upgrade to version 24.09.06, which fixes the issue."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*","versionEndExcluding":"24.09.06","matchCriteriaId":"CEB63EC9-E307-4D7E-98E3-142E0225D178"}]}]}],"references":[{"url":"https://lists.apache.org/thread/g0s37yhnh2xwfts400crb2w8s337hgjx","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/19/26","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-41919","sourceIdentifier":"security@apache.org","published":"2026-05-19T10:16:24.380","lastModified":"2026-05-19T19:16:50.617","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache OFBiz.\n\nThis issue affects Apache OFBiz: before 24.09.06.\n\nUsers are recommended to upgrade to version 24.09.06, which fixes the issue."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-90"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*","versionEndExcluding":"24.09.06","matchCriteriaId":"CEB63EC9-E307-4D7E-98E3-142E0225D178"}]}]}],"references":[{"url":"https://lists.apache.org/thread/592czh9o69n74c036vy30fnqknocw74p","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/19/27","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-45187","sourceIdentifier":"security@apache.org","published":"2026-05-19T10:16:24.500","lastModified":"2026-05-19T19:16:50.803","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Authorization vulnerability in Apache OFBiz Webtools.\n\nThis issue affects Apache OFBiz: before 24.09.06.\n\nUsers are recommended to upgrade to version 24.09.06, which fixes the issue."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-285"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*","versionEndExcluding":"24.09.06","matchCriteriaId":"CEB63EC9-E307-4D7E-98E3-142E0225D178"}]}]}],"references":[{"url":"https://lists.apache.org/thread/pcmfyxjyk7dg0btxqg9h7cr30yg8mr7k","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/19/28","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-46721","sourceIdentifier":"f4fb688c-4412-4426-b4b8-421ecf27b14a","published":"2026-05-19T10:16:24.853","lastModified":"2026-05-19T14:47:13.200","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The create and edit flows do not restrict which user properties may be submitted and do not enforce access control on the frontend user group assignment. As a result, an attacker can assign an arbitrary frontend user group to a newly registered or edited account, gaining unauthorized access to content and functionality restricted to privileged frontend user groups."}],"metrics":{"cvssMetricV40":[{"source":"f4fb688c-4412-4426-b4b8-421ecf27b14a","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"f4fb688c-4412-4426-b4b8-421ecf27b14a","type":"Secondary","description":[{"lang":"en","value":"CWE-639"},{"lang":"en","value":"CWE-915"}]}],"references":[{"url":"https://typo3.org/security/advisory/typo3-ext-sa-2026-009","source":"f4fb688c-4412-4426-b4b8-421ecf27b14a"}]}},{"cve":{"id":"CVE-2026-46722","sourceIdentifier":"f4fb688c-4412-4426-b4b8-421ecf27b14a","published":"2026-05-19T10:16:25.027","lastModified":"2026-05-19T14:47:13.200","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The OOXML parsing of the file indexer does not disable external entity resolution. A crafted xlsx or pptx document placed in an indexed directory can cause local files to be read or outbound HTTP requests to be performed, with the retrieved content being written to the search index."}],"metrics":{"cvssMetricV40":[{"source":"f4fb688c-4412-4426-b4b8-421ecf27b14a","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"f4fb688c-4412-4426-b4b8-421ecf27b14a","type":"Secondary","description":[{"lang":"en","value":"CWE-611"}]}],"references":[{"url":"https://typo3.org/security/advisory/typo3-ext-sa-2026-011","source":"f4fb688c-4412-4426-b4b8-421ecf27b14a"}]}},{"cve":{"id":"CVE-2026-46723","sourceIdentifier":"f4fb688c-4412-4426-b4b8-421ecf27b14a","published":"2026-05-19T10:16:25.187","lastModified":"2026-05-19T14:47:13.200","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The additional_tables configuration of the page and tt_content indexers accepts arbitrary table and field names. A backend user with permission to edit indexer configurations can copy sensitive data from internal TYPO3 tables into the search index."}],"metrics":{"cvssMetricV40":[{"source":"f4fb688c-4412-4426-b4b8-421ecf27b14a","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"f4fb688c-4412-4426-b4b8-421ecf27b14a","type":"Secondary","description":[{"lang":"en","value":"CWE-668"}]}],"references":[{"url":"https://typo3.org/security/advisory/typo3-ext-sa-2026-011","source":"f4fb688c-4412-4426-b4b8-421ecf27b14a"}]}},{"cve":{"id":"CVE-2026-46724","sourceIdentifier":"f4fb688c-4412-4426-b4b8-421ecf27b14a","published":"2026-05-19T10:16:25.320","lastModified":"2026-05-19T14:47:13.200","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The file indexer does not normalize the configured directory path. A backend user with permission to edit indexer configurations can index documents from arbitrary locations on the server file system through path traversal sequences."}],"metrics":{"cvssMetricV40":[{"source":"f4fb688c-4412-4426-b4b8-421ecf27b14a","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"f4fb688c-4412-4426-b4b8-421ecf27b14a","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://typo3.org/security/advisory/typo3-ext-sa-2026-011","source":"f4fb688c-4412-4426-b4b8-421ecf27b14a"}]}},{"cve":{"id":"CVE-2026-46725","sourceIdentifier":"f4fb688c-4412-4426-b4b8-421ecf27b14a","published":"2026-05-19T10:16:25.457","lastModified":"2026-05-19T14:47:13.200","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The extension passes an attacker-controlled cookie directly to PHP's unserialize() without safely processing the input. A remote, unauthenticated attacker can supply a crafted serialized payload to trigger PHP Object Injection, leading to Remote Code Execution on the TYPO3 server. Exploitation requires the content element to be configured with \"Persistent Mode: Static\" in the plugin settings."}],"metrics":{"cvssMetricV40":[{"source":"f4fb688c-4412-4426-b4b8-421ecf27b14a","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"f4fb688c-4412-4426-b4b8-421ecf27b14a","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://typo3.org/security/advisory/typo3-ext-sa-2026-013","source":"f4fb688c-4412-4426-b4b8-421ecf27b14a"}]}},{"cve":{"id":"CVE-2026-8726","sourceIdentifier":"f4fb688c-4412-4426-b4b8-421ecf27b14a","published":"2026-05-19T10:16:25.603","lastModified":"2026-05-19T14:47:13.200","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The extension fails to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the \"Date Menu of news articles\" plugin. Exploitation requires the \"Date Menu of news articles\" plugin to be in use and the TypoScript/Plugin setting disableOverrideDemand not to be enabled."}],"metrics":{"cvssMetricV40":[{"source":"f4fb688c-4412-4426-b4b8-421ecf27b14a","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"f4fb688c-4412-4426-b4b8-421ecf27b14a","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://typo3.org/security/advisory/typo3-ext-sa-2026-010","source":"f4fb688c-4412-4426-b4b8-421ecf27b14a"}]}},{"cve":{"id":"CVE-2026-8727","sourceIdentifier":"f4fb688c-4412-4426-b4b8-421ecf27b14a","published":"2026-05-19T10:16:25.747","lastModified":"2026-05-19T14:47:13.200","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Crawler extension passes the X-T3Crawler-Meta response header from crawled URLs directly to PHP's unserialize(). An attacker controlling a crawled endpoint can inject arbitrary serialized PHP objects, leading to Remote Code Execution on the TYPO3 server. Exploitation requires administrative privileges to configure a crawler-enabled page and trigger the crawl via a Scheduler task."}],"metrics":{"cvssMetricV40":[{"source":"f4fb688c-4412-4426-b4b8-421ecf27b14a","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"f4fb688c-4412-4426-b4b8-421ecf27b14a","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://typo3.org/security/advisory/typo3-ext-sa-2026-008","source":"f4fb688c-4412-4426-b4b8-421ecf27b14a"}]}},{"cve":{"id":"CVE-2026-8827","sourceIdentifier":"f4fb688c-4412-4426-b4b8-421ecf27b14a","published":"2026-05-19T10:16:25.887","lastModified":"2026-05-19T14:47:13.200","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The AddressRepository::getSqlQuery() method constructs a database query without properly sanitizing user input, leading to SQL Injection. The method is not invoked anywhere within the extension itself and therefore poses no direct risk in a default installation. However, custom extensions that call this method with untrusted input would expose the site to SQL injection."}],"metrics":{"cvssMetricV40":[{"source":"f4fb688c-4412-4426-b4b8-421ecf27b14a","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"f4fb688c-4412-4426-b4b8-421ecf27b14a","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://typo3.org/security/advisory/typo3-ext-sa-2026-012","source":"f4fb688c-4412-4426-b4b8-421ecf27b14a"}]}},{"cve":{"id":"CVE-2026-45442","sourceIdentifier":"audit@patchstack.com","published":"2026-05-19T12:16:19.130","lastModified":"2026-05-19T14:50:07.413","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in Brainstorm Force Presto Player allows Exploiting Incorrectly Configured Access Control Security Levels.\n\nThis issue affects Presto Player: from n/a through 4.1.3."}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/presto-player/vulnerability/wordpress-presto-player-plugin-4-1-3-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-7860","sourceIdentifier":"security@vaadin.com","published":"2026-05-19T12:16:19.960","lastModified":"2026-05-19T14:50:19.820","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A possible information disclosure vulnerability exists in the Vaadin Maven plugin and Vaadin Gradle plugin that exposes the full set of environment variables in build logs whenever the frontend build process exits with a non-zero status. Because the build environment may contain credentials supplied as secrets, any failed frontend build can expose those secrets in clear text in CI logs and archived build artifacts.\n\n\nUsers of affected versions should apply the following mitigation or upgrade. Releases that have fixed this issue include:\n\nProduct version\nVaadin 23.0.0 - 23.6.9\nVaadin 24.0.0 - 24.10.3\nVaadin 25.0.0 - 25.1.4\n\nMitigation\nUpgrade to 23.6.10\nUpgrade to 24.10.4 or newer\nUpgrade to 25.1.5 or newer\n\nPlease note that Vaadin versions 10-13 and 15-22 are no longer supported and you should update either to the latest 23, 24, or 25 version.\n\nArtifactsMaven coordinatesVulnerable versionsFixed versioncom.vaadin:flow-plugin-base23.0.0 - 23.6.10≥23.6.11com.vaadin:flow-plugin-base24.0.0 - 24.10.3≥24.10.4com.vaadin:flow-plugin-base25.0.0 - 25.1.4≥25.1.5com.vaadin:flow-maven-plugin23.0.0 - 23.6.10≥23.6.11com.vaadin:flow-maven-plugin24.0.0 - 24.10.3≥24.10.4com.vaadin:flow-maven-plugin25.0.0 - 25.1.4≥25.1.5com.vaadin:flow-gradle-plugin24.0.0 - 24.10.3≥24.10.4com.vaadin:flow-gradle-plugin25.0.0 - 25.1.4≥25.1.5"}],"metrics":{"cvssMetricV40":[{"source":"security@vaadin.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:A/V:C/RE:L/U:Green","baseScore":1.6,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NEGLIGIBLE","Automatable":"NO","Recovery":"AUTOMATIC","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"LOW","providerUrgency":"GREEN"}}]},"weaknesses":[{"source":"security@vaadin.com","type":"Secondary","description":[{"lang":"en","value":"CWE-209"}]}],"references":[{"url":"https://github.com/vaadin/flow/pull/24219","source":"security@vaadin.com"},{"url":"https://vaadin.com/security/cve-2026-7860","source":"security@vaadin.com"}]}},{"cve":{"id":"CVE-2026-4883","sourceIdentifier":"security@wordfence.com","published":"2026-05-19T13:16:19.340","lastModified":"2026-05-19T14:38:39.660","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'piotnetforms_ajax_form_builder' function in all versions up to, and including, 2.1.40. The plugin uses an incomplete extension blacklist that only blocks php, phpt, php5, php7, and exe extensions, while allowing dangerous extensions such as .phar or .phtml to be uploaded. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. Note: The exploit can only be exploited if a file field is added to the form."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://piotnetforms.com","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9bd9c9db-d279-4de2-b5e4-ac7d8c919f2a?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-8912","sourceIdentifier":"security@wordfence.com","published":"2026-05-19T13:16:20.127","lastModified":"2026-05-19T14:38:39.660","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Contest Gallery plugin for WordPress is vulnerable to SQL Injection via the 'form_input' parameter in versions up to, and including, 28.1.6. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query inside the unauthenticated 'post_cg_gallery_form_upload' AJAX action (specifically the 'cb' branch of the included users-upload-check.php, where $f_input_id is concatenated unquoted into 'SELECT Field_Content FROM ... WHERE id = $f_input_id'). The endpoint is gated only by a public frontend nonce ('cg1l_action' / 'cg_nonce') that is exposed in the page source of any public gallery page. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/contest-gallery/tags/28.1.5/ajax/ajax-functions-frontend.php#L837","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/contest-gallery/tags/28.1.5/functions/frontend/cg-general-frontend.php#L12","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/contest-gallery/tags/28.1.5/v10/v10-frontend/user_upload/users-upload-check.php#L1036","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/contest-gallery/tags/28.1.5/v10/v10-frontend/user_upload/users-upload-check.php#L1193","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/71f2f8c4-00ee-4ab4-b0e0-9ddac46818b3?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2025-14575","sourceIdentifier":"a59d8014-47c4-4630-ab43-e1b13cbe58e3","published":"2026-05-19T14:16:27.120","lastModified":"2026-05-19T14:46:56.260","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS backend of Qt Network (qtbase) in Qt Qt Framework (Unix) allows a local attacker to load a rogue CA certificate as a trusted system authority via a crafted certificate file placed in the application's working directory."}],"metrics":{"cvssMetricV40":[{"source":"a59d8014-47c4-4630-ab43-e1b13cbe58e3","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.8,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"a59d8014-47c4-4630-ab43-e1b13cbe58e3","type":"Secondary","description":[{"lang":"en","value":"CWE-427"}]}],"references":[{"url":"https://codereview.qt-project.org/c/qt/qtbase/+/642967","source":"a59d8014-47c4-4630-ab43-e1b13cbe58e3"}]}},{"cve":{"id":"CVE-2025-40901","sourceIdentifier":"prodsec@nozominetworks.com","published":"2026-05-19T14:16:27.767","lastModified":"2026-05-19T17:47:05.813","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A Stored HTML Injection vulnerability was discovered in the Credentials Manager functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can define a malicious identity containing HTML tags. When a victim attempts to delete the affected identity, the injected HTML renders in their browser, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration."}],"metrics":{"cvssMetricV40":[{"source":"prodsec@nozominetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"prodsec@nozominetworks.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.7,"impactScore":3.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7}]},"weaknesses":[{"source":"prodsec@nozominetworks.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*","versionEndExcluding":"26.1.0","matchCriteriaId":"ADDB8845-2325-4017-82B0-96F27B254E0C"},{"vulnerable":true,"criteria":"cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*","versionEndExcluding":"26.1.0","matchCriteriaId":"643606B0-7E60-440E-9A83-A8EC6534F5CB"}]}]}],"references":[{"url":"https://security.nozominetworks.com/NN-2026:4-01","source":"prodsec@nozominetworks.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-40902","sourceIdentifier":"prodsec@nozominetworks.com","published":"2026-05-19T14:16:27.960","lastModified":"2026-05-19T17:44:49.497","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A Stored HTML Injection vulnerability was discovered in the Users functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can create a malicious user whose username contains HTML tags. When a victim attempts to delete a group containing the affected user, the injected HTML renders in their browser, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration."}],"metrics":{"cvssMetricV40":[{"source":"prodsec@nozominetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"prodsec@nozominetworks.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.7,"impactScore":3.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7}]},"weaknesses":[{"source":"prodsec@nozominetworks.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*","versionEndExcluding":"26.1.0","matchCriteriaId":"ADDB8845-2325-4017-82B0-96F27B254E0C"},{"vulnerable":true,"criteria":"cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*","versionEndExcluding":"26.1.0","matchCriteriaId":"643606B0-7E60-440E-9A83-A8EC6534F5CB"}]}]}],"references":[{"url":"https://security.nozominetworks.com/NN-2026:5-01","source":"prodsec@nozominetworks.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-40903","sourceIdentifier":"prodsec@nozominetworks.com","published":"2026-05-19T14:16:28.130","lastModified":"2026-05-19T17:44:04.967","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A Stored HTML Injection vulnerability was discovered in the Schedule Restore Archive functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can define a malicious restore schedule containing HTML tags. When a victim views the affected schedule, the injected HTML renders in their browser, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration."}],"metrics":{"cvssMetricV40":[{"source":"prodsec@nozominetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"prodsec@nozominetworks.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.7,"impactScore":3.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7}]},"weaknesses":[{"source":"prodsec@nozominetworks.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*","versionEndExcluding":"26.1.0","matchCriteriaId":"ADDB8845-2325-4017-82B0-96F27B254E0C"},{"vulnerable":true,"criteria":"cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*","versionEndExcluding":"26.1.0","matchCriteriaId":"643606B0-7E60-440E-9A83-A8EC6534F5CB"}]}]}],"references":[{"url":"https://security.nozominetworks.com/NN-2026:6-01","source":"prodsec@nozominetworks.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-40904","sourceIdentifier":"prodsec@nozominetworks.com","published":"2026-05-19T14:16:28.293","lastModified":"2026-05-19T17:41:46.880","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A Stored HTML Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can push malicious remote strategies containing HTML tags through the sync. When a victim views the affected remote strategy in the Smart Polling functionality, the injected HTML renders in their browser, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration."}],"metrics":{"cvssMetricV40":[{"source":"prodsec@nozominetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"prodsec@nozominetworks.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.3,"impactScore":3.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"prodsec@nozominetworks.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*","versionEndExcluding":"26.1.0","matchCriteriaId":"ADDB8845-2325-4017-82B0-96F27B254E0C"},{"vulnerable":true,"criteria":"cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*","versionEndExcluding":"26.1.0","matchCriteriaId":"643606B0-7E60-440E-9A83-A8EC6534F5CB"}]}]}],"references":[{"url":"https://security.nozominetworks.com/NN-2026:7-01","source":"prodsec@nozominetworks.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-23557","sourceIdentifier":"security@xen.org","published":"2026-05-19T14:16:38.817","lastModified":"2026-05-19T18:56:35.513","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Any guest can cause xenstored to crash by issuing a XS_RESET_WATCHES\ncommand within a transaction due to an assert() triggering.\n\nIn case xenstored was built with NDEBUG #defined nothing bad will\nhappen, as assert() is doing nothing in this case. Note that the\ndefault is not to define NDEBUG for xenstored builds even in release\nbuilds of Xen."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":4.0}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-617"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*","versionStartIncluding":"4.2.0","matchCriteriaId":"37DFEBDB-42A9-4A8C-A040-CC08782EF553"}]}]}],"references":[{"url":"https://xenbits.xenproject.org/xsa/advisory-484.html","source":"security@xen.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/04/28/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://xenbits.xen.org/xsa/advisory-484.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-23558","sourceIdentifier":"security@xen.org","published":"2026-05-19T14:16:38.960","lastModified":"2026-05-19T18:55:19.793","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The adjustments made for XSA-379 as well as those subsequently becoming\nXSA-387 still left a race window, when a HVM or PVH guest does a grant\ntable version change from v2 to v1 in parallel with mapping the status\npage(s) via XENMEM_add_to_physmap.  Some of the status pages may then be\nfreed while mappings of them would still be inserted into the guest's\nsecondary (P2M) page tables."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.1,"impactScore":6.0}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-362"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","matchCriteriaId":"3E095C1C-0DC6-4380-9333-477B13273E9E"}]}]}],"references":[{"url":"https://xenbits.xenproject.org/xsa/advisory-486.html","source":"security@xen.org","tags":["Mitigation","Patch","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/04/28/13","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Mitigation","Patch","Third Party Advisory"]},{"url":"http://xenbits.xen.org/xsa/advisory-486.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-42096","sourceIdentifier":"cvd@cert.pl","published":"2026-05-19T14:16:42.047","lastModified":"2026-05-19T14:45:59.807","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Sparx Pro Cloud Server is vulnerable to Broken Access Control within communication with the database. Due to lack of permission checks, any low privileged user can run arbitrary SQL queries within database user context.\n\nThe vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.1 (build 167) and below were tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable."}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://cert.pl/en/posts/2026/05/CVE-2026-42096","source":"cvd@cert.pl"},{"url":"https://efigo.pl/blog/CVE-2026-42096/","source":"cvd@cert.pl"},{"url":"https://sparxsystems.com/products/procloudserver/","source":"cvd@cert.pl"},{"url":"https://sploit.tech/2026/05/19/Sparx-Enterprise-Architect-PCS.html","source":"cvd@cert.pl"}]}},{"cve":{"id":"CVE-2026-42097","sourceIdentifier":"cvd@cert.pl","published":"2026-05-19T14:16:42.247","lastModified":"2026-05-19T14:45:59.807","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Sparx Pro Cloud Server requires authentication based on requested URL. An attacker can omit the \"model\" query parameter and send the model name only in the binary blob in POST request allowing SQL query execution without authentication.\n\nThe vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.1 (build 167) and below were tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable."}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Primary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://cert.pl/en/posts/2026/05/CVE-2026-42096","source":"cvd@cert.pl"},{"url":"https://efigo.pl/blog/CVE-2026-42096/","source":"cvd@cert.pl"},{"url":"https://sparxsystems.com/products/procloudserver/","source":"cvd@cert.pl"},{"url":"https://sploit.tech/2026/05/19/Sparx-Enterprise-Architect-PCS.html","source":"cvd@cert.pl"}]}},{"cve":{"id":"CVE-2026-42098","sourceIdentifier":"cvd@cert.pl","published":"2026-05-19T14:16:42.417","lastModified":"2026-05-19T14:45:59.807","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Sparx Enterprise Architect software has a security feature that limits user's actions to those specified in the role. An authenticated attacker can modify the Enterprise Architect  client behavior (e.g. using a debugger) and log in as any other user or administrator - then it is possible to do every possible change to the repository.\n\nThe vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 17.1 and below were tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable."}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Primary","description":[{"lang":"en","value":"CWE-603"}]}],"references":[{"url":"https://cert.pl/en/posts/2026/05/CVE-2026-42096","source":"cvd@cert.pl"},{"url":"https://efigo.pl/blog/CVE-2026-42096/","source":"cvd@cert.pl"},{"url":"https://sparxsystems.com/products/ea/","source":"cvd@cert.pl"},{"url":"https://sploit.tech/2026/05/19/Sparx-Enterprise-Architect-PCS.html","source":"cvd@cert.pl"}]}},{"cve":{"id":"CVE-2026-42099","sourceIdentifier":"cvd@cert.pl","published":"2026-05-19T14:16:42.630","lastModified":"2026-05-19T14:45:59.807","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Sparx Pro Cloud Server is vulnerable to a Race Condition in the /data_api/dl_internal_artifact.php endpoint. The application downloads the properties of the object pointed by guid parameter and saves loaded content in current location (__DIR__) under the specified name. An attacker with repository access can control both the filename and file contents, allowing the creation of a malicious PHP file in a current directory. Although the file is deleted after processing, a race condition exists: if the response transmission is delayed (e.g., via a large file or slow client connection), the file remains accessible. During this window, the attacker can issue a second request to execute the malicious PHP file, resulting in remote code execution.\n\n\n\n\n\n\n\n\nThe vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.1 (build 167) and below were tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable."}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Primary","description":[{"lang":"en","value":"CWE-362"}]}],"references":[{"url":"https://cert.pl/en/posts/2026/05/CVE-2026-42096","source":"cvd@cert.pl"},{"url":"https://efigo.pl/blog/CVE-2026-42096/","source":"cvd@cert.pl"},{"url":"https://sparxsystems.com/products/procloudserver/","source":"cvd@cert.pl"},{"url":"https://sploit.tech/2026/05/19/Sparx-Enterprise-Architect-PCS.html","source":"cvd@cert.pl"}]}},{"cve":{"id":"CVE-2026-42100","sourceIdentifier":"cvd@cert.pl","published":"2026-05-19T14:16:43.113","lastModified":"2026-05-19T14:45:59.807","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Handling of Syntactically Invalid Structure in Sparx Pro Cloud Server allows Denial of Service (DoS) attack to be executed by sending an specially crafted SQL query. This causes the Pro Cloud Server service to terminate unexpectedly. \n\nThe vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.1 (build 167) and below were tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable."}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Primary","description":[{"lang":"en","value":"CWE-228"}]}],"references":[{"url":"https://cert.pl/en/posts/2026/05/CVE-2026-42096","source":"cvd@cert.pl"},{"url":"https://efigo.pl/blog/CVE-2026-42096/","source":"cvd@cert.pl"},{"url":"https://sparxsystems.com/products/procloudserver/","source":"cvd@cert.pl"},{"url":"https://sploit.tech/2026/05/19/Sparx-Enterprise-Architect-PCS.html","source":"cvd@cert.pl"}]}},{"cve":{"id":"CVE-2026-43633","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-19T14:16:43.460","lastModified":"2026-05-19T14:43:04.157","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"HestiaCP versions 1.9.0 through 1.9.4 contain a deserialization vulnerability in the web terminal component caused by a session format mismatch between PHP and Node.js that allows unauthenticated remote attackers to achieve root-level code execution. Attackers can inject crafted data into HTTP headers that are processed by the PHP session handler but incorrectly deserialized by the Node.js web terminal component as trusted session values, resulting in arbitrary command execution on systems with the web terminal feature enabled."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.5,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://github.com/hestiacp/hestiacp/commit/854d71b3c1737b0a0d0cc55c926008ffe1f6719b","source":"disclosure@vulncheck.com"},{"url":"https://github.com/hestiacp/hestiacp/issues/5229","source":"disclosure@vulncheck.com"},{"url":"https://github.com/hestiacp/hestiacp/pull/5244","source":"disclosure@vulncheck.com"},{"url":"https://mercuryiss.com.au/hestiacp-unauthenticated-rce-ip-spoofing-cve-2026-43633-cve-2026-43634","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/hestiacp-deserialization-rce-via-web-terminal","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-6354","sourceIdentifier":"security@ubuntu.com","published":"2026-05-19T14:16:49.030","lastModified":"2026-05-19T14:16:49.030","vulnStatus":"Rejected","cveTags":[],"descriptions":[{"lang":"en","value":"Rejected reason: Voluntarily withdrawn"}],"metrics":{},"references":[]}},{"cve":{"id":"CVE-2026-8945","sourceIdentifier":"security@mozilla.org","published":"2026-05-19T14:16:50.687","lastModified":"2026-05-19T16:16:22.777","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Sandbox escape in Firefox and Firefox Focus for Android. This vulnerability was fixed in Firefox 151."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-693"}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2003171","source":"security@mozilla.org"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-46/","source":"security@mozilla.org"}]}},{"cve":{"id":"CVE-2026-8946","sourceIdentifier":"security@mozilla.org","published":"2026-05-19T14:16:50.800","lastModified":"2026-05-19T18:50:01.003","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*","versionEndExcluding":"115.36.0","matchCriteriaId":"E536CDC4-A298-44F5-B599-64CB64AD8F01"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"7C197B6D-C48E-4D7E-A1C0-52E081E97DF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*","versionStartIncluding":"140.0","versionEndExcluding":"140.11.0","matchCriteriaId":"59F64F78-F9C5-44CE-8A45-803C1A4E0688"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","versionEndExcluding":"140.11","matchCriteriaId":"B8EAADB3-40D5-4987-B57E-DF144037C031"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2029070","source":"security@mozilla.org","tags":["Permissions Required"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-46/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-47/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-48/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-50/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-51/","source":"security@mozilla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8947","sourceIdentifier":"security@mozilla.org","published":"2026-05-19T14:16:50.910","lastModified":"2026-05-19T18:47:52.620","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*","versionEndExcluding":"115.36.0","matchCriteriaId":"E536CDC4-A298-44F5-B599-64CB64AD8F01"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"7C197B6D-C48E-4D7E-A1C0-52E081E97DF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*","versionStartIncluding":"140.0","versionEndExcluding":"140.11.0","matchCriteriaId":"59F64F78-F9C5-44CE-8A45-803C1A4E0688"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","versionEndExcluding":"140.11","matchCriteriaId":"B8EAADB3-40D5-4987-B57E-DF144037C031"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2038439","source":"security@mozilla.org","tags":["Permissions Required"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-46/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-47/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-48/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-50/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-51/","source":"security@mozilla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8953","sourceIdentifier":"security@mozilla.org","published":"2026-05-19T14:16:51.593","lastModified":"2026-05-19T18:45:32.087","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":6.0}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*","versionEndExcluding":"115.36.0","matchCriteriaId":"E536CDC4-A298-44F5-B599-64CB64AD8F01"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"7C197B6D-C48E-4D7E-A1C0-52E081E97DF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*","versionStartIncluding":"140.0","versionEndExcluding":"140.11.0","matchCriteriaId":"59F64F78-F9C5-44CE-8A45-803C1A4E0688"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","versionEndExcluding":"140.11","matchCriteriaId":"B8EAADB3-40D5-4987-B57E-DF144037C031"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2029511","source":"security@mozilla.org","tags":["Permissions Required"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-46/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-47/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-48/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-50/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-51/","source":"security@mozilla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8954","sourceIdentifier":"security@mozilla.org","published":"2026-05-19T14:16:51.700","lastModified":"2026-05-19T18:42:57.803","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect boundary conditions, integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*","versionEndExcluding":"140.11.0","matchCriteriaId":"51216802-B743-4D96-9262-A4B0ECB71A0E"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"7C197B6D-C48E-4D7E-A1C0-52E081E97DF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*","versionEndExcluding":"140.11","matchCriteriaId":"35057096-2597-4FB5-AACB-E68FBE0A11A1"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2030747","source":"security@mozilla.org","tags":["Permissions Required"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-46/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-48/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-50/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-51/","source":"security@mozilla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-51427","sourceIdentifier":"cve@mitre.org","published":"2026-05-19T15:16:27.030","lastModified":"2026-05-19T18:04:29.373","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration file (dey_mini.yaml) under the key ['nnet']['module']."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/JIRUWOZHI/vulnerability-disclosure/blob/main/CVE-2025-51427/CVE_2025_51427.md","source":"cve@mitre.org"},{"url":"https://github.com/modelscope/modelscope/issues/1331","source":"cve@mitre.org"},{"url":"https://github.com/modelscope/modelscope/pull/1333","source":"cve@mitre.org"},{"url":"https://github.com/JIRUWOZHI/vulnerability-disclosure/blob/main/CVE-2025-51427/CVE_2025_51427.md","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2025-70950","sourceIdentifier":"cve@mitre.org","published":"2026-05-19T15:16:27.180","lastModified":"2026-05-19T18:04:29.373","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An issue in gohttp commit 34ea51 allows attackers to execute a directory traversal via supplying a crafted request."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://gist.github.com/Lime-Cocoa/202127ae5f4dcc4b39909ce7ac1c8466","source":"cve@mitre.org"},{"url":"https://github.com/itang/gohttp/issues/13","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-2586","sourceIdentifier":"emo@eclipse.org","published":"2026-05-19T15:16:28.413","lastModified":"2026-05-19T17:57:25.143","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution of arbitrary operating system commands with the privileges of the application service user."}],"metrics":{"cvssMetricV31":[{"source":"emo@eclipse.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0}]},"weaknesses":[{"source":"emo@eclipse.org","type":"Secondary","description":[{"lang":"en","value":"CWE-94"},{"lang":"en","value":"CWE-917"}]}],"references":[{"url":"https://gitlab.eclipse.org/security/cve-assignment/-/issues/87","source":"emo@eclipse.org"}]}},{"cve":{"id":"CVE-2026-2587","sourceIdentifier":"emo@eclipse.org","published":"2026-05-19T15:16:28.577","lastModified":"2026-05-19T17:57:25.143","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A critical Remote Code Execution (RCE) vulnerability was identified in the server-side template rendering mechanism used by the Glassfish gadget handler. The application processes .xml files and evaluates user-supplied values within a context where Expression Language (EL) “expressions” are processed without proper sanitization or escaping. By injecting expressions such as #{7*7}, the server returns 49, confirming server-side EL evaluation. This issue allows a remote attacker to fully compromise the underlying host, enabling capabilities as reading/modifying data, executing arbitrary commands, persistence, and lateral movement."}],"metrics":{"cvssMetricV31":[{"source":"emo@eclipse.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":6.0}]},"weaknesses":[{"source":"emo@eclipse.org","type":"Secondary","description":[{"lang":"en","value":"CWE-917"}]}],"references":[{"url":"https://gitlab.eclipse.org/security/cve-assignment/-/issues/86","source":"emo@eclipse.org"}]}},{"cve":{"id":"CVE-2026-34883","sourceIdentifier":"cve@mitre.org","published":"2026-05-19T15:16:30.150","lastModified":"2026-05-19T18:04:41.423","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in the Portrait Dell Color Management application before 3.7.0 for Dell monitors. On Windows, a symbolic link vulnerability allows a local low-privileged user to escalate privileges to Administrator. During installation, the software writes the file CCFLFamily_07Feb11.edr to C:\\ProgramData\\Portrait Displays\\CW\\data\\i1D3\\ while running with elevated privileges. Because the installer does not properly validate symbolic links or reparse points at the destination path, an attacker can create a malicious link that redirects the write operation to an arbitrary system location, enabling arbitrary file creation or overwrite with elevated privileges."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":3.4}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-59"}]}],"references":[{"url":"https://www.portrait.com/dell","source":"cve@mitre.org"},{"url":"https://www.portrait.com/dell-security-cve-updates/","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-43634","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-19T15:16:31.023","lastModified":"2026-05-19T17:57:58.497","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"HestiaCP versions 1.2.0 through 1.9.4 contain an IP spoofing vulnerability that allows unauthenticated remote attackers to bypass authentication security controls by supplying an arbitrary IP address in the CF-Connecting-IP HTTP header without verifying the request originated from Cloudflare's network. Attackers can exploit this to circumvent fail2ban brute-force protection, bypass per-user IP allowlists, and poison authentication audit logs by spoofing trusted IP addresses on each request."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-348"}]}],"references":[{"url":"https://github.com/hestiacp/hestiacp/commit/f381e294500f671cf12716c638afd0bfde901f88","source":"disclosure@vulncheck.com"},{"url":"https://github.com/hestiacp/hestiacp/issues/5229","source":"disclosure@vulncheck.com"},{"url":"https://github.com/hestiacp/hestiacp/pull/5273","source":"disclosure@vulncheck.com"},{"url":"https://mercuryiss.com.au/hestiacp-unauthenticated-rce-ip-spoofing-cve-2026-43633-cve-2026-43634","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/hestiacp-ip-spoofing-via-cf-connecting-ip-header","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-44159","sourceIdentifier":"9119a7d8-5eab-497f-8521-727c672e3725","published":"2026-05-19T15:16:31.180","lastModified":"2026-05-19T17:57:25.143","vulnStatus":"Awaiting Analysis","cveTags":[{"sourceIdentifier":"9119a7d8-5eab-497f-8521-727c672e3725","tags":["unsupported-when-assigned"]}],"descriptions":[{"lang":"en","value":"Tyler Identity Local (TID-L) uses documented, default administrative credentials. Users are not required to change the credentials before deployment. TID-L has not been distributed since December 2020, and has not been supported since 2021."}],"metrics":{"cvssMetricV40":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","description":[{"lang":"en","value":"CWE-1392"}]}],"references":[{"url":"https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-26-138-01.json","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-44159","source":"9119a7d8-5eab-497f-8521-727c672e3725"}]}},{"cve":{"id":"CVE-2026-45557","sourceIdentifier":"9119a7d8-5eab-497f-8521-727c672e3725","published":"2026-05-19T15:16:31.640","lastModified":"2026-05-19T17:57:25.143","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Technitium DNS Server aggressively tries to fetch missing RRSIG records or mismatched DNSKEY records. An attacker in control of a domain can cause a vulnerable system to generate excessive network traffic. Fixed in 15.0."}],"metrics":{"cvssMetricV40":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","description":[{"lang":"en","value":"CWE-405"},{"lang":"en","value":"CWE-406"},{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://github.com/TechnitiumSoftware/DnsServer/blo/master/CHANGELOG.md#version-150","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-26-138-02.json","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-45557","source":"9119a7d8-5eab-497f-8521-727c672e3725"}]}},{"cve":{"id":"CVE-2026-47100","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-19T15:16:32.117","lastModified":"2026-05-19T17:57:58.497","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Funnel Builder for WooCommerce Checkout prior to 3.15.0.3 contains a missing authorization vulnerability in the public checkout endpoint that allows unauthenticated attackers to invoke internal methods and write arbitrary data to the plugin's External Scripts global setting. Attackers can inject malicious JavaScript through the External Scripts setting that executes in the browsers of all checkout page visitors."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset/3530797/funnel-builder/tags/3.15.0.3/modules/checkouts/includes/class-wfacp-ajax-controller.php","source":"disclosure@vulncheck.com"},{"url":"https://sansec.io/research/funnelkit-woocommerce-vulnerability-exploited","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/funnel-builder-for-woocommerce-checkout-missing-authorization-via-ajax","source":"disclosure@vulncheck.com"},{"url":"https://sansec.io/research/funnelkit-woocommerce-vulnerability-exploited","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-8711","sourceIdentifier":"f5sirt@f5.com","published":"2026-05-19T15:16:33.017","lastModified":"2026-05-19T17:57:25.143","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"NGINX JavaScript has a vulnerability when the js_fetch_proxy directive is configured with at least one client-controlled NGINX variable (for example, $http_*, $arg_*, $cookie_*) and a location invoking the ngx.fetch() operation from NGINX JavaScript. An unauthenticated attacker can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, for systems with Address Space Layout Randomization (ASLR) disabled, code execution is possible. \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}],"metrics":{"cvssMetricV40":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"f5sirt@f5.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}]},"weaknesses":[{"source":"f5sirt@f5.com","type":"Primary","description":[{"lang":"en","value":"CWE-122"}]}],"references":[{"url":"https://my.f5.com/manage/s/article/K000161307","source":"f5sirt@f5.com"}]}},{"cve":{"id":"CVE-2026-5804","sourceIdentifier":"psirt@lenovo.com","published":"2026-05-19T16:16:22.413","lastModified":"2026-05-19T17:57:25.143","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An improper authentication vulnerability was discovered in the Motorola Factory Test component (com.motorola.motocit). The application contained a reference to a writable file descriptor in external storage which could be used by third party apps running on the device to open a TCP server, exposing sensitive permissions and data. This could allow a local attacker to bypass permission checks and access protected device settings."}],"metrics":{"cvssMetricV40":[{"source":"psirt@lenovo.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"psirt@lenovo.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.0,"impactScore":5.8}]},"references":[{"url":"https://en-us.support.motorola.com/app/answers/detail/a_id/192534","source":"psirt@lenovo.com"}]}},{"cve":{"id":"CVE-2026-36827","sourceIdentifier":"cve@mitre.org","published":"2026-05-19T17:16:21.937","lastModified":"2026-05-19T19:16:50.047","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A command injection vulnerability exists in Panabit PAP-XM320 up to and including V7.7. The web management interface invokes the backend helper /usr/sbin/pappiw and passes user-controlled parameters to it. The helper performs unsafe argument processing using eval, which allows command injection when attacker-controlled input is included in the arguments. As a result, an authenticated remote attacker with access to the management interface may execute arbitrary shell commands."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://secreu.notion.site/CVE-2026-36827-3652c0ab46158036a888ef4a12b104bf","source":"cve@mitre.org"},{"url":"https://www.panabit.com/","source":"cve@mitre.org"},{"url":"https://secreu.notion.site/CVE-2026-36827-3652c0ab46158036a888ef4a12b104bf","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-36828","sourceIdentifier":"cve@mitre.org","published":"2026-05-19T17:16:22.080","lastModified":"2026-05-19T19:16:50.237","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A command injection vulnerability exists in the /cgi-bin/tools/ajax_cmd endpoint of Panabit PAP-XM320 up to and including v7.7. The CGI component allows authenticated users to execute arbitrary shell commands with root privileges via the action=runcmd parameter."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://secreu.notion.site/CVE-2026-36828-3652c0ab461580f28f50ddc37ce4e1d6","source":"cve@mitre.org"},{"url":"https://www.panabit.com/","source":"cve@mitre.org"},{"url":"https://secreu.notion.site/CVE-2026-36828-3652c0ab461580f28f50ddc37ce4e1d6","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-36829","sourceIdentifier":"cve@mitre.org","published":"2026-05-19T17:16:22.210","lastModified":"2026-05-19T18:16:21.613","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An authentication bypass vulnerability exists in the embedded HTTP server of Panabit PAP-XM320 up to and including v7.7. The server validates session cookies using a filesystem existence check based on a user-controlled cookie value without proper sanitization, allowing directory traversal and bypass of authentication."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://secreu.notion.site/CVE-2026-36829-3652c0ab461580e19704e87b18865714","source":"cve@mitre.org"},{"url":"https://www.panabit.com/","source":"cve@mitre.org"},{"url":"https://secreu.notion.site/CVE-2026-36829-3652c0ab461580e19704e87b18865714","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-5511","sourceIdentifier":"f23511db-6c3e-4e32-a477-6aa17d310630","published":"2026-05-19T17:16:23.493","lastModified":"2026-05-19T17:59:12.383","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the web management interface of Archer AX72 (SG) v1, the network diagnostic feature improperly handles invalid user input, resulting in limited exposure of diagnostic command usage information. \n\n\nAn authenticated attacker with administrative privileges could exploit this issue to confirm the presence of the diagnostic utility and view its valid command-line syntax and options.  The exposed information is limited in scope and does not include sensitive system data."}],"metrics":{"cvssMetricV40":[{"source":"f23511db-6c3e-4e32-a477-6aa17d310630","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"f23511db-6c3e-4e32-a477-6aa17d310630","type":"Secondary","description":[{"lang":"en","value":"CWE-209"}]}],"references":[{"url":"https://www.tp-link.com/sg/support/download/archer-ax72/#Firmware","source":"f23511db-6c3e-4e32-a477-6aa17d310630"},{"url":"https://www.tp-link.com/us/support/faq/5096/","source":"f23511db-6c3e-4e32-a477-6aa17d310630"}]}},{"cve":{"id":"CVE-2025-61081","sourceIdentifier":"cve@mitre.org","published":"2026-05-19T18:16:19.767","lastModified":"2026-05-19T21:05:49.167","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"In BYD Atto3, an attacker can obtain an authentication key through Brute Force attack, which is permanently available. The authentication key enables flash to the Electronic Parking Break (EPB) and Supplemental Restoration System (SRS) related ECUs."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.9,"impactScore":6.0}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-307"}]}],"references":[{"url":"https://www.notion.so/BYD-Atto3-26215fb6156c8000b338db3c2011f637?source=copy_link","source":"cve@mitre.org"},{"url":"https://www.notion.so/CVE-2025-61081-26215fb6156c8000b338db3c2011f637","source":"cve@mitre.org"},{"url":"https://www.notion.so/BYD-Atto3-26215fb6156c8000b338db3c2011f637?source=copy_link","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"},{"url":"https://www.notion.so/CVE-2025-61081-26215fb6156c8000b338db3c2011f637","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-32134","sourceIdentifier":"security-advisories@github.com","published":"2026-05-19T18:16:21.147","lastModified":"2026-05-19T21:08:09.430","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In versions 0.24.10 and below, when NanoMQ handles high-concurrency reconnect traffic using a reconnect-collision payload, the broker can crash due to a NULL pointer dereference during MQTT session resumption for clean_start=0 clients. The transport's p_peer callback (tcptran_pipe_peer()) iterates cpipe->subinfol while copying session metadata from the cached old pipe to the new reconnecting pipe, without checking whether the pointer is NULL. Under a reconnect race, cpipe->subinfol can be freed and set to NULL before session restore invokes this function, resulting in a remote unauthenticated Denial-of-Service (process crash) condition. This issue has been fixed in version 0.24.11."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]}],"references":[{"url":"https://github.com/nanomq/NanoNNG/commit/522ec62e29e60d1122f2aedaa6e702dcf089f7bb","source":"security-advisories@github.com"},{"url":"https://github.com/nanomq/nanomq/issues/2241","source":"security-advisories@github.com"},{"url":"https://github.com/nanomq/nanomq/releases/tag/0.24.11","source":"security-advisories@github.com"},{"url":"https://github.com/nanomq/nanomq/security/advisories/GHSA-q36f-83mh-pcv2","source":"security-advisories@github.com"},{"url":"https://github.com/nanomq/nanomq/issues/2241","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"},{"url":"https://github.com/nanomq/nanomq/security/advisories/GHSA-q36f-83mh-pcv2","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-33633","sourceIdentifier":"security-advisories@github.com","published":"2026-05-19T18:16:21.343","lastModified":"2026-05-19T21:08:41.030","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and below contain a heap buffer overflow in load_image_data() that allows any process which can write to the terminal's stdin to crash kitty immediately. The vulnerability is triggered by a single APC graphics protocol command with a PNG format declaration (f=100) whose payload exceeds twice the initial buffer capacity. The overflow is attacker-controlled in both length and content, causing DoS and potentially escalation to RCE itself. This issue has been fixed in version 0.47.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]}],"references":[{"url":"https://github.com/kovidgoyal/kitty/commit/e9661f0f3afb4e4dbffa509adfb3df3c9780ad34","source":"security-advisories@github.com"},{"url":"https://github.com/kovidgoyal/kitty/security/advisories/GHSA-j68c-v8x4-269g","source":"security-advisories@github.com"},{"url":"https://github.com/kovidgoyal/kitty/security/advisories/GHSA-j68c-v8x4-269g","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-6009","sourceIdentifier":"db6d2600-d19b-4111-a010-f3c4ed70cd50","published":"2026-05-19T18:16:29.613","lastModified":"2026-05-19T21:08:41.030","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Java Deserialisation Vulnerability in Jaspersoft Reports Library leads to Remote Code Execution (RCE), potentially allowing code execution on the affected system"}],"metrics":{"cvssMetricV40":[{"source":"db6d2600-d19b-4111-a010-f3c4ed70cd50","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"db6d2600-d19b-4111-a010-f3c4ed70cd50","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://community.jaspersoft.com/advisories/jaspersoft-security-advisory-may-19-2026-jaspersoft-library-cve-2026-6009-r11/","source":"db6d2600-d19b-4111-a010-f3c4ed70cd50"}]}},{"cve":{"id":"CVE-2026-8602","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-05-19T18:16:31.710","lastModified":"2026-05-19T21:01:28.183","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In ScadaBR version 1.2.0, a Missing Authentication for Critical Function vulnerability could allow an unauthenticated attacker to send a HTTP GET requests to the SCADA system and inject arbitrary sensor readings."}],"metrics":{"cvssMetricV40":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Primary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-139-03","source":"ics-cert@hq.dhs.gov"}]}},{"cve":{"id":"CVE-2026-8603","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-05-19T18:16:31.877","lastModified":"2026-05-19T21:01:28.183","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an attacker to execute commands as root on the SCADA system."}],"metrics":{"cvssMetricV40":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-139-03","source":"ics-cert@hq.dhs.gov"}]}},{"cve":{"id":"CVE-2026-8604","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-05-19T18:16:32.037","lastModified":"2026-05-19T21:01:28.183","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In ScadaBR version 1.2.0, a CSRF vulnerability could allow an attacker to trigger any authenticated action through a victim's session by luring any logged-in user to a malicious webpage."}],"metrics":{"cvssMetricV40":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-139-03","source":"ics-cert@hq.dhs.gov"}]}},{"cve":{"id":"CVE-2026-8605","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-05-19T18:16:32.193","lastModified":"2026-05-19T21:01:28.183","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In ScadaBR version 1.2.0, a Use of Hard-Coded Credentials vulnerability could allow an attacker to access the SCADA system as admin."}],"metrics":{"cvssMetricV40":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Primary","description":[{"lang":"en","value":"CWE-798"}]}],"references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-139-03","source":"ics-cert@hq.dhs.gov"}]}},{"cve":{"id":"CVE-2026-33637","sourceIdentifier":"security-advisories@github.com","published":"2026-05-19T19:16:49.113","lastModified":"2026-05-19T21:08:41.030","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Versions 2.0.0 through 2.14.1 still allow protocol-relative host override when the request target is passed as a URI object (rather than a String) to Faraday::Connection#build_exclusive_url. This bypasses the February 2026 fix for GHSA-33mh-2634-fwr2 and enables off-host request forgery: a request built from a fixed-base Faraday::Connection can be redirected to an attacker-controlled host, forwarding connection-scoped values such as Authorization headers and default query parameters. This issue has been fixed in version 2.14.3."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N","baseScore":0.0,"baseSeverity":"NONE","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":0.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/advisories/GHSA-33mh-2634-fwr2","source":"security-advisories@github.com"},{"url":"https://github.com/lostisland/faraday/security/advisories/GHSA-5rv5-xj5j-3484","source":"security-advisories@github.com"},{"url":"https://github.com/lostisland/faraday/security/advisories/GHSA-5rv5-xj5j-3484","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-33642","sourceIdentifier":"security-advisories@github.com","published":"2026-05-19T19:16:49.293","lastModified":"2026-05-19T21:08:41.030","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Kitty is a cross-platform GPU based terminal. In versions 0.46.2 and below, the handle_compose_command() function in kitty/graphics.c performs bounds validation on composition offsets using unsigned 32-bit arithmetic that is subject to integer wrapping, potentially leading to Heap Buffer Over-Read/Write. An attacker who can write escape sequences to a kitty terminal (e.g., via a malicious file, SSH login banner, or piped content) can supply crafted x_offset/y_offset values that pass the bounds check after wrapping but cause massive out-of-bounds heap memory access in compose_rectangles(). No user interaction is required. No non-default configuration is required. The attacker only needs the ability to produce output in a kitty terminal window. This issue has been fixed in version 0.47.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.3}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"},{"lang":"en","value":"CWE-190"},{"lang":"en","value":"CWE-787"}]}],"references":[{"url":"https://github.com/kovidgoyal/kitty/commit/e9661f0f3afb4e4dbffa509adfb3df3c9780ad34","source":"security-advisories@github.com"},{"url":"https://github.com/kovidgoyal/kitty/security/advisories/GHSA-qfgm-2c64-6x3x","source":"security-advisories@github.com"},{"url":"https://github.com/kovidgoyal/kitty/security/advisories/GHSA-qfgm-2c64-6x3x","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-34154","sourceIdentifier":"security-advisories@github.com","published":"2026-05-19T19:16:49.660","lastModified":"2026-05-19T21:08:41.030","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, a  vulnerability in the discourse-subscriptions plugin allows users to gain access to subscription-gated groups without completing payment. This issue has been fixed in versions 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-pjgj-7mjq-6j7g","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-41470","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-19T19:16:50.440","lastModified":"2026-05-19T21:08:41.030","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"LIVE555 before 2026.04.22 contains an authorization bypass vulnerability in RTSP session command handling that allows attackers to replay valid Session tokens from unauthenticated connections. Attackers who obtain a valid Session token can issue PLAY and TEARDOWN commands from a second TCP connection without authentication, causing server crashes through virtual function call errors or disrupting active streams by terminating victim sessions."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":3.6}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://download.live555.com/","source":"disclosure@vulncheck.com"},{"url":"https://gist.github.com/yhcho0405/ee9b67a96808ef19f22e8a4ee88c795f","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/live555-rtsp-server-authorization-bypass-via-session-token","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-8073","sourceIdentifier":"security@wordfence.com","published":"2026-05-19T19:16:51.577","lastModified":"2026-05-19T21:00:47.093","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation and missing capability check in the 'downloadZIP' function in all versions up to, and including, 6.0.6. This makes it possible for unauthenticated attackers to read and delete arbitrary files limited in the WordPress uploads base directory."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-23"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/kirki/tags/6.0.1/includes/API.php#L60","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3535640/kirki/trunk/includes/API.php","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b073edd0-3f40-423e-976e-996b29caf66e?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-8096","sourceIdentifier":"security@wordfence.com","published":"2026-05-19T19:16:51.743","lastModified":"2026-05-19T21:00:47.093","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.6. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to view all Kirki frontend forms and read stored visitor form submission data, including contact details, messages, and any other visitor-provided information submitted through site forms."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/kirki/tags/6.0.4/includes/Ajax.php#L675","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3535640/kirki","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1a4414b1-6a49-42f8-9927-93763d1502ce?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-8370","sourceIdentifier":"vuln@ca.com","published":"2026-05-19T19:16:51.903","lastModified":"2026-05-19T21:01:06.970","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Execution with unnecessary privileges vulnerability in Broadcom Automic Automation Agent Unix on Linux x64, Linux Power 64 BE, Linux Power 64 LE, zLinux (zSeries), AIX, Solaris x64, Solaris Sparc 64 allows Privilege Escalation, Target Programs with Elevated Privileges.\n\nThis issue affects Automic Automation: < 24.4.4 HF1."}],"metrics":{"cvssMetricV40":[{"source":"vuln@ca.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"vuln@ca.com","type":"Secondary","description":[{"lang":"en","value":"CWE-250"}]}],"references":[{"url":"https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37512","source":"vuln@ca.com"}]}},{"cve":{"id":"CVE-2026-27173","sourceIdentifier":"security@apache.org","published":"2026-05-19T20:16:17.440","lastModified":"2026-05-19T21:16:41.920","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"JWT tokens that were used by workers in Kubernetes Executors have been exposed to users who had read only access to Kuberentes Pods. This could allow users with just read-only access to perform actions that were only available to running tasks via Task SDK and potentially allow to modify state of Airflow Database for tasks."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.0,"impactScore":6.0}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-538"}]}],"references":[{"url":"https://github.com/apache/airflow/pull/60108","source":"security@apache.org"},{"url":"https://lists.apache.org/thread/pk3m2z4s2rkmc0v6gh9hnch9spc6stqw","source":"security@apache.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/05/19/35","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-42526","sourceIdentifier":"security@apache.org","published":"2026-05-19T20:16:19.163","lastModified":"2026-05-19T21:16:43.000","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the AWS Secrets Manager and SSM Parameter Store secrets backends of `apache-airflow-providers-amazon` prior to 9.28.0, the team-scoping logic could resolve a `conn_id` containing a `/` (e.g. `\"my_team/conn\"`) to the same path as another team's team-scoped secret when the caller had no team context. A privileged caller without team context could therefore retrieve another team's secret by crafting a colliding `conn_id`. Fixed in 9.28.0 by switching the team-scope separator to `--` and rejecting team-shaped `conn_id`s when team context is absent. Affects the experimental multi-tenant teams feature only. Users are recommended to upgrade to `apache-airflow-providers-amazon` 9.28.0, which fixes the issue."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":3.6}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/apache/airflow/pull/65703","source":"security@apache.org"},{"url":"https://lists.apache.org/thread/0092sz5g520d3qqjb01wd61myqlgjtyn","source":"security@apache.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/05/19/36","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}