{"resultsPerPage":356,"startIndex":0,"totalResults":356,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-21T21:06:42.044","vulnerabilities":[{"cve":{"id":"CVE-2023-46136","sourceIdentifier":"security-advisories@github.com","published":"2023-10-25T18:17:36.753","lastModified":"2026-05-20T23:16:34.553","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Werkzeug is a comprehensive WSGI web application library. In versions on the 3.x branch prior to 3.0.1 and on the 2.x branch prior to 2.3.8, if an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal bytearray and lookup for boundary is performed on growing buffer. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. This vulnerability has been patched in version 3.0.1 and 2.3.8."},{"lang":"es","value":"Werkzeug es una librería completa de aplicaciones web WSGI. Si se carga un archivo que comienza con CR o LF y luego va seguido de megabytes de datos sin estos caracteres: todos estos bytes se agregan fragmento a fragmento en una matriz de bytes interna y la búsqueda de los límites se realiza en un búfer en crecimiento. Esto permite a un atacante provocar una denegación de servicio enviando datos multiparte manipulados a un endpoint que los analizará. La cantidad de tiempo de CPU necesaria puede impedir que los procesos de trabajo manejen solicitudes legítimas. Esta vulnerabilidad ha sido parcheada en la versión 3.0.1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"},{"lang":"en","value":"CWE-407"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:palletsprojects:werkzeug:*:*:*:*:*:*:*:*","versionEndExcluding":"2.3.8","matchCriteriaId":"F6578217-312C-44C5-851E-7F6FC6C0F8C1"},{"vulnerable":true,"criteria":"cpe:2.3:a:palletsprojects:werkzeug:3.0.0:*:*:*:*:*:*:*","matchCriteriaId":"3ECAF2F0-90D0-4564-93A5-0EAE8B317123"}]}]}],"references":[{"url":"https://github.com/pallets/werkzeug/commit/f3c803b3ade485a45f12b6d6617595350c0f03e2","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/pallets/werkzeug/security/advisories/GHSA-hrfv-mqp8-q5rw","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://github.com/pallets/werkzeug/commit/f3c803b3ade485a45f12b6d6617595350c0f03e2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/pallets/werkzeug/security/advisories/GHSA-hrfv-mqp8-q5rw","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20231124-0008/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-5807","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-10-27T13:15:08.387","lastModified":"2026-05-20T14:16:34.177","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TRtek Software Education Portal allows SQL Injection.\n\nThis issue affects Education Portal: before 3.2023.29."},{"lang":"es","value":"La neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"Inyección SQL\") en TRtek Software Education Portal permite la inyección SQL. Este problema afecta al Portal educativo: antes de 3.2023.29."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:trteksolutions:education_portal:*:*:*:*:*:*:*:*","versionEndExcluding":"2023-03-29","matchCriteriaId":"43E301D9-99FB-4EB3-9B2F-24FB8B1FCFE2"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0608","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0608","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0608","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-5921","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-11-22T09:15:07.690","lastModified":"2026-05-20T14:16:34.333","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Enforcement of Behavioral Workflow vulnerability in DECE Software Geodi allows Functionality Bypass.\n\nThis issue affects Geodi: before 8.0.0.27396."},{"lang":"es","value":"La aplicación inadecuada de la vulnerabilidad del flujo de trabajo conductual en el software DECE Geodi permite la omisión de funcionalidad. Este problema afecta a Geodi: antes de 8.0.0.27396."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-841"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:decesoftware:geodi:*:*:*:*:*:*:*:*","versionEndExcluding":"8.0.0.27396","matchCriteriaId":"67D33BAA-FCF4-412B-A8FF-7E62F7D5A13A"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0650","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0650","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0650","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-6011","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-11-22T09:15:07.927","lastModified":"2026-05-20T14:16:34.830","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DECE Software Geodi allows Stored XSS.\n\nThis issue affects Geodi: before 8.0.0.27396."},{"lang":"es","value":"La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en el software DECE Geodi permite almacenar XSS. Este problema afecta a Geodi: versiones anteriores a 8.0.0.27396."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dece:geodi:*:*:*:*:*:*:*:*","versionEndExcluding":"8.0.0.27396","matchCriteriaId":"6153DD6B-3A60-49BE-B0D7-BA04739EBB58"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0650","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0650","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0650","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-5983","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-11-22T12:15:22.777","lastModified":"2026-05-20T14:16:34.467","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Botanik Software Pharmacy Automation allows Retrieve Embedded Sensitive Data.\n\nThis issue affects Pharmacy Automation: before 2.1.133.0."},{"lang":"es","value":"La exposición de información confidencial a una vulnerabilidad de actor no autorizado en Botanik Software Pharmacy Automation permite recuperar datos confidenciales incrustados. Este problema afecta a Pharmacy Automation: antes de 2.1.133.0."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-359"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:botanikyazilim:pharmacy_automation:*:*:*:*:*:*:*:*","versionEndExcluding":"2.1.133.0","matchCriteriaId":"CFA2AD8F-0F17-492E-A498-61E996ABE56F"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0652","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0652","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0652","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-6118","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-11-23T15:15:10.583","lastModified":"2026-05-20T14:16:35.077","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Path Traversal: '/../filedir' vulnerability in Neutron IP Camera allows Absolute Path Traversal.\n\nThis issue affects IP Camera: before b1130.1.0.1."},{"lang":"es","value":": Path Traversal: la vulnerabilidad '/../filedir' en Neutron IP Camera permite un Absolute Path Traversal. Este problema afecta a IP Camera: anterior a b1130.1.0.1."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-25"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:neutron:neu-ipb210-28_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"b1130.1.0.1","matchCriteriaId":"E9E17F5B-4BCD-4B73-B75E-E2DF2A881568"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:neutron:neu-ipb210-28:-:*:*:*:*:*:*:*","matchCriteriaId":"02E29DB6-831D-4D32-9977-377505D7154E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:neutron:ntl-pt-06wod-3mp_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"b1130.1.0.1","matchCriteriaId":"DD8EB50E-AB61-4164-A64B-767D88C11178"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:neutron:ntl-pt-06wod-3mp:-:*:*:*:*:*:*:*","matchCriteriaId":"CC3FB86D-1E37-4DB8-8CC8-B3EF9D222118"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:neutron:neu-ipb410-28_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"b1130.1.0.1","matchCriteriaId":"B08ECB23-FD9F-4349-BC23-C60DCB1C492C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:neutron:neu-ipb410-28:-:*:*:*:*:*:*:*","matchCriteriaId":"7A10018A-43D9-4D2E-A9AC-550C5D7D6E13"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:neutron:ntl-bc-01w_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"b1130.1.0.1","matchCriteriaId":"8CE3F378-9281-42E3-BB9C-EE65F625C0D6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:neutron:ntl-bc-01w:-:*:*:*:*:*:*:*","matchCriteriaId":"4D2D9338-5E7C-4519-BDE1-6B827D2CB55F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:neutron:neu-ipbm211_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"b1130.1.0.1","matchCriteriaId":"BA541A95-FAF0-4E97-B795-E9F295EB8781"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:neutron:neu-ipbm211:-:*:*:*:*:*:*:*","matchCriteriaId":"8C0D0159-2A14-421E-894F-7E3A5159274E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:neutron:ntl-pt-09-wos-3mp_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"b1130.1.0.1","matchCriteriaId":"9C7F2C36-C14D-4DFA-8E32-BBCA1B9F7020"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:neutron:ntl-pt-09-wos-3mp:-:*:*:*:*:*:*:*","matchCriteriaId":"D14FDBEB-6F79-4788-8720-BFFEEDA2E05D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:neutron:neu-ipbm411_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"b1130.1.0.1","matchCriteriaId":"79C1B425-92A1-40F2-B855-D462102E50B6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:neutron:neu-ipbm411:-:*:*:*:*:*:*:*","matchCriteriaId":"5E8F3B75-97FE-4456-9D37-327283CAEEF1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:neutron:ntl-pt-10-4gwos-3mp_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"b1130.1.0.1","matchCriteriaId":"24AE955A-C6FC-4000-812B-84438C0F4832"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:neutron:ntl-pt-10-4gwos-3mp:-:*:*:*:*:*:*:*","matchCriteriaId":"24CF1DB2-9D3E-40EE-A640-BD70EF9C67C0"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:neutron:ipc2224-sr3-npf-36_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"b1130.1.0.1","matchCriteriaId":"C0A6911A-BC7D-426F-A0A1-DCE8DFB6E472"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:neutron:ipc2224-sr3-npf-36:-:*:*:*:*:*:*:*","matchCriteriaId":"597EAF61-E256-4E2B-9E3B-EA8CDCFE2623"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:neutron:ipc2624-sr3-npf-36_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"b1130.1.0.1","matchCriteriaId":"1C49227E-A9B1-4F80-BA1A-8F1FDF257A46"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:neutron:ipc2624-sr3-npf-36:-:*:*:*:*:*:*:*","matchCriteriaId":"51A15202-CCFD-46C8-86E2-CCD68EADAAC2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:neutron:ntl-bc-03-snm_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"b1130.1.0.1","matchCriteriaId":"BC42EE6D-2F7B-4B95-99AA-7EAB593E795E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:neutron:ntl-bc-03-snm:-:*:*:*:*:*:*:*","matchCriteriaId":"99011562-59ED-45D1-AFFE-D19BD1B74DB8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:neutron:ntl-bc-03-snp_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"b1130.1.0.1","matchCriteriaId":"786836E4-7A57-464E-94B9-1F6F4F8C159F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:neutron:ntl-bc-03-snp:-:*:*:*:*:*:*:*","matchCriteriaId":"E2EA5604-EF9F-4FF7-AA8D-38C626DB1B3B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:neutron:neu-ipd220-28_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"b1130.1.0.1","matchCriteriaId":"27FD6535-5A60-4AFB-BB3C-8A7AA6A88CB6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:neutron:neu-ipd220-28:-:*:*:*:*:*:*:*","matchCriteriaId":"113B05D6-6263-4379-80EA-40E5B95468A4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:neutron:ntl-bc01-m_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"b1130.1.0.1","matchCriteriaId":"B81FB586-9DE5-4108-A213-6C969E8BB8E9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:neutron:ntl-bc01-m:-:*:*:*:*:*:*:*","matchCriteriaId":"EA533B42-E832-4817-BC68-530DBA778EED"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:neutron:neu-ipdm221_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"b1130.1.0.1","matchCriteriaId":"BE3208EB-EC1B-4CC2-8044-52F003719112"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:neutron:neu-ipdm221:-:*:*:*:*:*:*:*","matchCriteriaId":"8749B6F5-5E72-41C5-93A5-024E61C2FECB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:neutron:neu-ipdm421_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"b1130.1.0.1","matchCriteriaId":"6D28A715-523B-4B4D-82EA-57D99BB39245"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:neutron:neu-ipdm421:-:*:*:*:*:*:*:*","matchCriteriaId":"268747DD-EE4A-4379-B8D7-792CDFF0FE47"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:neutron:ntl-ip05-3mp_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"b1130.1.0.1","matchCriteriaId":"1D10738A-B998-48F6-9DE7-B38D011986E7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:neutron:ntl-ip05-3mp:-:*:*:*:*:*:*:*","matchCriteriaId":"2DEE39BB-5792-4807-908C-5CDB086F5A4F"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0658","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0658","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0658","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-6150","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-11-28T10:15:07.397","lastModified":"2026-05-20T14:16:35.493","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect Use of Privileged APIs vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users.\n\nThis issue affects e-municipality module: before v.105."},{"lang":"es","value":"Una vulnerabilidad de gestión de privilegios inadecuada en el módulo de e-municipality ESKOM Computer permite recopilar datos proporcionados por los usuarios. Este problema afecta al módulo de e-municipality: anterior a v.105."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-648"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:eskom:e-belediye:*:*:*:*:*:*:*:*","versionEndExcluding":"105","matchCriteriaId":"E8A616C3-ECA8-4D72-8279-08835A3704FE"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0664","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0664","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0664","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-6151","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-11-28T10:15:07.610","lastModified":"2026-05-20T14:16:35.623","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect Use of Privileged APIs vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users.\n\nThis issue affects e-municipality module: before v.105."},{"lang":"es","value":"Una vulnerabilidad de gestión de privilegios inadecuada en el módulo de e-municipality ESKOM Computer permite recopilar datos proporcionados por los usuarios. Este problema afecta al módulo de e-municipality: anterior a v.105."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-648"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:eskom:e-belediye:*:*:*:*:*:*:*:*","versionEndExcluding":"105","matchCriteriaId":"E8A616C3-ECA8-4D72-8279-08835A3704FE"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0664","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0664","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0664","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-6201","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-11-28T12:15:07.443","lastModified":"2026-05-20T12:16:19.960","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Univera Computer System Panorama allows Command Injection.\n\nThis issue affects Panorama: before 8.0."},{"lang":"es","value":"La neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando del sistema operativo ('inyección de comando del sistema operativo') en Univera Computer System Panorama permite la inyección de comando. Este problema afecta a Panorama: versiones anteriores a 8.0."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:univera:panorama:*:*:*:*:*:*:*:*","versionEndExcluding":"8.0","matchCriteriaId":"AE8CA235-8CB3-4DFC-9B3B-A84546BACA8F"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0665","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0665","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0665","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-5636","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-12-01T14:15:08.393","lastModified":"2026-05-20T16:16:22.653","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Unrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal allows Command Injection.\n\nThis issue affects Education Portal: before v1.1."},{"lang":"es","value":"La carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en ArslanSoft Education Portal permite la inyección de comandos. Este problema afecta a Education Portal: versiones anteriores a v1.1."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:arslansoft_education_portal_project:arslansoft_education_portal:*:*:*:*:*:*:*:*","versionEndExcluding":"1.1","matchCriteriaId":"6A728C5C-53FC-4DD9-90D6-25FE3D3162CB"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0670","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0670","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0670","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-5637","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-12-01T14:15:08.607","lastModified":"2026-05-20T16:16:23.513","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Unrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal allows Read Sensitive Strings Within an Executable.\n\nThis issue affects Education Portal: before v1.1."},{"lang":"es","value":"La carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en ArslanSoft Education Portal permite leer cadenas confidenciales dentro de un ejecutable. Este problema afecta a Education Portal: versiones anteriores a v1.1."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:arslansoft_education_portal_project:arslansoft_education_portal:*:*:*:*:*:*:*:*","versionEndExcluding":"1.1","matchCriteriaId":"6A728C5C-53FC-4DD9-90D6-25FE3D3162CB"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0670","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0670","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0670","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-5988","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-12-21T10:15:37.383","lastModified":"2026-05-20T14:16:34.587","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uyumsoft Information System and Technologies LioXERP allows Reflected XSS.\n\nThis issue affects LioXERP: before v.146."},{"lang":"es","value":"Una vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('Cross-site Scripting') en Uyumsoft Information System and Technologies LioXERP permite XSS reflejado. Este problema afecta a LioXERP: versiones anteriores a v.146."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:uyumsoft:lioxerp:*:*:*:*:*:*:*:*","versionEndExcluding":"0.146","matchCriteriaId":"1BC0DF9A-486E-4440-8E1D-EBCAA8A5334A"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0721","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0721","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0721","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-5989","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-12-21T10:15:37.990","lastModified":"2026-05-20T14:16:34.713","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uyumsoft Information System and Technologies' LioXERP allows an authenticated user to execute Stored XSS.\n\n\n\nThis issue affects LioXERP: before v.146."},{"lang":"es","value":"Una vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('Cross-site Scripting') en Uyumsoft Information System and Technologies LioXERP permite almacenar XSS. Este problema afecta a LioXERP: versiones anteriores a v.146."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:uyumsoft:lioxerp:*:*:*:*:*:*:*:*","versionEndExcluding":"0.146","matchCriteriaId":"1BC0DF9A-486E-4440-8E1D-EBCAA8A5334A"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0721","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0721","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0721","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-6122","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-12-21T14:15:09.063","lastModified":"2026-05-20T14:16:35.223","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in İstanbul Soft Informatics and Consultancy Limited Company Softomi Gelişmiş C2C Pazaryeri Yazılımı allows Reflected XSS.\n\nThis issue affects Softomi Gelişmiş C2C Pazaryeri Yazılımı: before 12122023."},{"lang":"es","value":"Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('Cross-site Scripting') en Estambul Soft Informatics and Consultancy Limited Company Softomi Geli?mi? C2C Pazaryeri Yaz?l?m? permite XSS reflejado. Este problema afecta a Softomi Geli?mi? C2C Pazaryeri Yaz?l?m?: antes de 12122023."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:softomi:advanced_c2c_marketplace_software:*:*:*:*:*:*:*:*","versionEndExcluding":"12122023","matchCriteriaId":"EA3F76C0-04DF-41F2-AFAA-9C5C9134BF76"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0724","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0724","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0724","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-6145","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-12-21T14:15:09.430","lastModified":"2026-05-20T14:16:35.350","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in İstanbul Soft Informatics and Consultancy Limited Company Softomi Advanced C2C Marketplace Software allows SQL Injection.\n\nThis issue affects Softomi Advanced C2C Marketplace Software: before 12122023."},{"lang":"es","value":"La neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"Inyección SQL\") en Estambul Soft Informatics and Consultancy Limited Company Softomi Advanced C2C Marketplace Software permite la inyección SQL. Este problema afecta a Softomi Advanced C2C Marketplace Software: antes de 12122023."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:softomi:advanced_c2c_marketplace_software:*:*:*:*:*:*:*:*","versionEndExcluding":"12122023","matchCriteriaId":"EA3F76C0-04DF-41F2-AFAA-9C5C9134BF76"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0724","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0724","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0724","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-6190","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-12-27T15:15:45.900","lastModified":"2026-05-20T12:16:19.643","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in İzmir Katip Çelebi University University Information Management System allows Absolute Path Traversal.\n\nThis issue affects University Information Management System: before 30.11.2023."},{"lang":"es","value":"Vulnerabilidad de validación de entrada incorrecta en ?zmir Katip Çelebi University University Information Management System permite un path traversal. Este problema afecta a University Information Management System: antes del 30.11.2023."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ikcu:university_information_management_system:*:*:*:*:*:*:*:*","versionEndExcluding":"30.11.2023","matchCriteriaId":"FB9D24F2-B97F-4FEA-828C-E20D8036D5E5"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0736","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0736","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0736","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-6436","sourceIdentifier":"iletisim@usom.gov.tr","published":"2024-01-02T13:15:08.930","lastModified":"2026-05-20T12:16:20.243","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ekol Informatics Website Template allows SQL Injection.\n\nThis issue affects Website Template: through 20231215."},{"lang":"es","value":"La neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"Inyección SQL\") en Ekol Informatics Website Template permite la inyección de SQL. Este problema afecta a Website Template: hasta 20231215."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ekolbilisim:web_sablonu_yazilimi:*:*:*:*:*:*:*:*","versionEndIncluding":"20231215","matchCriteriaId":"D95E015B-13FA-40D2-B95F-4FE7CF7B6ABD"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-0001","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-24-0001","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-24-0001","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-5806","sourceIdentifier":"iletisim@usom.gov.tr","published":"2024-01-18T13:15:08.770","lastModified":"2026-05-20T16:16:23.643","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mergen Software Quality Management System allows SQL Injection.\n\nThis issue affects Quality Management System: before v1.2."},{"lang":"es","value":"La neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"inyección SQL\") en Mergen Software Quality Management System permite la inyección SQL. Este problema afecta a Quality Management System: anterior a v1.2."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mergentech:quality_management_system:*:*:*:*:*:*:*:*","versionEndExcluding":"1.2","matchCriteriaId":"1B81EAFE-EDE8-43A9-B6B1-D9972632C0F5"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-0040","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-24-0040","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-24-0040","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-4993","sourceIdentifier":"iletisim@usom.gov.tr","published":"2024-02-15T16:15:45.643","lastModified":"2026-05-20T12:16:18.417","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect Use of Privileged APIs vulnerability in Utarit Information Technologies SoliPay Mobile App allows Collect Data as Provided by Users.\n\nThis issue affects SoliPay Mobile App: before 5.0.8."},{"lang":"es","value":"Vulnerabilidad de gestión de privilegios inadecuada en la aplicación móvil SoliPay de Utarit Information Technologies permite recopilar datos proporcionados por los usuarios. Este problema afecta a la aplicación móvil SoliPay: versiones anteriores a 5.0.8."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-648"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:utarit:solipay_mobile:*:*:*:*:*:*:*:*","versionEndExcluding":"5.0.8","matchCriteriaId":"959D95E5-61A9-4A28-8785-63580837107E"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-0104","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-24-0104","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-24-0104","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-5155","sourceIdentifier":"iletisim@usom.gov.tr","published":"2024-02-15T16:15:45.910","lastModified":"2026-05-20T12:16:19.237","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Utarit Information Technologies SoliPay Mobile App allows SQL Injection.\n\nThis issue affects SoliPay Mobile App: before 5.0.8."},{"lang":"es","value":"La neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"Inyección SQL\") en Utarit Information Technologies SoliPay Mobile App permite la inyección SQL. Este problema afecta a SoliPay Mobile App: versiones anteriores a 5.0.8."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:utarit:solipay_mobile:*:*:*:*:*:*:*:*","versionEndExcluding":"5.0.8","matchCriteriaId":"959D95E5-61A9-4A28-8785-63580837107E"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-0104","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-24-0104","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-24-0104","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-6255","sourceIdentifier":"iletisim@usom.gov.tr","published":"2024-02-15T16:15:46.117","lastModified":"2026-05-20T12:16:20.110","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Use of Hard-coded Credentials vulnerability in Utarit Information Technologies SoliPay Mobile App allows Read Sensitive Strings Within an Executable.\n\nThis issue affects SoliPay Mobile App: before 5.0.8."},{"lang":"es","value":"El uso de vulnerabilidad de credenciales codificadas en la aplicación móvil SoliPay de Utarit Information Technologies permite leer cadenas confidenciales dentro de un ejecutable. Este problema afecta a SoliPay Mobile App: versiones anteriores a 5.0.8."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-798"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:utarit:solipay_mobile:*:*:*:*:*:*:*:*","versionEndExcluding":"5.0.8","matchCriteriaId":"959D95E5-61A9-4A28-8785-63580837107E"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-0104","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-24-0104","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-24-0104","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-6173","sourceIdentifier":"iletisim@usom.gov.tr","published":"2024-03-27T12:15:08.370","lastModified":"2026-05-20T12:16:19.510","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeoSOFT Software TeoBASE allows SQL Injection.\n\nThis issue affects TeoBASE: through 27032024. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."},{"lang":"es","value":"Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"Inyección SQL\") en el software TeoSOFT TeoBASE permite la inyección SQL. Este problema afecta a TeoBASE: hasta 27032024. NOTA: Se contactó primeramente con el proveedor sobre esta divulgación, pero no respondió de ninguna manera ."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-0238","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-24-0238","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-24-0238","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2023-6153","sourceIdentifier":"iletisim@usom.gov.tr","published":"2024-03-27T13:15:46.503","lastModified":"2026-05-20T12:16:19.373","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Authentication Bypass by Primary Weakness vulnerability in TeoSOFT Software TeoBASE allows Authentication Bypass.\n\nThis issue affects TeoBASE: through 20240327. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."},{"lang":"es","value":"Vulnerabilidad de omisión de autenticación por debilidad primaria en el software TeoSOFT TeoBASE permite la omisión de autenticación. Este problema afecta a TeoBASE: hasta 20240327. NOTA: Se contactó primeramente con el proveedor sobre esta divulgación, pero no respondió de ninguna manera."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-305"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-0238","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-24-0238","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-24-0238","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2023-6437","sourceIdentifier":"iletisim@usom.gov.tr","published":"2024-03-28T14:15:13.600","lastModified":"2026-05-20T12:16:20.380","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TP-Link TP-Link EX20v AX1800, Tp-Link Archer C5v AC1200, Tp-Link TD-W9970, Tp-Link TD-W9970v3, TP-Link VX220-G2u, TP-Link VN020-G2u allows authenticated OS Command Injection.\n\nThis issue affects TP-Link EX20v AX1800, Tp-Link Archer C5v AC1200, Tp-Link TD-W9970, Tp-Link TD-W9970v3 : through 20240328. Also  the vulnerability continues in the TP-Link VX220-G2u and TP-Link VN020-G2u models due to the products not being produced and supported."},{"lang":"es","value":"Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando del sistema operativo ('inyección de comando del sistema operativo') en TP-Link TP-Link EX20v AX1800, Tp-Link Archer C5v AC1200, Tp-Link TD-W9970, Tp-Link TD-W9970v3, TP -Link VX220-G2u, TP-Link VN020-G2u permite la inyección de comandos del sistema operativo autenticado. Este problema afecta a TP-Link EX20v AX1800, Tp-Link Archer C5v AC1200, Tp-Link TD-W9970, Tp-Link TD-W9970v3: hasta 20240328 Además, la vulnerabilidad continúa en los modelos TP-Link VX220-G2u y TP-Link VN020-G2u debido a que los productos no se fabrican ni reciben soporte."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-0244","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-24-0244","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-24-0244","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2023-6047","sourceIdentifier":"iletisim@usom.gov.tr","published":"2024-03-29T12:15:07.570","lastModified":"2026-05-20T14:16:34.950","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Algoritim E-commerce Software allows Reflected XSS.\n\nThis issue affects E-commerce Software: before 3.9.2."},{"lang":"es","value":"La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en el software de comercio electrónico Algoritim permite el XSS reflejado. Este problema afecta al software de comercio electrónico: antes de 3.9.2."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:algoritimbilisim:e-commerce_software:*:*:*:*:*:*:*:*","versionEndExcluding":"3.9.2","matchCriteriaId":"B2D85945-1413-41C8-BEB9-907FCC4646A9"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-0252","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-24-0252","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-24-0252","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-6191","sourceIdentifier":"iletisim@usom.gov.tr","published":"2024-03-29T12:15:07.907","lastModified":"2026-05-20T12:16:19.803","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Egehan Security WebPDKS allows SQL Injection.\n\nThis issue affects WebPDKS: through 20240329. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."},{"lang":"es","value":"La neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyección SQL') en Egehan Security WebPDKS permite la inyección SQL. Este problema afecta a WebPDKS: hasta 20240329. NOTA: Se contactó primeramente con el proveedor sobre esta divulgación, pero no respondió de ninguna manera."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:webpdks:webpdks:-:*:*:*:*:*:*:*","matchCriteriaId":"3742DBF3-034C-40DA-839F-680B5A6B3928"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-0253","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-24-0253","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-24-0253","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2025-56007","sourceIdentifier":"cve@mitre.org","published":"2025-10-23T15:15:39.097","lastModified":"2026-05-20T20:16:33.837","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"CRLF-injection in KeeneticOS before 4.3 at \"/auth\" API endpoint allows attackers to take over the device via adding additional users with full permissions by managing the victim to open page with exploit."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-93"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:keenetic:keeneticos:*:*:*:*:*:*:*:*","versionEndExcluding":"4.3","matchCriteriaId":"31463ACE-A8BB-4E5D-AA71-1BC479DE8AA4"}]}]}],"references":[{"url":"https://github.com/notdenied/writeups/blob/main/CVE/CVE-2025-56007.md","source":"cve@mitre.org"},{"url":"https://keenetic.com/","source":"cve@mitre.org","tags":["Product"]},{"url":"https://keenetic.com/global/security#october-2025-web-api-vulnerabilities","source":"cve@mitre.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-56008","sourceIdentifier":"cve@mitre.org","published":"2025-10-23T15:15:39.213","lastModified":"2026-05-20T20:16:35.107","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross site scripting (XSS) vulnerability in KeeneticOS before 4.3 at \"Wireless ISP\" page allows attackers located near to the router to takeover the device via adding additional users with full permissions."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:keenetic:keeneticos:*:*:*:*:*:*:*:*","versionEndExcluding":"4.3","matchCriteriaId":"31463ACE-A8BB-4E5D-AA71-1BC479DE8AA4"}]}]}],"references":[{"url":"https://github.com/notdenied/writeups/blob/main/CVE/CVE-2025-56008.md","source":"cve@mitre.org"},{"url":"https://keenetic.com/","source":"cve@mitre.org","tags":["Product"]},{"url":"https://keenetic.com/global/security#october-2025-web-api-vulnerabilities","source":"cve@mitre.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-56009","sourceIdentifier":"cve@mitre.org","published":"2025-10-23T15:15:39.347","lastModified":"2026-05-20T20:16:35.300","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross site request forgery (CSRF) vulnerability in KeeneticOS before 4.3 at \"/rci\" API endpoint allows attackers to take over the device via adding additional users with full permissions by managing the victim to open page with exploit."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:keenetic:keeneticos:*:*:*:*:*:*:*:*","versionEndExcluding":"4.3","matchCriteriaId":"31463ACE-A8BB-4E5D-AA71-1BC479DE8AA4"}]}]}],"references":[{"url":"https://github.com/notdenied/writeups/blob/main/CVE/CVE-2025-56009.md","source":"cve@mitre.org"},{"url":"https://keenetic.com/","source":"cve@mitre.org","tags":["Product"]},{"url":"https://keenetic.com/global/security#october-2025-web-api-vulnerabilities","source":"cve@mitre.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-61662","sourceIdentifier":"secalert@redhat.com","published":"2025-11-18T19:15:50.203","lastModified":"2026-05-20T17:16:18.327","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the application to access a memory location that is no longer valid. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*","versionEndIncluding":"2.14","matchCriteriaId":"AD17D113-F170-45B5-A01F-109481F561EB"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:10097","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:14773","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:15087","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:17596","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:4648","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:4649","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:4652","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:4653","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:4654","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:4760","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:4822","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:4823","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:4830","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:4900","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:4998","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:5074","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:5127","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:5233","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:6492","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:7239","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:7243","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2025-61662","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2414683","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://lists.gnu.org/archive/html/grub-devel/2025-11/msg00155.html","source":"secalert@redhat.com"},{"url":"http://www.openwall.com/lists/oss-security/2025/11/18/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch"]}]}},{"cve":{"id":"CVE-2025-14010","sourceIdentifier":"secalert@redhat.com","published":"2025-12-04T10:16:00.810","lastModified":"2026-05-20T13:16:15.250","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure (IE) of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve these secrets and potentially compromise Keycloak accounts or administrative access."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-532"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:community.general:-:*:*:*:*:*:*:*","matchCriteriaId":"FFB54908-462D-4CE6-9AB2-56997B0EFB79"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2025-14010","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2418774","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://github.com/ansible-collections/community.general/issues/11000","source":"secalert@redhat.com"},{"url":"https://github.com/ansible-collections/community.general/pull/11005","source":"secalert@redhat.com"},{"url":"https://github.com/ansible-community/ansible-build-data/blob/main/12/CHANGELOG-v12.md#security-fixes","source":"secalert@redhat.com"},{"url":"https://github.com/ansible-collections/community.general/issues/11000","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-23239","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-03-10T18:18:13.383","lastModified":"2026-05-20T19:27:54.790","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nespintcp: Fix race condition in espintcp_close()\n\nThis issue was discovered during a code audit.\n\nAfter cancel_work_sync() is called from espintcp_close(),\nespintcp_tx_work() can still be scheduled from paths such as\nthe Delayed ACK handler or ksoftirqd.\nAs a result, the espintcp_tx_work() worker may dereference a\nfreed espintcp ctx or sk.\n\nThe following is a simple race scenario:\n\n           cpu0                             cpu1\n\n  espintcp_close()\n    cancel_work_sync(&ctx->work);\n                                     espintcp_write_space()\n                                       schedule_work(&ctx->work);\n\nTo prevent this race condition, cancel_work_sync() is\nreplaced with disable_work_sync()."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nespintcp: Corrección de condición de carrera en espintcp_close()\n\nEste problema fue descubierto durante una auditoría de código.\n\nDespués de que se llama a cancel_work_sync() desde espintcp_close(), espintcp_tx_work() aún puede ser programado desde rutas como el gestor de ACK Retrasado o ksoftirqd.\nComo resultado, el trabajador espintcp_tx_work() puede desreferenciar un ctx o sk de espintcp liberado.\n\nEl siguiente es un escenario de condición de carrera simple:\n\n           cpu0                             cpu1\n\n  espintcp_close()\n    cancel_work_sync(&amp;ctx-&gt;work);\n                                     espintcp_write_space()\n                                       schedule_work(&amp;ctx-&gt;work);\n\nPara prevenir esta condición de carrera, cancel_work_sync() es reemplazado por disable_work_sync()."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-362"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"6.12.75","matchCriteriaId":"168F1117-B247-4CC5-B097-132EE9E96FDD"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.16","matchCriteriaId":"B4B8CDA9-BADF-4CF5-8B3B-702DE8EEA40B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.6","matchCriteriaId":"373EEEDA-FAA1-4FB4-B6ED-DB4DD99DBE67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/022ff7f347588de6e17879a1da6019647b21321b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/664e9df53226b4505a0894817ecad2c610ab11d8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e1512c1db9e8794d8d130addd2615ec27231d994","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f7ad8b1d0e421c524604d5076b73232093490d5c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-23240","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-03-10T18:18:13.533","lastModified":"2026-05-20T19:30:38.810","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ntls: Fix race condition in tls_sw_cancel_work_tx()\n\nThis issue was discovered during a code audit.\n\nAfter cancel_delayed_work_sync() is called from tls_sk_proto_close(),\ntx_work_handler() can still be scheduled from paths such as the\nDelayed ACK handler or ksoftirqd.\nAs a result, the tx_work_handler() worker may dereference a freed\nTLS object.\n\nThe following is a simple race scenario:\n\n          cpu0                         cpu1\n\ntls_sk_proto_close()\n  tls_sw_cancel_work_tx()\n                                 tls_write_space()\n                                   tls_sw_write_space()\n                                     if (!test_and_set_bit(BIT_TX_SCHEDULED, &tx_ctx->tx_bitmask))\n    set_bit(BIT_TX_SCHEDULED, &ctx->tx_bitmask);\n    cancel_delayed_work_sync(&ctx->tx_work.work);\n                                     schedule_delayed_work(&tx_ctx->tx_work.work, 0);\n\nTo prevent this race condition, cancel_delayed_work_sync() is\nreplaced with disable_delayed_work_sync()."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\ntls: Corrección de condición de carrera en tls_sw_cancel_work_tx()\n\nEste problema fue descubierto durante una auditoría de código.\n\nDespués de que se llama a cancel_delayed_work_sync() desde tls_sk_proto_close(), tx_work_handler() aún puede ser programado desde rutas como el gestor de ACK Retrasado o ksoftirqd. Como resultado, el trabajador tx_work_handler() puede desreferenciar un objeto TLS liberado.\n\nEl siguiente es un escenario de condición de carrera simple:\n\n          cpu0                         cpu1\n\ntls_sk_proto_close()\n  tls_sw_cancel_work_tx()\n                                 tls_write_space()\n                                   tls_sw_write_space()\n                                     if (!test_and_set_bit(BIT_TX_SCHEDULED, &amp;tx_ctx-&gt;tx_bitmask))\n    set_bit(BIT_TX_SCHEDULED, &amp;ctx-&gt;tx_bitmask);\n    cancel_delayed_work_sync(&amp;ctx-&gt;tx_work.work);\n                                     schedule_delayed_work(&amp;tx_ctx-&gt;tx_work.work, 0);\n\nPara prevenir esta condición de carrera, cancel_delayed_work_sync() es reemplazado por disable_delayed_work_sync()."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-362"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3.1","versionEndExcluding":"6.12.75","matchCriteriaId":"2CD7FB69-6705-47EA-9F0D-65B1E859F71E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.16","matchCriteriaId":"B4B8CDA9-BADF-4CF5-8B3B-702DE8EEA40B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.6","matchCriteriaId":"373EEEDA-FAA1-4FB4-B6ED-DB4DD99DBE67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.3:-:*:*:*:*:*:*","matchCriteriaId":"D036D76E-AC69-4382-B4C1-8EDA1ABB2941"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.3:rc4:*:*:*:*:*:*","matchCriteriaId":"EBAE804E-3CC3-44C2-B1F5-2DC3EE4FF793"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.3:rc5:*:*:*:*:*:*","matchCriteriaId":"8721379D-C6BC-43BF-8098-396F32182BEF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.3:rc6:*:*:*:*:*:*","matchCriteriaId":"65AF2469-2B9F-4D4D-8886-2B8BA66D5FDC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.3:rc7:*:*:*:*:*:*","matchCriteriaId":"21001886-2C34-45F4-9319-60102B357E64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.3:rc8:*:*:*:*:*:*","matchCriteriaId":"999345BA-F820-40B9-A711-32CA9265C289"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/17153f154f80be2b47ebf52840f2d8f724eb2f3b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7bb09315f93dce6acc54bf59e5a95ba7365c2be4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/854cd32bc74fe573353095e90958490e4e4d641b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a5de36d6cee74a92c1a21b260bc507e64bc451de","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-4111","sourceIdentifier":"secalert@redhat.com","published":"2026-03-13T19:55:13.917","lastModified":"2026-05-20T17:16:26.510","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives."},{"lang":"es","value":"Se identificó una vulnerabilidad en la lógica de descompresión de archivos RAR5 de la biblioteca libarchive, específicamente dentro de la ruta de procesamiento de archive_read_data(). Cuando se procesa un archivo RAR5 especialmente manipulado, la rutina de descompresión puede entrar en un estado en el que la lógica interna impide el avance. Esta condición resulta en un bucle infinito que consume continuamente recursos de CPU. Debido a que el archivo pasa la validación de suma de verificación y parece estructuralmente válido, las aplicaciones afectadas no pueden detectar el problema antes del procesamiento. Esto puede permitir a los atacantes causar condiciones persistentes de denegación de servicio en servicios que procesan archivos automáticamente."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-835"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:10065","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:10081","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:10097","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:14773","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:15087","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:16008","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:16009","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:16174","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:17596","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:5063","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:5080","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:6647","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:7093","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:7105","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:7106","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:7239","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:7329","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:7335","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:8423","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:8746","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:8747","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:8748","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:8865","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:8944","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:9832","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-4111","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2446453","source":"secalert@redhat.com"},{"url":"https://github.com/libarchive/libarchive/pull/2877","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2025-71239","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-03-17T10:15:59.010","lastModified":"2026-05-20T19:47:56.780","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\naudit: add fchmodat2() to change attributes class\n\nfchmodat2(), introduced in version 6.6 is currently not in the change\nattribute class of audit. Calling fchmodat2() to change a file\nattribute in the same fashion than chmod() or fchmodat() will bypass\naudit rules such as:\n\n-w /tmp/test -p rwa -k test_rwa\n\nThe current patch adds fchmodat2() to the change attributes class."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\naudit: añadir fchmodat2() a la clase de cambio de atributos\n\nfchmodat2(), introducido en la versión 6.6, actualmente no está en la clase de cambio de atributos de audit. Llamar a fchmodat2() para cambiar un atributo de archivo de la misma manera que chmod() o fchmodat() eludirá las reglas de audit como:\n\n-w /tmp/test -p rwa -k test_rwa\n\nEl parche actual añade fchmodat2() a la clase de cambio de atributos."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6","versionEndExcluding":"6.6.128","matchCriteriaId":"C0FD95A9-209E-44A8-8F1D-1EB130F75861"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.16","matchCriteriaId":"B4B8CDA9-BADF-4CF5-8B3B-702DE8EEA40B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.6","matchCriteriaId":"373EEEDA-FAA1-4FB4-B6ED-DB4DD99DBE67"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3e762a03713e8c25ca0108c075d662c897fc0623","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4f493a6079b588cf1f04ce5ed6cdad45ab0d53dc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4fed776ca86378da7dd743a7b648e20b025ba8ef","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/91e27bc79c3bca93c06bf5a471d47df9a35b3741","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c4334c0d0e7d6f02ed93756fd4ba807e3d00c05f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://www.bencteux.fr/posts/missing_syscalls_audit/","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-23241","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-03-17T10:16:00.127","lastModified":"2026-05-20T19:45:27.267","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\naudit: add missing syscalls to read class\n\nThe \"at\" variant of getxattr() and listxattr() are missing from the\naudit read class. Calling getxattrat() or listxattrat() on a file to\nread its extended attributes will bypass audit rules such as:\n\n-w /tmp/test -p rwa -k test_rwa\n\nThe current patch adds missing syscalls to the audit read class."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nauditoría: añadir llamadas al sistema faltantes a la clase de lectura\n\nLa variante 'at' de getxattr() y listxattr() faltan de la clase de lectura de auditoría. Llamar a getxattrat() o listxattrat() en un archivo para leer sus atributos extendidos omitirá las reglas de auditoría tales como:\n\n-w /tmp/test -p rwa -k test_rwa\n\nEl parche actual añade las llamadas al sistema faltantes a la clase de lectura de auditoría."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.16","matchCriteriaId":"B4B8CDA9-BADF-4CF5-8B3B-702DE8EEA40B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.6","matchCriteriaId":"373EEEDA-FAA1-4FB4-B6ED-DB4DD99DBE67"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/a2e8c144299c31d3972295ed80d4cb908daf4f6f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ad37505ce869a8100ff23f24eea117de7a7516bf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bcb90a2834c7393c26df9609b889a3097b7700cd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://www.bencteux.fr/posts/missing_syscalls_audit/","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2025-71265","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-03-18T11:16:15.373","lastModified":"2026-05-20T19:43:23.257","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nfs: ntfs3: fix infinite loop in attr_load_runs_range on inconsistent metadata\n\nWe found an infinite loop bug in the ntfs3 file system that can lead to a\nDenial-of-Service (DoS) condition.\n\nA malformed NTFS image can cause an infinite loop when an attribute header\nindicates an empty run list, while directory entries reference it as\ncontaining actual data. In NTFS, setting evcn=-1 with svcn=0 is a valid way\nto represent an empty run list, and run_unpack() correctly handles this by\nchecking if evcn + 1 equals svcn and returning early without parsing any run\ndata. However, this creates a problem when there is metadata inconsistency,\nwhere the attribute header claims to be empty (evcn=-1) but the caller\nexpects to read actual data. When run_unpack() immediately returns success\nupon seeing this condition, it leaves the runs_tree uninitialized with\nrun->runs as a NULL. The calling function attr_load_runs_range() assumes\nthat a successful return means that the runs were loaded and sets clen to 0,\nexpecting the next run_lookup_entry() call to succeed. Because runs_tree\nremains uninitialized, run_lookup_entry() continues to fail, and the loop\nincrements vcn by zero (vcn += 0), leading to an infinite loop.\n\nThis patch adds a retry counter to detect when run_lookup_entry() fails\nconsecutively after attr_load_runs_vcn(). If the run is still not found on\nthe second attempt, it indicates corrupted metadata and returns -EINVAL,\npreventing the Denial-of-Service (DoS) vulnerability."},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad:\n\nfs: ntfs3: solución de bucle infinito en attr_load_runs_range con metadatos inconsistentes\n\nSe encontró un error de bucle infinito en el sistema de archivos ntfs3 que puede conducir a una condición de Denegación de Servicio (DoS).\n\nUna imagen NTFS malformada puede causar un bucle infinito cuando un encabezado de atributo indica una lista de ejecuciones vacía, mientras que las entradas de directorio lo referencian como si contuviera datos reales. En NTFS, establecer evcn=-1 con svcn=0 es una forma válida de representar una lista de ejecuciones vacía, y run_unpack() lo maneja correctamente verificando si evcn + 1 es igual a svcn y retornando anticipadamente sin analizar ningún dato de ejecución. Sin embargo, esto crea un problema cuando hay inconsistencia de metadatos, donde el encabezado del atributo afirma estar vacío (evcn=-1) pero el llamador espera leer datos reales. Cuando run_unpack() retorna éxito inmediatamente al ver esta condición, deja el runs_tree sin inicializar con run-&gt;runs como NULL. La función llamadora attr_load_runs_range() asume que un retorno exitoso significa que las ejecuciones fueron cargadas y establece clen en 0, esperando que la siguiente llamada a run_lookup_entry() tenga éxito. Debido a que runs_tree permanece sin inicializar, run_lookup_entry() sigue fallando, y el bucle incrementa vcn en cero (vcn += 0), lo que lleva a un bucle infinito.\n\nEste parche agrega un contador de reintentos para detectar cuándo run_lookup_entry() falla consecutivamente después de attr_load_runs_vcn(). Si la ejecución aún no se encuentra en el segundo intento, indica metadatos corruptos y retorna -EINVAL, previniendo la vulnerabilidad de Denegación de Servicio (DoS)."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-835"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"5.15.202","matchCriteriaId":"B0330CE4-09CE-43EF-A9C8-CD49FFD1DC98"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.165","matchCriteriaId":"797C7F46-D0BE-4FB8-A502-C5EF8E6B6654"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.128","matchCriteriaId":"851E9353-6C09-4CC9-877E-E09DB164A3C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.16","matchCriteriaId":"B4B8CDA9-BADF-4CF5-8B3B-702DE8EEA40B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.6","matchCriteriaId":"373EEEDA-FAA1-4FB4-B6ED-DB4DD99DBE67"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3c3a6e951b9b53dab2ac460a655313cf04c4a10a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4b90f16e4bb5607fb35e7802eb67874038da4640","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6f07a590616ff5f57f7c041d98e463fad9e9f763","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/78b61f7eac37a63284774b147f38dd0be6cad43c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a89bc96d5abd8a4a8d5d911884ea347efcdf460b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/af839013c70a24779f9d1afb1575952009312d38","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c0b43c45d45f59e7faad48675a50231a210c379b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-23255","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-03-18T18:16:23.687","lastModified":"2026-05-21T00:15:07.293","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: add proper RCU protection to /proc/net/ptype\n\nYin Fengwei reported an RCU stall in ptype_seq_show() and provided\na patch.\n\nReal issue is that ptype_seq_next() and ptype_seq_show() violate\nRCU rules.\n\nptype_seq_show() runs under rcu_read_lock(), and reads pt->dev\nto get device name without any barrier.\n\nAt the same time, concurrent writers can remove a packet_type structure\n(which is correctly freed after an RCU grace period) and clear pt->dev\nwithout an RCU grace period.\n\nDefine ptype_iter_state to carry a dev pointer along seq_net_private:\n\nstruct ptype_iter_state {\n\tstruct seq_net_private\tp;\n\tstruct net_device\t*dev; // added in this patch\n};\n\nWe need to record the device pointer in ptype_get_idx() and\nptype_seq_next() so that ptype_seq_show() is safe against\nconcurrent pt->dev changes.\n\nWe also need to add full RCU protection in ptype_seq_next().\n(Missing READ_ONCE() when reading list.next values)\n\nMany thanks to Dong Chenchen for providing a repro."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nnet: añadir protección RCU adecuada a /proc/net/ptype\n\nYin Fengwei informó de un bloqueo RCU en ptype_seq_show() y proporcionó un parche.\n\nEl problema real es que ptype_seq_next() y ptype_seq_show() violan las reglas RCU.\n\nptype_seq_show() se ejecuta bajo rcu_read_lock(), y lee pt-&gt;dev para obtener el nombre del dispositivo sin ninguna barrera.\n\nAl mismo tiempo, los escritores concurrentes pueden eliminar una estructura packet_type (que se libera correctamente después de un período de gracia RCU) y borrar pt-&gt;dev sin un período de gracia RCU.\n\nDefinir ptype_iter_state para llevar un puntero dev junto con seq_net_private:\n\nstruct ptype_iter_state {\n\tstruct seq_net_private\tp;\n\tstruct net_device\t*dev; // añadido en este parche\n};\n\nNecesitamos registrar el puntero del dispositivo en ptype_get_idx() y ptype_seq_next() para que ptype_seq_show() esté a salvo de cambios concurrentes en pt-&gt;dev.\n\nTambién necesitamos añadir protección RCU completa en ptype_seq_next().\n(Falta READ_ONCE() al leer los valores de list.next)\n\nMuchas gracias a Dong Chenchen por proporcionar una reproducción."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12.1","versionEndExcluding":"6.6.136","matchCriteriaId":"E2D9D9DF-0F25-43D5-9C6A-4C891E3A29FC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.80","matchCriteriaId":"97EB19EC-A11E-49C6-9D2F-6F6EC6CB98B6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.10","matchCriteriaId":"7156C23F-009E-4D05-838C-A2DA417B5B8D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*","matchCriteriaId":"6F62EECE-8FB1-4D57-85D8-CB9E23CF313C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*","matchCriteriaId":"4F76C298-81DC-43E4-8FC9-DC005A2116EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*","matchCriteriaId":"0AB349B2-3F78-4197-882B-90ADB3BF645A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*","matchCriteriaId":"6AC88830-A9BC-4607-B572-A4B502FC9FD0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*","matchCriteriaId":"476CB3A5-D022-4F13-AAEF-CB6A5785516A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*","matchCriteriaId":"17B67AA7-40D6-4AFA-8459-F200F3D7CFD1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*","matchCriteriaId":"C47E4CC9-C826-4FA9-B014-7FE3D9B318B2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*","matchCriteriaId":"F71D92C0-C023-48BD-B3B6-70B638EEE298"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*","matchCriteriaId":"13580667-0A98-40CC-B29F-D12790B91BDB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*","matchCriteriaId":"CAD1FED7-CF48-47BF-AC7D-7B6FA3C065FC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*","matchCriteriaId":"3EF854A1-ABB1-4E93-BE9A-44569EC76C0D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc7:*:*:*:*:*:*","matchCriteriaId":"F5DC0CA6-F0AF-4DDF-A882-3DADB9A886A7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc8:*:*:*:*:*:*","matchCriteriaId":"EB5B7DFC-C36B-45D8-922C-877569FDDF43"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/002a73470b56848e4c81efeaaedd471e92d66d8d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/589a530ae44d0c80f523fcfd1a15af8087f27d35","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/dcefd3f0b9ed8288654c75254bdcee8e1085e861","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f613e8b4afea0cd17c7168e8b00e25bc8d33175d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-23256","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-03-18T18:16:23.817","lastModified":"2026-05-21T00:13:21.407","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup\n\nIn setup_nic_devices(), the initialization loop jumps to the label\nsetup_nic_dev_free on failure. The current cleanup loop while(i--)\nskip the failing index i, causing a memory leak.\n\nFix this by changing the loop to iterate from the current index i\ndown to 0.\n\nCompile tested only. Issue found using code review."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nnet: liquidio: Corrección de error de uno en la limpieza de VF setup_nic_devices()\n\nEn setup_nic_devices(), el bucle de inicialización salta a la etiqueta setup_nic_dev_free en caso de fallo. El bucle de limpieza actual while(i--) omite el índice i que falla, causando una fuga de memoria.\n\nEsto se corrige cambiando el bucle para que itere desde el índice actual i hasta 0.\n\nSolo probado en compilación. Problema encontrado mediante revisión de código."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-193"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10","versionEndExcluding":"5.10.250","matchCriteriaId":"1B676F61-BFDD-4B02-B8A2-213461368D04"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.200","matchCriteriaId":"D16F6370-B70F-471C-8363-3A17B0BB1DA9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.163","matchCriteriaId":"E9C856E1-4308-4C0B-A973-7DD375DF66C4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.124","matchCriteriaId":"76183B9F-CABE-4E21-A3E3-F0EBF99DC3C7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.70","matchCriteriaId":"F3791390-0628-4808-99EF-1ED8ABF60933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.10","matchCriteriaId":"7156C23F-009E-4D05-838C-A2DA417B5B8D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*","matchCriteriaId":"17B67AA7-40D6-4AFA-8459-F200F3D7CFD1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*","matchCriteriaId":"C47E4CC9-C826-4FA9-B014-7FE3D9B318B2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*","matchCriteriaId":"F71D92C0-C023-48BD-B3B6-70B638EEE298"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*","matchCriteriaId":"13580667-0A98-40CC-B29F-D12790B91BDB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*","matchCriteriaId":"CAD1FED7-CF48-47BF-AC7D-7B6FA3C065FC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*","matchCriteriaId":"3EF854A1-ABB1-4E93-BE9A-44569EC76C0D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc7:*:*:*:*:*:*","matchCriteriaId":"F5DC0CA6-F0AF-4DDF-A882-3DADB9A886A7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc8:*:*:*:*:*:*","matchCriteriaId":"EB5B7DFC-C36B-45D8-922C-877569FDDF43"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/01fbca1e93ec3f39f76c31a8f9afa32ce00da48a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3bf519e39b51cb08a93c0599870b35a23db1031e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4640fa5ad5e1a0dbd1c2d22323b7d70a8107dcfd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/52b19b3a22306fe452ec9e8ff96063f4bfb77b99","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6cbba46934aefdfb5d171e0a95aec06c24f7ca30","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/71a56b89203ec7e5670d94a61a9b4ae617eca804","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bd680e56e316be92c01568be98d85d7a6c9bd92c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-23257","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-03-18T18:16:23.997","lastModified":"2026-05-21T00:11:32.420","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup\n\nIn setup_nic_devices(), the initialization loop jumps to the label\nsetup_nic_dev_free on failure. The current cleanup loop while(i--)\nskip the failing index i, causing a memory leak.\n\nFix this by changing the loop to iterate from the current index i\ndown to 0.\n\nAlso, decrement i in the devlink_alloc failure path to point to the\nlast successfully allocated index.\n\nCompile tested only. Issue found using code review."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nnet: liquidio: Corrección de error 'off-by-one' en la limpieza de PF setup_nic_devices()\n\nEn setup_nic_devices(), el bucle de inicialización salta a la etiqueta setup_nic_dev_free en caso de fallo. El bucle de limpieza actual while(i--) omite el índice 'i' fallido, causando una fuga de memoria.\n\nEsto se corrige cambiando el bucle para que itere desde el índice actual 'i' hasta 0.\n\nAdemás, se decrementa 'i' en la ruta de fallo de devlink_alloc para que apunte al último índice asignado con éxito.\n\nProbado solo en compilación. Problema encontrado mediante revisión de código."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-193"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.2","versionEndExcluding":"5.10.250","matchCriteriaId":"DCE60E24-7685-4F61-B0E6-95BC33714EDF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.200","matchCriteriaId":"D16F6370-B70F-471C-8363-3A17B0BB1DA9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.163","matchCriteriaId":"E9C856E1-4308-4C0B-A973-7DD375DF66C4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.124","matchCriteriaId":"76183B9F-CABE-4E21-A3E3-F0EBF99DC3C7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.70","matchCriteriaId":"F3791390-0628-4808-99EF-1ED8ABF60933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.10","matchCriteriaId":"7156C23F-009E-4D05-838C-A2DA417B5B8D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*","matchCriteriaId":"17B67AA7-40D6-4AFA-8459-F200F3D7CFD1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*","matchCriteriaId":"C47E4CC9-C826-4FA9-B014-7FE3D9B318B2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*","matchCriteriaId":"F71D92C0-C023-48BD-B3B6-70B638EEE298"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*","matchCriteriaId":"13580667-0A98-40CC-B29F-D12790B91BDB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*","matchCriteriaId":"CAD1FED7-CF48-47BF-AC7D-7B6FA3C065FC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*","matchCriteriaId":"3EF854A1-ABB1-4E93-BE9A-44569EC76C0D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc7:*:*:*:*:*:*","matchCriteriaId":"F5DC0CA6-F0AF-4DDF-A882-3DADB9A886A7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc8:*:*:*:*:*:*","matchCriteriaId":"EB5B7DFC-C36B-45D8-922C-877569FDDF43"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/293eaad0d6d6b2a37a458c7deb7be345349cd963","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8558aef4e8a1a83049ab906d21d391093cfa7e7f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a0d2389c8cdc1f05de5eb8663bffe9ed05dca769","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/af38d9a5cb49fe9d0d282b44f17fdc1f3270d99d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d86c58eb005eb99da402452f3db7a6e0eae32815","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f1216b80c9040a904d2ad7c8cd24ca0ff1f36932","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f86bd16280a0f88b538394e0565c56ce4756da99","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-4775","sourceIdentifier":"secalert@redhat.com","published":"2026-03-24T15:16:39.693","lastModified":"2026-05-20T17:16:27.403","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations, potentially causing a denial of service (application crash) or arbitrary code execution."},{"lang":"es","value":"Se encontró un fallo en la biblioteca libtiff. Un atacante remoto podría explotar una vulnerabilidad de desbordamiento de entero con signo en la función putcontig8bitYCbCr44tile al proporcionar un archivo TIFF especialmente diseñado. Este fallo puede llevar a una escritura fuera de límites en el heap debido a cálculos incorrectos del puntero de memoria, potencialmente causando una denegación de servicio (caída de la aplicación) o ejecución de código arbitrario."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libtiff:libtiff:-:*:*:*:*:*:*:*","matchCriteriaId":"2FFD25C1-A304-486F-A36B-7167EEF33388"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:hardened_images:-:*:*:*:*:*:*:*","matchCriteriaId":"87DEB507-5B64-47D7-9A50-3B87FD1E571F"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","matchCriteriaId":"FA6FEEC2-9F11-4643-8827-749718254FED"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","matchCriteriaId":"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:12265","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:12271","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:14929","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:16055","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19150","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19363","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19585","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19586","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19604","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19608","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19609","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19657","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19659","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19702","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-4775","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450768","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2026/04/msg00016.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-32846","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-03-26T17:16:37.640","lastModified":"2026-05-20T20:16:37.400","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"OpenClaw before 2026.3.28 contains a path traversal vulnerability in media parsing that allows attackers to read arbitrary files by bypassing path validation in the isLikelyLocalPath() and isValidMedia() functions. Attackers can exploit incomplete validation and the allowBareFilename bypass to reference files outside the intended application sandbox, resulting in disclosure of sensitive information including system files, environment files, and SSH keys."},{"lang":"es","value":"OpenClaw hasta 2026.3.23 (corregido en el commit 4797bbc) contiene una vulnerabilidad de salto de ruta en el análisis de medios que permite a los atacantes leer archivos arbitrarios al eludir la validación de rutas en las funciones isLikelyLocalPath() e isValidMedia(). Los atacantes pueden explotar la validación incompleta y el bypass allowBareFilename para hacer referencia a archivos fuera del sandbox de la aplicación previsto, lo que resulta en la divulgación de información sensible, incluyendo archivos del sistema, archivos de entorno y claves SSH."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*","versionEndIncluding":"2026.3.23","matchCriteriaId":"BDC86561-C8B9-43D5-8551-23480B7658C9"}]}]}],"references":[{"url":"https://github.com/openclaw/openclaw/commit/4797bbc5b96e2cca5532e43b58915c051746fe37","source":"disclosure@vulncheck.com","tags":["Patch"]},{"url":"https://github.com/openclaw/openclaw/pull/54642","source":"disclosure@vulncheck.com","tags":["Exploit","Issue Tracking","Vendor Advisory"]},{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-f6pf-4gjx-c94r","source":"disclosure@vulncheck.com","tags":["Broken Link"]},{"url":"https://www.vulncheck.com/advisories/openclaw-media-parsing-path-traversal-to-arbitrary-file-read","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://github.com/openclaw/openclaw/pull/54642","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Issue Tracking","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-23448","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-03T16:16:30.863","lastModified":"2026-05-21T00:44:10.273","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check\n\ncdc_ncm_rx_verify_ndp16() validates that the NDP header and its DPE\nentries fit within the skb. The first check correctly accounts for\nndpoffset:\n\n  if ((ndpoffset + sizeof(struct usb_cdc_ncm_ndp16)) > skb_in->len)\n\nbut the second check omits it:\n\n  if ((sizeof(struct usb_cdc_ncm_ndp16) +\n       ret * (sizeof(struct usb_cdc_ncm_dpe16))) > skb_in->len)\n\nThis validates the DPE array size against the total skb length as if\nthe NDP were at offset 0, rather than at ndpoffset. When the NDP is\nplaced near the end of the NTB (large wNdpIndex), the DPE entries can\nextend past the skb data buffer even though the check passes.\ncdc_ncm_rx_fixup() then reads out-of-bounds memory when iterating\nthe DPE array.\n\nAdd ndpoffset to the nframes bounds check and use struct_size_t() to\nexpress the NDP-plus-DPE-array size more clearly."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-129"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"6.6.130","matchCriteriaId":"EFE88BB9-3F34-4285-87EF-4D5EF076BBB0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.20","matchCriteriaId":"E5571059-6552-48E7-9BEF-3E358C387171"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.10","matchCriteriaId":"96D34333-38BE-4414-9E79-6EB764329581"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2aa8a4fa8d5b7d0e1ebcec100e1a4d80a1f4b21a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/403f94ddcb36c552fbef51dea735b131e3dcde8b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/789204f980730258c983102c027c375238009c80","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/dce9dda0e3707e887977db44407989e9ead26611","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f1c7701d3ac91b62d672c13690cf295821f0d5c3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-23449","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-03T16:16:31.037","lastModified":"2026-05-21T00:38:40.837","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: teql: Fix double-free in teql_master_xmit\n\nWhenever a TEQL devices has a lockless Qdisc as root, qdisc_reset should\nbe called using the seq_lock to avoid racing with the datapath. Failure\nto do so may cause crashes like the following:\n\n[  238.028993][  T318] BUG: KASAN: double-free in skb_release_data (net/core/skbuff.c:1139)\n[  238.029328][  T318] Free of addr ffff88810c67ec00 by task poc_teql_uaf_ke/318\n[  238.029749][  T318]\n[  238.029900][  T318] CPU: 3 UID: 0 PID: 318 Comm: poc_teql_ke Not tainted 7.0.0-rc3-00149-ge5b31d988a41 #704 PREEMPT(full)\n[  238.029906][  T318] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011\n[  238.029910][  T318] Call Trace:\n[  238.029913][  T318]  <TASK>\n[  238.029916][  T318]  dump_stack_lvl (lib/dump_stack.c:122)\n[  238.029928][  T318]  print_report (mm/kasan/report.c:379 mm/kasan/report.c:482)\n[  238.029940][  T318]  ? skb_release_data (net/core/skbuff.c:1139)\n[  238.029944][  T318]  ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:221)\n...\n[  238.029957][  T318]  ? skb_release_data (net/core/skbuff.c:1139)\n[  238.029969][  T318]  kasan_report_invalid_free (mm/kasan/report.c:221 mm/kasan/report.c:563)\n[  238.029979][  T318]  ? skb_release_data (net/core/skbuff.c:1139)\n[  238.029989][  T318]  check_slab_allocation (mm/kasan/common.c:231)\n[  238.029995][  T318]  kmem_cache_free (mm/slub.c:2637 (discriminator 1) mm/slub.c:6168 (discriminator 1) mm/slub.c:6298 (discriminator 1))\n[  238.030004][  T318]  skb_release_data (net/core/skbuff.c:1139)\n...\n[  238.030025][  T318]  sk_skb_reason_drop (net/core/skbuff.c:1256)\n[  238.030032][  T318]  pfifo_fast_reset (./include/linux/ptr_ring.h:171 ./include/linux/ptr_ring.h:309 ./include/linux/skb_array.h:98 net/sched/sch_generic.c:827)\n[  238.030039][  T318]  ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:221)\n...\n[  238.030054][  T318]  qdisc_reset (net/sched/sch_generic.c:1034)\n[  238.030062][  T318]  teql_destroy (./include/linux/spinlock.h:395 net/sched/sch_teql.c:157)\n[  238.030071][  T318]  __qdisc_destroy (./include/net/pkt_sched.h:328 net/sched/sch_generic.c:1077)\n[  238.030077][  T318]  qdisc_graft (net/sched/sch_api.c:1062 net/sched/sch_api.c:1053 net/sched/sch_api.c:1159)\n[  238.030089][  T318]  ? __pfx_qdisc_graft (net/sched/sch_api.c:1091)\n[  238.030095][  T318]  ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:221)\n[  238.030102][  T318]  ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:221)\n[  238.030106][  T318]  ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:221)\n[  238.030114][  T318]  tc_get_qdisc (net/sched/sch_api.c:1529 net/sched/sch_api.c:1556)\n...\n[  238.072958][  T318] Allocated by task 303 on cpu 5 at 238.026275s:\n[  238.073392][  T318]  kasan_save_stack (mm/kasan/common.c:58)\n[  238.073884][  T318]  kasan_save_track (mm/kasan/common.c:64 (discriminator 5) mm/kasan/common.c:79 (discriminator 5))\n[  238.074230][  T318]  __kasan_slab_alloc (mm/kasan/common.c:369)\n[  238.074578][  T318]  kmem_cache_alloc_node_noprof (./include/linux/kasan.h:253 mm/slub.c:4542 mm/slub.c:4869 mm/slub.c:4921)\n[  238.076091][  T318]  kmalloc_reserve (net/core/skbuff.c:616 (discriminator 107))\n[  238.076450][  T318]  __alloc_skb (net/core/skbuff.c:713)\n[  238.076834][  T318]  alloc_skb_with_frags (./include/linux/skbuff.h:1383 net/core/skbuff.c:6763)\n[  238.077178][  T318]  sock_alloc_send_pskb (net/core/sock.c:2997)\n[  238.077520][  T318]  packet_sendmsg (net/packet/af_packet.c:2926 net/packet/af_packet.c:3019 net/packet/af_packet.c:3108)\n[  238.081469][  T318]\n[  238.081870][  T318] Freed by task 299 on cpu 1 at 238.028496s:\n[  238.082761][  T318]  kasan_save_stack (mm/kasan/common.c:58)\n[  238.083481][  T318]  kasan_save_track (mm/kasan/common.c:64 (discriminator 5) mm/kasan/common.c:79 (discriminator 5))\n[  238.085348][  T318]  kasan_save_free_info (mm/kasan/generic.c:587 (discriminator 1))\n[  238.085900][  T318]  __kasan_slab_free (mm/\n---truncated---"}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-415"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.18","versionEndExcluding":"6.1.167","matchCriteriaId":"BA473465-299D-4C20-8896-92233DE68147"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.20","matchCriteriaId":"E5571059-6552-48E7-9BEF-3E358C387171"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.10","matchCriteriaId":"96D34333-38BE-4414-9E79-6EB764329581"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/21c89a0a8de7eadad8d385645a95b3233f23130e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4a233447b941db451ea5f5a0942cffd0f7f7eaae","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4e8ebc4c18ea8213d28e6cb867d18fcc67daca21","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/66360460cab63c248ca5b1070a01c0c29133b960","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/afbc79a7770b230a9f24bd39271209d6b3682c5f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e9c66d3e7d8557b3308e55c613aa07254fe97611","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-23450","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-03T16:16:31.243","lastModified":"2026-05-21T00:32:34.480","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix NULL dereference and UAF in smc_tcp_syn_recv_sock()\n\nSyzkaller reported a panic in smc_tcp_syn_recv_sock() [1].\n\nsmc_tcp_syn_recv_sock() is called in the TCP receive path\n(softirq) via icsk_af_ops->syn_recv_sock on the clcsock (TCP\nlistening socket). It reads sk_user_data to get the smc_sock\npointer. However, when the SMC listen socket is being closed\nconcurrently, smc_close_active() sets clcsock->sk_user_data\nto NULL under sk_callback_lock, and then the smc_sock itself\ncan be freed via sock_put() in smc_release().\n\nThis leads to two issues:\n\n1) NULL pointer dereference: sk_user_data is NULL when\n   accessed.\n2) Use-after-free: sk_user_data is read as non-NULL, but the\n   smc_sock is freed before its fields (e.g., queued_smc_hs,\n   ori_af_ops) are accessed.\n\nThe race window looks like this (the syzkaller crash [1]\ntriggers via the SYN cookie path: tcp_get_cookie_sock() ->\nsmc_tcp_syn_recv_sock(), but the normal tcp_check_req() path\nhas the same race):\n\n  CPU A (softirq)              CPU B (process ctx)\n\n  tcp_v4_rcv()\n    TCP_NEW_SYN_RECV:\n    sk = req->rsk_listener\n    sock_hold(sk)\n    /* No lock on listener */\n                               smc_close_active():\n                                 write_lock_bh(cb_lock)\n                                 sk_user_data = NULL\n                                 write_unlock_bh(cb_lock)\n                                 ...\n                                 smc_clcsock_release()\n                                 sock_put(smc->sk) x2\n                                   -> smc_sock freed!\n    tcp_check_req()\n      smc_tcp_syn_recv_sock():\n        smc = user_data(sk)\n          -> NULL or dangling\n        smc->queued_smc_hs\n          -> crash!\n\nNote that the clcsock and smc_sock are two independent objects\nwith separate refcounts. TCP stack holds a reference on the\nclcsock, which keeps it alive, but this does NOT prevent the\nsmc_sock from being freed.\n\nFix this by using RCU and refcount_inc_not_zero() to safely\naccess smc_sock. Since smc_tcp_syn_recv_sock() is called in\nthe TCP three-way handshake path, taking read_lock_bh on\nsk_callback_lock is too heavy and would not survive a SYN\nflood attack. Using rcu_read_lock() is much more lightweight.\n\n- Set SOCK_RCU_FREE on the SMC listen socket so that\n  smc_sock freeing is deferred until after the RCU grace\n  period. This guarantees the memory is still valid when\n  accessed inside rcu_read_lock().\n- Use rcu_read_lock() to protect reading sk_user_data.\n- Use refcount_inc_not_zero(&smc->sk.sk_refcnt) to pin the\n  smc_sock. If the refcount has already reached zero (close\n  path completed), it returns false and we bail out safely.\n\nNote: smc_hs_congested() has a similar lockless read of\nsk_user_data without rcu_read_lock(), but it only checks for\nNULL and accesses the global smc_hs_wq, never dereferencing\nany smc_sock field, so it is not affected.\n\nReproducer was verified with mdelay injection and smc_run,\nthe issue no longer occurs with this patch applied.\n\n[1] https://syzkaller.appspot.com/bug?extid=827ae2bfb3a3529333e9"}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.174","versionEndExcluding":"5.15.203","matchCriteriaId":"A010E017-5B8B-4998-95E7-D76376A71A62"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.18","versionEndExcluding":"6.1.167","matchCriteriaId":"25D24035-467E-4E84-987E-DA8067ECEAC4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.20","matchCriteriaId":"E5571059-6552-48E7-9BEF-3E358C387171"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.10","matchCriteriaId":"96D34333-38BE-4414-9E79-6EB764329581"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1e4f873879e075bbd4eb1c644d6933303ac5eba4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1fab5ece76fb42a761178dcd0ebcbf578377b0dd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6d5e4538364b9ceb1ac2941a4deb86650afb3538","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cadf3da46c15523fba90d80c9955f536ee3b4023","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f00fc26c8a06442b225a350fe000c0a11483e6a3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f315277856caeafcd996c2611afc085ca2d53275","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fd7579f0a2c84ba8a7d4f206201b50dc8ddf90c2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-23451","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-03T16:16:31.460","lastModified":"2026-05-21T00:30:22.150","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: prevent potential infinite loop in bond_header_parse()\n\nbond_header_parse() can loop if a stack of two bonding devices is setup,\nbecause skb->dev always points to the hierarchy top.\n\nAdd new \"const struct net_device *dev\" parameter to\n(struct header_ops)->parse() method to make sure the recursion\nis bounded, and that the final leaf parse method is called."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-835"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.12.78:*:*:*:*:*:*:*","matchCriteriaId":"493FF782-C903-4656-94E0-20B2D0EA024C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.18.19:*:*:*:*:*:*:*","matchCriteriaId":"6D24CF0E-E6F3-40B8-97C7-4913453B199F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19.9:*:*:*:*:*:*:*","matchCriteriaId":"AB047D77-F8E9-431C-8103-B177734E5125"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/4172a7901cf43fe1cc63ef7a2ef33735ff7b7d13","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/946bb6cacf0ccada7bc80f1cfa07c1ed79511c1c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9b49c854f14f5e2d493e562a1e28d2e57fe37371","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b7405dcf7385445e10821777143f18c3ce20fa04","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-23461","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-03T16:16:33.140","lastModified":"2026-05-20T15:30:09.390","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix use-after-free in l2cap_unregister_user\n\nAfter commit ab4eedb790ca (\"Bluetooth: L2CAP: Fix corrupted list in\nhci_chan_del\"), l2cap_conn_del() uses conn->lock to protect access to\nconn->users. However, l2cap_register_user() and l2cap_unregister_user()\ndon't use conn->lock, creating a race condition where these functions can\naccess conn->users and conn->hchan concurrently with l2cap_conn_del().\n\nThis can lead to use-after-free and list corruption bugs, as reported\nby syzbot.\n\nFix this by changing l2cap_register_user() and l2cap_unregister_user()\nto use conn->lock instead of hci_dev_lock(), ensuring consistent locking\nfor the l2cap_conn structure."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.84","versionEndExcluding":"6.6.130","matchCriteriaId":"A87F64C1-AF3B-48DC-89AD-A8C7069BFBA8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12.20","versionEndExcluding":"6.12.78","matchCriteriaId":"EDA52060-BD07-4881-B1B9-27DD1F069333"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13.8","versionEndExcluding":"6.14","matchCriteriaId":"366CEEDE-ED7E-4CD5-A00F-927D6C249DFD"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.14.1","versionEndExcluding":"6.18.20","matchCriteriaId":"BD54E28E-E5DD-4B1B-9B3C-D90CA91313C7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.10","matchCriteriaId":"96D34333-38BE-4414-9E79-6EB764329581"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.14:-:*:*:*:*:*:*","matchCriteriaId":"7DE421BA-0600-4401-A175-73CAB6A6FB4E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.14:rc3:*:*:*:*:*:*","matchCriteriaId":"66619FB8-0AAF-4166-B2CF-67B24143261D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.14:rc4:*:*:*:*:*:*","matchCriteriaId":"D3D6550E-6679-4560-902D-AF52DCFE905B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.14:rc5:*:*:*:*:*:*","matchCriteriaId":"45B90F6B-BEC7-4D4E-883A-9DBADE021750"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.14:rc6:*:*:*:*:*:*","matchCriteriaId":"1759FFB7-531C-41B1-9AE1-FD3D80E0D920"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.14:rc7:*:*:*:*:*:*","matchCriteriaId":"AD948719-8628-4421-A340-1066314BBD4A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/11a87dd5df428a4b79a84d2790cac7f3c73f1f0d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/71030f3b3015a412133a805ff47970cdcf30c2b8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/752a6c9596dd25efd6978a73ff21f3b592668f4a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c22a5e659959eb77c2fbb58a5adfaf3c3dab7abf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/da3000cbe4851458a22be38bb18c0689c39fdd5f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-23462","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-03T16:16:33.313","lastModified":"2026-05-20T15:27:46.557","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: HIDP: Fix possible UAF\n\nThis fixes the following trace caused by not dropping l2cap_conn\nreference when user->remove callback is called:\n\n[   97.809249] l2cap_conn_free: freeing conn ffff88810a171c00\n[   97.809907] CPU: 1 UID: 0 PID: 1419 Comm: repro_standalon Not tainted 7.0.0-rc1-dirty #14 PREEMPT(lazy)\n[   97.809935] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-debian-1.17.0-1 04/01/2014\n[   97.809947] Call Trace:\n[   97.809954]  <TASK>\n[   97.809961]  dump_stack_lvl (lib/dump_stack.c:122)\n[   97.809990]  l2cap_conn_free (net/bluetooth/l2cap_core.c:1808)\n[   97.810017]  l2cap_conn_del (./include/linux/kref.h:66 net/bluetooth/l2cap_core.c:1821 net/bluetooth/l2cap_core.c:1798)\n[   97.810055]  l2cap_disconn_cfm (net/bluetooth/l2cap_core.c:7347 (discriminator 1) net/bluetooth/l2cap_core.c:7340 (discriminator 1))\n[   97.810086]  ? __pfx_l2cap_disconn_cfm (net/bluetooth/l2cap_core.c:7341)\n[   97.810117]  hci_conn_hash_flush (./include/net/bluetooth/hci_core.h:2152 (discriminator 2) net/bluetooth/hci_conn.c:2644 (discriminator 2))\n[   97.810148]  hci_dev_close_sync (net/bluetooth/hci_sync.c:5360)\n[   97.810180]  ? __pfx_hci_dev_close_sync (net/bluetooth/hci_sync.c:5285)\n[   97.810212]  ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:221)\n[   97.810242]  ? up_write (./arch/x86/include/asm/atomic64_64.h:87 (discriminator 5) ./include/linux/atomic/atomic-arch-fallback.h:2852 (discriminator 5) ./include/linux/atomic/atomic-long.h:268 (discriminator 5) ./include/linux/atomic/atomic-instrumented.h:3391 (discriminator 5) kernel/locking/rwsem.c:1385 (discriminator 5) kernel/locking/rwsem.c:1643 (discriminator 5))\n[   97.810267]  ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:221)\n[   97.810290]  ? rcu_is_watching (./arch/x86/include/asm/atomic.h:23 ./include/linux/atomic/atomic-arch-fallback.h:457 ./include/linux/context_tracking.h:128 kernel/rcu/tree.c:752)\n[   97.810320]  hci_unregister_dev (net/bluetooth/hci_core.c:504 net/bluetooth/hci_core.c:2716)\n[   97.810346]  vhci_release (drivers/bluetooth/hci_vhci.c:691)\n[   97.810375]  ? __pfx_vhci_release (drivers/bluetooth/hci_vhci.c:678)\n[   97.810404]  __fput (fs/file_table.c:470)\n[   97.810430]  task_work_run (kernel/task_work.c:235)\n[   97.810451]  ? __pfx_task_work_run (kernel/task_work.c:201)\n[   97.810472]  ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:221)\n[   97.810495]  ? do_raw_spin_unlock (./include/asm-generic/qspinlock.h:128 (discriminator 5) kernel/locking/spinlock_debug.c:142 (discriminator 5))\n[   97.810527]  do_exit (kernel/exit.c:972)\n[   97.810547]  ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:221)\n[   97.810574]  ? __pfx_do_exit (kernel/exit.c:897)\n[   97.810594]  ? lock_acquire (kernel/locking/lockdep.c:470 (discriminator 6) kernel/locking/lockdep.c:5870 (discriminator 6) kernel/locking/lockdep.c:5825 (discriminator 6))\n[   97.810616]  ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:221)\n[   97.810639]  ? do_raw_spin_lock (kernel/locking/spinlock_debug.c:95 (discriminator 4) kernel/locking/spinlock_debug.c:118 (discriminator 4))\n[   97.810664]  ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:221)\n[   97.810688]  ? find_held_lock (kernel/locking/lockdep.c:5350 (discriminator 1))\n[   97.810721]  do_group_exit (kernel/exit.c:1093)\n[   97.810745]  get_signal (kernel/signal.c:3007 (discriminator 1))\n[   97.810772]  ? security_file_permission (./arch/x86/include/asm/jump_label.h:37 security/security.c:2366)\n[   97.810803]  ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:221)\n[   97.810826]  ? vfs_read (fs/read_write.c:555)\n[   97.810854]  ? __pfx_get_signal (kernel/signal.c:2800)\n[   97.810880]  ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:221)\n[   97.810905]  ? __pfx_vfs_read (fs/read_write.c:555)\n[   97.810932]  ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:221)\n[   97.810960]  arch_do_signal_or_restart (arch/\n---truncated---"}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.10","versionEndExcluding":"5.10.253","matchCriteriaId":"405792BF-85EC-437A-8C66-75001E62869B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.167","matchCriteriaId":"2EDC6BAF-B710-4E26-B6AA-D68922EE7B43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.20","matchCriteriaId":"E5571059-6552-48E7-9BEF-3E358C387171"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.10","matchCriteriaId":"96D34333-38BE-4414-9E79-6EB764329581"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/18b1263ece6431bd78fa6b61faaef5281203741c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/21a47a119f33df9bb157326846390d7e8e1b45ba","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/45ebe5b900200ac3e01f3470506a44a447825721","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4d37fa7582aa960ba23e10a7a2596a29f37ad281","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7c805b7d1e580eececcc92470292e3dbc42bc3f5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d955ccbf91ab74d76fe9e4eab2846a7d8a173075","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/dbf666e4fc9bdd975a61bf682b3f75cb0145eedd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f8b6ed2f06d3baa44f347a0fa2af52433f386463","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-23463","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-03T16:16:33.520","lastModified":"2026-05-20T15:25:35.147","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: fsl: qbman: fix race condition in qman_destroy_fq\n\nWhen QMAN_FQ_FLAG_DYNAMIC_FQID is set, there's a race condition between\nfq_table[fq->idx] state and freeing/allocating from the pool and\nWARN_ON(fq_table[fq->idx]) in qman_create_fq() gets triggered.\n\nIndeed, we can have:\n         Thread A                             Thread B\n    qman_destroy_fq()                    qman_create_fq()\n      qman_release_fqid()\n        qman_shutdown_fq()\n        gen_pool_free()\n           -- At this point, the fqid is available again --\n                                           qman_alloc_fqid()\n           -- so, we can get the just-freed fqid in thread B --\n                                           fq->fqid = fqid;\n                                           fq->idx = fqid * 2;\n                                           WARN_ON(fq_table[fq->idx]);\n                                           fq_table[fq->idx] = fq;\n     fq_table[fq->idx] = NULL;\n\nAnd adding some logs between qman_release_fqid() and\nfq_table[fq->idx] = NULL makes the WARN_ON() trigger a lot more.\n\nTo prevent that, ensure that fq_table[fq->idx] is set to NULL before\ngen_pool_free() is called by using smp_wmb()."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-362"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9","versionEndExcluding":"5.10.253","matchCriteriaId":"E1222648-5D33-4FD3-BE03-3A3C9BDEAD8A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.167","matchCriteriaId":"2EDC6BAF-B710-4E26-B6AA-D68922EE7B43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.20","matchCriteriaId":"E5571059-6552-48E7-9BEF-3E358C387171"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.10","matchCriteriaId":"96D34333-38BE-4414-9E79-6EB764329581"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/014077044e874e270ec480515edbc1cadb976cf2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/265e56714635c5dd1e5964bfd97fa6e73f62cde5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/66442cf9989bd4489fa80d9f37637d58ab016835","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/751f60bd48edaf03f9d84ab09e5ce6705757d50f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/85dbbf7dc88b0a54f2e334daedf6f3f31fd004fa","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9e3d47904b8153c8c3ad2f9b66d5008aad677aa8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d21923a8059fa896bfef016f55dd769299335cb4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d288fbe652ef43b7128e4bc0c0c2ef6bd03a2210","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-23464","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-03T16:16:33.697","lastModified":"2026-05-20T15:18:39.457","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: microchip: mpfs: Fix memory leak in mpfs_sys_controller_probe()\n\nIn mpfs_sys_controller_probe(), if of_get_mtd_device_by_node() fails,\nthe function returns immediately without freeing the allocated memory\nfor sys_controller, leading to a memory leak.\n\nFix this by jumping to the out_free label to ensure the memory is\nproperly freed.\n\nAlso, consolidate the error handling for the mbox_request_channel()\nfailure case to use the same label."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.8","versionEndExcluding":"6.12.78","matchCriteriaId":"70EDBB86-A33A-44D8-BF14-B806E56D3529"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.20","matchCriteriaId":"E5571059-6552-48E7-9BEF-3E358C387171"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.10","matchCriteriaId":"96D34333-38BE-4414-9E79-6EB764329581"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/17c84fb7cf3971cc621646185d785670e9530ca1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5a741f8cc6fe62542f955cd8d24933a1b6589cbd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/da4b44c42f40501db35f5d0a6243708a061490a0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e3dd5cffba07de6574165a72851471cd42cc6d15","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-23465","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-03T16:16:33.850","lastModified":"2026-05-20T15:17:02.353","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: log new dentries when logging parent dir of a conflicting inode\n\nIf we log the parent directory of a conflicting inode, we are not logging\nthe new dentries of the directory, so when we finish we have the parent\ndirectory's inode marked as logged but we did not log its new dentries.\nAs a consequence if the parent directory is explicitly fsynced later and\nit does not have any new changes since we logged it, the fsync is a no-op\nand after a power failure the new dentries are missing.\n\nExample scenario:\n\n  $ mkdir foo\n\n  $ sync\n\n  $rmdir foo\n\n  $ mkdir dir1\n  $ mkdir dir2\n\n  # A file with the same name and parent as the directory we just deleted\n  # and was persisted in a past transaction. So the deleted directory's\n  # inode is a conflicting inode of this new file's inode.\n  $ touch foo\n\n  $ ln foo dir2/link\n\n  # The fsync on dir2 will log the parent directory (\".\") because the\n  # conflicting inode (deleted directory) does not exists anymore, but it\n  # it does not log its new dentries (dir1).\n  $ xfs_io -c \"fsync\" dir2\n\n  # This fsync on the parent directory is no-op, since the previous fsync\n  # logged it (but without logging its new dentries).\n  $ xfs_io -c \"fsync\" .\n\n  <power failure>\n\n  # After log replay dir1 is missing.\n\nFix this by ensuring we log new dir dentries whenever we log the parent\ndirectory of a no longer existing conflicting inode.\n\nA test case for fstests will follow soon."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.1","versionEndExcluding":"6.6.130","matchCriteriaId":"EE5B4B77-1DB1-4825-837A-1DACD8618635"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.20","matchCriteriaId":"E5571059-6552-48E7-9BEF-3E358C387171"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.10","matchCriteriaId":"96D34333-38BE-4414-9E79-6EB764329581"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1cf30c73602c69d750c9345c47f2c0e9d0cfb578","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/56e72c8b02d982be775d9df025357c152383ee84","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6f5a51969b1deb79aefd2194b48fe7e78e72ff7e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9573a365ff9ff45da9222d3fe63695ce562beb24","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f556b1e09d054e31f464c0fd37280c2b5a393fee","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-23466","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-03T16:16:34.017","lastModified":"2026-05-20T15:15:36.770","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Open-code GGTT MMIO access protection\n\nGGTT MMIO access is currently protected by hotplug (drm_dev_enter),\nwhich works correctly when the driver loads successfully and is later\nunbound or unloaded. However, if driver load fails, this protection is\ninsufficient because drm_dev_unplug() is never called.\n\nAdditionally, devm release functions cannot guarantee that all BOs with\nGGTT mappings are destroyed before the GGTT MMIO region is removed, as\nsome BOs may be freed asynchronously by worker threads.\n\nTo address this, introduce an open-coded flag, protected by the GGTT\nlock, that guards GGTT MMIO access. The flag is cleared during the\ndev_fini_ggtt devm release function to ensure MMIO access is disabled\nonce teardown begins.\n\n(cherry picked from commit 4f3a998a173b4325c2efd90bdadc6ccd3ad9a431)"}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12","versionEndExcluding":"6.12.78","matchCriteriaId":"CF16B1DB-0D79-4F76-8B3C-57C79AB99F70"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.20","matchCriteriaId":"E5571059-6552-48E7-9BEF-3E358C387171"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.10","matchCriteriaId":"96D34333-38BE-4414-9E79-6EB764329581"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/01f2557aa684e514005541e71a3d01f4cd45c170","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1e9e2640d870d4837bcfdc220cb2c99ae5ee119f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/76326dc06d8793c2c81c31cc0115dbc348de2f88","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e2b424aadecb640f9e037b2891191cf8fd4c64cf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-23475","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-03T16:16:35.440","lastModified":"2026-05-20T15:14:29.237","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nspi: fix statistics allocation\n\nThe controller per-cpu statistics is not allocated until after the\ncontroller has been registered with driver core, which leaves a window\nwhere accessing the sysfs attributes can trigger a NULL-pointer\ndereference.\n\nFix this by moving the statistics allocation to controller allocation\nwhile tying its lifetime to that of the controller (rather than using\nimplicit devres)."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"6.1.167","matchCriteriaId":"E1965CA7-37DE-412B-919C-4794C1259363"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.20","matchCriteriaId":"E5571059-6552-48E7-9BEF-3E358C387171"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.10","matchCriteriaId":"96D34333-38BE-4414-9E79-6EB764329581"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/118ce777d39f03cac99231196f820e4f998613a8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/378b295f67102eef78cf2c28105f60ae1dab5cc1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/80c5bd0dca1cc5526ae0f4b273ccd163ed4caa4e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/dee0774bbb2abb172e9069ce5ffef579b12b3ae9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/df30056c78e8bead02d4be020199cabdbec0fef1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f13100b1f5f111989f0750540a795fdef47492af","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-31389","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-03T16:16:36.823","lastModified":"2026-05-20T15:12:39.943","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nspi: fix use-after-free on controller registration failure\n\nMake sure to deregister from driver core also in the unlikely event that\nper-cpu statistics allocation fails during controller registration to\navoid use-after-free (of driver resources) and unclocked register\naccesses."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"6.1.167","matchCriteriaId":"E1965CA7-37DE-412B-919C-4794C1259363"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.20","matchCriteriaId":"E5571059-6552-48E7-9BEF-3E358C387171"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.10","matchCriteriaId":"96D34333-38BE-4414-9E79-6EB764329581"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0e23f50086da7d0b183dfeac26021acfcdee086b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/23b51bad2eb8787aa74324cfccefb258515ae5ba","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6bbd385b30c7fb6c7ee0669e9ada91490938c051","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/80f3e8cd2b4ad355b2ad2024cf423f6d183404f7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8634e05b08ead636e926022f4a98416e13440df9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/afe27c1f43aa57530011f419be6ddf71306565d2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-31394","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-03T16:16:37.597","lastModified":"2026-05-20T15:08:26.533","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmac80211: fix crash in ieee80211_chan_bw_change for AP_VLAN stations\n\nieee80211_chan_bw_change() iterates all stations and accesses\nlink->reserved.oper via sta->sdata->link[link_id]. For stations on\nAP_VLAN interfaces (e.g. 4addr WDS clients), sta->sdata points to\nthe VLAN sdata, whose link never participates in chanctx reservations.\nThis leaves link->reserved.oper zero-initialized with chan == NULL,\ncausing a NULL pointer dereference in __ieee80211_sta_cap_rx_bw()\nwhen accessing chandef->chan->band during CSA.\n\nResolve the VLAN sdata to its parent AP sdata using get_bss_sdata()\nbefore accessing link data.\n\n[also change sta->sdata in ARRAY_SIZE even if it doesn't matter]"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.11","versionEndExcluding":"6.12.78","matchCriteriaId":"77CDBE06-9D74-42B8-997B-232CD9BBDC24"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.20","matchCriteriaId":"E5571059-6552-48E7-9BEF-3E358C387171"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.10","matchCriteriaId":"96D34333-38BE-4414-9E79-6EB764329581"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3c6629e859a2211a1fbb4868f915413f80001ca5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5a86d4e920d9783a198e39cf53f0e410fba5fbd6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/65c25b588994dd422fea73fa322de56e1ae4a33b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/672e5229e1ecfc2a3509b53adcb914d8b024a853","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-31395","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-03T16:16:37.743","lastModified":"2026-05-20T15:07:07.773","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: fix OOB access in DBG_BUF_PRODUCER async event handler\n\nThe ASYNC_EVENT_CMPL_EVENT_ID_DBG_BUF_PRODUCER handler in\nbnxt_async_event_process() uses a firmware-supplied 'type' field\ndirectly as an index into bp->bs_trace[] without bounds validation.\n\nThe 'type' field is a 16-bit value extracted from DMA-mapped completion\nring memory that the NIC writes directly to host RAM. A malicious or\ncompromised NIC can supply any value from 0 to 65535, causing an\nout-of-bounds access into kernel heap memory.\n\nThe bnxt_bs_trace_check_wrap() call then dereferences bs_trace->magic_byte\nand writes to bs_trace->last_offset and bs_trace->wrapped, leading to\nkernel memory corruption or a crash.\n\nFix by adding a bounds check and defining BNXT_TRACE_MAX as\nDBG_LOG_BUFFER_FLUSH_REQ_TYPE_ERR_QPC_TRACE + 1 to cover all currently\ndefined firmware trace types (0x0 through 0xc)."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.20","matchCriteriaId":"E5571059-6552-48E7-9BEF-3E358C387171"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.10","matchCriteriaId":"96D34333-38BE-4414-9E79-6EB764329581"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/19aa416eed9e4aaf1bbe8da0f7bd9a9be31158c8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/64dcbde7f8f870a4f2d9daf24ffb06f9748b5dd3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b7c7a275447c6d4bf4a36a134682e2e4e20efd4b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-31396","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-03T16:16:37.887","lastModified":"2026-05-20T13:08:34.700","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: macb: fix use-after-free access to PTP clock\n\nPTP clock is registered on every opening of the interface and destroyed on\nevery closing.  However it may be accessed via get_ts_info ethtool call\nwhich is possible while the interface is just present in the kernel.\n\nBUG: KASAN: use-after-free in ptp_clock_index+0x47/0x50 drivers/ptp/ptp_clock.c:426\nRead of size 4 at addr ffff8880194345cc by task syz.0.6/948\n\nCPU: 1 PID: 948 Comm: syz.0.6 Not tainted 6.1.164+ #109\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.1-0-g3208b098f51a-prebuilt.qemu.org 04/01/2014\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x8d/0xba lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:316 [inline]\n print_report+0x17f/0x496 mm/kasan/report.c:420\n kasan_report+0xd9/0x180 mm/kasan/report.c:524\n ptp_clock_index+0x47/0x50 drivers/ptp/ptp_clock.c:426\n gem_get_ts_info+0x138/0x1e0 drivers/net/ethernet/cadence/macb_main.c:3349\n macb_get_ts_info+0x68/0xb0 drivers/net/ethernet/cadence/macb_main.c:3371\n __ethtool_get_ts_info+0x17c/0x260 net/ethtool/common.c:558\n ethtool_get_ts_info net/ethtool/ioctl.c:2367 [inline]\n __dev_ethtool net/ethtool/ioctl.c:3017 [inline]\n dev_ethtool+0x2b05/0x6290 net/ethtool/ioctl.c:3095\n dev_ioctl+0x637/0x1070 net/core/dev_ioctl.c:510\n sock_do_ioctl+0x20d/0x2c0 net/socket.c:1215\n sock_ioctl+0x577/0x6d0 net/socket.c:1320\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:870 [inline]\n __se_sys_ioctl fs/ioctl.c:856 [inline]\n __x64_sys_ioctl+0x18c/0x210 fs/ioctl.c:856\n do_syscall_x64 arch/x86/entry/common.c:46 [inline]\n do_syscall_64+0x35/0x80 arch/x86/entry/common.c:76\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n </TASK>\n\nAllocated by task 457:\n kmalloc include/linux/slab.h:563 [inline]\n kzalloc include/linux/slab.h:699 [inline]\n ptp_clock_register+0x144/0x10e0 drivers/ptp/ptp_clock.c:235\n gem_ptp_init+0x46f/0x930 drivers/net/ethernet/cadence/macb_ptp.c:375\n macb_open+0x901/0xd10 drivers/net/ethernet/cadence/macb_main.c:2920\n __dev_open+0x2ce/0x500 net/core/dev.c:1501\n __dev_change_flags+0x56a/0x740 net/core/dev.c:8651\n dev_change_flags+0x92/0x170 net/core/dev.c:8722\n do_setlink+0xaf8/0x3a80 net/core/rtnetlink.c:2833\n __rtnl_newlink+0xbf4/0x1940 net/core/rtnetlink.c:3608\n rtnl_newlink+0x63/0xa0 net/core/rtnetlink.c:3655\n rtnetlink_rcv_msg+0x3c6/0xed0 net/core/rtnetlink.c:6150\n netlink_rcv_skb+0x15d/0x430 net/netlink/af_netlink.c:2511\n netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]\n netlink_unicast+0x6d7/0xa30 net/netlink/af_netlink.c:1344\n netlink_sendmsg+0x97e/0xeb0 net/netlink/af_netlink.c:1872\n sock_sendmsg_nosec net/socket.c:718 [inline]\n __sock_sendmsg+0x14b/0x180 net/socket.c:730\n __sys_sendto+0x320/0x3b0 net/socket.c:2152\n __do_sys_sendto net/socket.c:2164 [inline]\n __se_sys_sendto net/socket.c:2160 [inline]\n __x64_sys_sendto+0xdc/0x1b0 net/socket.c:2160\n do_syscall_x64 arch/x86/entry/common.c:46 [inline]\n do_syscall_64+0x35/0x80 arch/x86/entry/common.c:76\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n\nFreed by task 938:\n kasan_slab_free include/linux/kasan.h:177 [inline]\n slab_free_hook mm/slub.c:1729 [inline]\n slab_free_freelist_hook mm/slub.c:1755 [inline]\n slab_free mm/slub.c:3687 [inline]\n __kmem_cache_free+0xbc/0x320 mm/slub.c:3700\n device_release+0xa0/0x240 drivers/base/core.c:2507\n kobject_cleanup lib/kobject.c:681 [inline]\n kobject_release lib/kobject.c:712 [inline]\n kref_put include/linux/kref.h:65 [inline]\n kobject_put+0x1cd/0x350 lib/kobject.c:729\n put_device+0x1b/0x30 drivers/base/core.c:3805\n ptp_clock_unregister+0x171/0x270 drivers/ptp/ptp_clock.c:391\n gem_ptp_remove+0x4e/0x1f0 drivers/net/ethernet/cadence/macb_ptp.c:404\n macb_close+0x1c8/0x270 drivers/net/ethernet/cadence/macb_main.c:2966\n __dev_close_many+0x1b9/0x310 net/core/dev.c:1585\n __dev_close net/core/dev.c:1597 [inline]\n __dev_change_flags+0x2bb/0x740 net/core/dev.c:8649\n dev_change_fl\n---truncated---"}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"5.10.253","matchCriteriaId":"0F72276A-F3E2-4130-8677-3AA5521A3C83"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.167","matchCriteriaId":"2EDC6BAF-B710-4E26-B6AA-D68922EE7B43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.20","matchCriteriaId":"E5571059-6552-48E7-9BEF-3E358C387171"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.10","matchCriteriaId":"96D34333-38BE-4414-9E79-6EB764329581"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0bb848d8c64938024e45780f8032f1f67d3a3607","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1f4714065b2bcbb0a4013fd355b84b848e6cc345","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/341d01087f821aa0f165fb1ffc8bfe4e50776da7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5653af416a48f6c18f9626ae9df96f814f45ff34","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6b757f345eeea87ed5d8afd6de35b927a1a57a2f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8820ffe0975fd2efbe50453e9179c8e1c33a13d3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8da13e6d63c1a97f7302d342c89c4a56a55c7015","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/eb652535e9ec795ef5c1078f7578eaaed755268b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-31397","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-03T16:16:38.093","lastModified":"2026-05-20T13:06:35.743","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/huge_memory: fix use of NULL folio in move_pages_huge_pmd()\n\nmove_pages_huge_pmd() handles UFFDIO_MOVE for both normal THPs and huge\nzero pages.  For the huge zero page path, src_folio is explicitly set to\nNULL, and is used as a sentinel to skip folio operations like lock and\nrmap.\n\nIn the huge zero page branch, src_folio is NULL, so folio_mk_pmd(NULL,\npgprot) passes NULL through folio_pfn() and page_to_pfn().  With\nSPARSEMEM_VMEMMAP this silently produces a bogus PFN, installing a PMD\npointing to non-existent physical memory.  On other memory models it is a\nNULL dereference.\n\nUse page_folio(src_page) to obtain the valid huge zero folio from the\npage, which was obtained from pmd_page() and remains valid throughout.\n\nAfter commit d82d09e48219 (\"mm/huge_memory: mark PMD mappings of the huge\nzero folio special\"), moved huge zero PMDs must remain special so\nvm_normal_page_pmd() continues to treat them as special mappings.\n\nmove_pages_huge_pmd() currently reconstructs the destination PMD in the\nhuge zero page branch, which drops PMD state such as pmd_special() on\narchitectures with CONFIG_ARCH_HAS_PTE_SPECIAL.  As a result,\nvm_normal_page_pmd() can treat the moved huge zero PMD as a normal page\nand corrupt its refcount.\n\nInstead of reconstructing the PMD from the folio, derive the destination\nentry from src_pmdval after pmdp_huge_clear_flush(), then handle the PMD\nmetadata the same way move_huge_pmd() does for moved entries by marking it\nsoft-dirty and clearing uffd-wp."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.16","versionEndExcluding":"6.18.20","matchCriteriaId":"1C570CE1-BC61-4BE6-9393-FD0CA8637367"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.10","matchCriteriaId":"96D34333-38BE-4414-9E79-6EB764329581"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/e3133d0986dc5a231d5419167dbac65312b28b41","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f3caaee0f9e489fd2282d4ce45791dc8aed2da62","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fae654083bfa409bb2244f390232e2be47f05bfc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-31398","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-03T16:16:38.240","lastModified":"2026-05-20T13:03:52.863","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/rmap: fix incorrect pte restoration for lazyfree folios\n\nWe batch unmap anonymous lazyfree folios by folio_unmap_pte_batch.  If the\nbatch has a mix of writable and non-writable bits, we may end up setting\nthe entire batch writable.  Fix this by respecting writable bit during\nbatching.\n\nAlthough on a successful unmap of a lazyfree folio, the soft-dirty bit is\nlost, preserve it on pte restoration by respecting the bit during\nbatching, to make the fix consistent w.r.t both writable bit and\nsoft-dirty bit.\n\nI was able to write the below reproducer and crash the kernel. \nExplanation of reproducer (set 64K mTHP to always):\n\nFault in a 64K large folio.  Split the VMA at mid-point with\nMADV_DONTFORK.  fork() - parent points to the folio with 8 writable ptes\nand 8 non-writable ptes.  Merge the VMAs with MADV_DOFORK so that\nfolio_unmap_pte_batch() can determine all the 16 ptes as a batch.  Do\nMADV_FREE on the range to mark the folio as lazyfree.  Write to the memory\nto dirty the pte, eventually rmap will dirty the folio.  Then trigger\nreclaim, we will hit the pte restoration path, and the kernel will crash\nwith the trace given below.\n\nThe BUG happens at:\n\n\tBUG_ON(atomic_inc_return(&ptc->anon_map_count) > 1 && rw);\n\nThe code path is asking for anonymous page to be mapped writable into the\npagetable.  The BUG_ON() firing implies that such a writable page has been\nmapped into the pagetables of more than one process, which breaks\nanonymous memory/CoW semantics.\n\n[   21.134473] kernel BUG at mm/page_table_check.c:118!\n[   21.134497] Internal error: Oops - BUG: 00000000f2000800 [#1]  SMP\n[   21.135917] Modules linked in:\n[   21.136085] CPU: 1 UID: 0 PID: 1735 Comm: dup-lazyfree Not tainted 7.0.0-rc1-00116-g018018a17770 #1028 PREEMPT\n[   21.136858] Hardware name: linux,dummy-virt (DT)\n[   21.137019] pstate: 21400005 (nzCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n[   21.137308] pc : page_table_check_set+0x28c/0x2a8\n[   21.137607] lr : page_table_check_set+0x134/0x2a8\n[   21.137885] sp : ffff80008a3b3340\n[   21.138124] x29: ffff80008a3b3340 x28: fffffdffc3d14400 x27: ffffd1a55e03d000\n[   21.138623] x26: 0040000000000040 x25: ffffd1a55f7dd000 x24: 0000000000000001\n[   21.139045] x23: 0000000000000001 x22: 0000000000000001 x21: ffffd1a55f217f30\n[   21.139629] x20: 0000000000134521 x19: 0000000000134519 x18: 005c43e000040000\n[   21.140027] x17: 0001400000000000 x16: 0001700000000000 x15: 000000000000ffff\n[   21.140578] x14: 000000000000000c x13: 005c006000000000 x12: 0000000000000020\n[   21.140828] x11: 0000000000000000 x10: 005c000000000000 x9 : ffffd1a55c079ee0\n[   21.141077] x8 : 0000000000000001 x7 : 005c03e000040000 x6 : 000000004000ffff\n[   21.141490] x5 : ffff00017fffce00 x4 : 0000000000000001 x3 : 0000000000000002\n[   21.141741] x2 : 0000000000134510 x1 : 0000000000000000 x0 : ffff0000c08228c0\n[   21.141991] Call trace:\n[   21.142093]  page_table_check_set+0x28c/0x2a8 (P)\n[   21.142265]  __page_table_check_ptes_set+0x144/0x1e8\n[   21.142441]  __set_ptes_anysz.constprop.0+0x160/0x1a8\n[   21.142766]  contpte_set_ptes+0xe8/0x140\n[   21.142907]  try_to_unmap_one+0x10c4/0x10d0\n[   21.143177]  rmap_walk_anon+0x100/0x250\n[   21.143315]  try_to_unmap+0xa0/0xc8\n[   21.143441]  shrink_folio_list+0x59c/0x18a8\n[   21.143759]  shrink_lruvec+0x664/0xbf0\n[   21.144043]  shrink_node+0x218/0x878\n[   21.144285]  __node_reclaim.constprop.0+0x98/0x338\n[   21.144763]  user_proactive_reclaim+0x2a4/0x340\n[   21.145056]  reclaim_store+0x3c/0x60\n[   21.145216]  dev_attr_store+0x20/0x40\n[   21.145585]  sysfs_kf_write+0x84/0xa8\n[   21.145835]  kernfs_fop_write_iter+0x130/0x1c8\n[   21.145994]  vfs_write+0x2b8/0x368\n[   21.146119]  ksys_write+0x70/0x110\n[   21.146240]  __arm64_sys_write+0x24/0x38\n[   21.146380]  invoke_syscall+0x50/0x120\n[   21.146513]  el0_svc_common.constprop.0+0x48/0xf8\n[   21.146679]  do_el0_svc+0x28/0x40\n[   21.146798]  el0_svc+0x34/0x110\n[   21.146926]  el0t\n---truncated---"}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-617"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.15","versionEndExcluding":"6.18.20","matchCriteriaId":"EED1C3F0-0463-4DCE-8328-8E640BA510FF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.10","matchCriteriaId":"96D34333-38BE-4414-9E79-6EB764329581"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/29f40594a28114b9a9bc87f6cf7bbee9609628f2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/99888a4f340ca8e839a0524556bd4db76d63f4e0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a0911ccdba41b0871abbf8412857bafedec3dbe1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-31399","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-03T16:16:38.410","lastModified":"2026-05-20T12:54:51.920","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnvdimm/bus: Fix potential use after free in asynchronous initialization\n\nDingisoul with KASAN reports a use after free if device_add() fails in\nnd_async_device_register().\n\nCommit b6eae0f61db2 (\"libnvdimm: Hold reference on parent while\nscheduling async init\") correctly added a reference on the parent device\nto be held until asynchronous initialization was complete.  However, if\ndevice_add() results in an allocation failure the ref count of the\ndevice drops to 0 prior to the parent pointer being accessed.  Thus\nresulting in use after free.\n\nThe bug bot AI correctly identified the fix.  Save a reference to the\nparent pointer to be used to drop the parent reference regardless of the\noutcome of device_add()."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.164","versionEndExcluding":"4.5","matchCriteriaId":"3F465C16-7558-45C0-8A57-E91446282ED2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9.137","versionEndExcluding":"4.10","matchCriteriaId":"37605FCB-BF78-48D6-8838-00E69121C271"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14.81","versionEndExcluding":"4.15","matchCriteriaId":"0E3D2C10-16F9-4F31-94C6-EBE99C89FF70"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.18.19","versionEndExcluding":"4.19","matchCriteriaId":"9D418973-A1B7-4F79-B990-AFFA8B41983C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.2","versionEndExcluding":"5.10.253","matchCriteriaId":"38D904CC-7C9A-4A9A-9A82-96FD6C821BB3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.167","matchCriteriaId":"2EDC6BAF-B710-4E26-B6AA-D68922EE7B43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.20","matchCriteriaId":"E5571059-6552-48E7-9BEF-3E358C387171"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.10","matchCriteriaId":"96D34333-38BE-4414-9E79-6EB764329581"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2c638259ad750833fd46a0cf57672a618542d84c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6fc36c2a925ceaba203eb13d75a8f0879a2c121b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/84af19855d1abdee3c9d57c0684e2868e391793c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9a0fb16ba5b372465a3a1ecd761c6fa911a4ab4d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a226e5b49e5fe8c98b14f8507de670189d191348","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a36cf138500e56f50db9f9a33222df6969b38326","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a8aec14230322ed8f1e8042b6d656c1631d41163","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e48bf8f1d2b12c1c5ba1f609edbd4cde5dadc20e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-31400","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-03T16:16:38.623","lastModified":"2026-05-20T12:31:31.450","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: fix cache_request leak in cache_release\n\nWhen a reader's file descriptor is closed while in the middle of reading\na cache_request (rp->offset != 0), cache_release() decrements the\nrequest's readers count but never checks whether it should free the\nrequest.\n\nIn cache_read(), when readers drops to 0 and CACHE_PENDING is clear, the\ncache_request is removed from the queue and freed along with its buffer\nand cache_head reference. cache_release() lacks this cleanup.\n\nThe only other path that frees requests with readers == 0 is\ncache_dequeue(), but it runs only when CACHE_PENDING transitions from\nset to clear. If that transition already happened while readers was\nstill non-zero, cache_dequeue() will have skipped the request, and no\nsubsequent call will clean it up.\n\nAdd the same cleanup logic from cache_read() to cache_release(): after\ndecrementing readers, check if it reached 0 with CACHE_PENDING clear,\nand if so, dequeue and free the cache_request."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12.1","versionEndExcluding":"5.10.253","matchCriteriaId":"5F0E43E1-33E5-4828-9B4A-F710AF2E7217"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.167","matchCriteriaId":"2EDC6BAF-B710-4E26-B6AA-D68922EE7B43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.20","matchCriteriaId":"E5571059-6552-48E7-9BEF-3E358C387171"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.10","matchCriteriaId":"96D34333-38BE-4414-9E79-6EB764329581"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*","matchCriteriaId":"6F62EECE-8FB1-4D57-85D8-CB9E23CF313C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*","matchCriteriaId":"4F76C298-81DC-43E4-8FC9-DC005A2116EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*","matchCriteriaId":"0AB349B2-3F78-4197-882B-90ADB3BF645A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*","matchCriteriaId":"6AC88830-A9BC-4607-B572-A4B502FC9FD0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*","matchCriteriaId":"476CB3A5-D022-4F13-AAEF-CB6A5785516A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/17ad31b3a43b72aec3a3d83605891e1397d0d065","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1dfedb293943e491379c9302b428e6f920a73d12","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/301670dcd098c1fe5c2fe90fb3c7a8f4814d2351","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/373457de14281c1fc7cace6fc4c8a267fc176673","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/41f6ba6c98a618043d2cd71030bf9a752dfab8b2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7bcd5e318876ac638c8ceade7a648e76ac8c48e1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/be5c35960e5ead70862736161836e2d1bc7352dc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f18c1f2a88ca91357916997cdb0f7adaf14fc497","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-31401","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-03T16:16:39.140","lastModified":"2026-05-20T12:19:54.790","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nHID: bpf: prevent buffer overflow in hid_hw_request\n\nright now the returned value is considered to be always valid. However,\nwhen playing with HID-BPF, the return value can be arbitrary big,\nbecause it's the return value of dispatch_hid_bpf_raw_requests(), which\ncalls the struct_ops and we have no guarantees that the value makes\nsense."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.11","versionEndExcluding":"6.12.78","matchCriteriaId":"77CDBE06-9D74-42B8-997B-232CD9BBDC24"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.20","matchCriteriaId":"E5571059-6552-48E7-9BEF-3E358C387171"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.10","matchCriteriaId":"96D34333-38BE-4414-9E79-6EB764329581"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2b658c1c442ec1cd9eec5ead98d68662c40fe645","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/73c5b5aea1c443239c8cb4191b4af7a4bd6fd7b1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d6efaa50af62fb0790dd1fd4e7e5506b46312510","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/eb57dae20fdf6f3069cdc07821fa3bb46de381d7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-31402","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-03T16:16:39.283","lastModified":"2026-05-20T12:17:28.340","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix heap overflow in NFSv4.0 LOCK replay cache\n\nThe NFSv4.0 replay cache uses a fixed 112-byte inline buffer\n(rp_ibuf[NFSD4_REPLAY_ISIZE]) to store encoded operation responses.\nThis size was calculated based on OPEN responses and does not account\nfor LOCK denied responses, which include the conflicting lock owner as\na variable-length field up to 1024 bytes (NFS4_OPAQUE_LIMIT).\n\nWhen a LOCK operation is denied due to a conflict with an existing lock\nthat has a large owner, nfsd4_encode_operation() copies the full encoded\nresponse into the undersized replay buffer via read_bytes_from_xdr_buf()\nwith no bounds check. This results in a slab-out-of-bounds write of up\nto 944 bytes past the end of the buffer, corrupting adjacent heap memory.\n\nThis can be triggered remotely by an unauthenticated attacker with two\ncooperating NFSv4.0 clients: one sets a lock with a large owner string,\nthen the other requests a conflicting lock to provoke the denial.\n\nWe could fix this by increasing NFSD4_REPLAY_ISIZE to allow for a full\nopaque, but that would increase the size of every stateowner, when most\nlockowners are not that large.\n\nInstead, fix this by checking the encoded response length against\nNFSD4_REPLAY_ISIZE before copying into the replay buffer. If the\nresponse is too large, set rp_buflen to 0 to skip caching the replay\npayload. The status is still cached, and the client already received the\ncorrect response on the original request."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12.1","versionEndExcluding":"5.10.253","matchCriteriaId":"5F0E43E1-33E5-4828-9B4A-F710AF2E7217"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"6.1.167","matchCriteriaId":"56D62904-7C85-4BED-9EC0-3982B880F72D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.20","matchCriteriaId":"E5571059-6552-48E7-9BEF-3E358C387171"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.10","matchCriteriaId":"96D34333-38BE-4414-9E79-6EB764329581"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*","matchCriteriaId":"6F62EECE-8FB1-4D57-85D8-CB9E23CF313C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*","matchCriteriaId":"4F76C298-81DC-43E4-8FC9-DC005A2116EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*","matchCriteriaId":"0AB349B2-3F78-4197-882B-90ADB3BF645A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*","matchCriteriaId":"6AC88830-A9BC-4607-B572-A4B502FC9FD0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*","matchCriteriaId":"476CB3A5-D022-4F13-AAEF-CB6A5785516A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0f0e2a54a31a7f9ad2915db99156114872317388","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5133b61aaf437e5f25b1b396b14242a6bb0508e2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8afb437ea1f70cacb4bbdf11771fb5c4d720b965","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ae8498337dfdfda71bdd0b807c9a23a126011d76","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c9452c0797c95cf2378170df96cf4f4b3bca7eff","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/dad0c3c0a8e5d1d6eb0fc455694ce3e25e6c57d0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f9fcb4441f6c02bb20c2eb340101e27dfe23607c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-31406","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-06T08:16:38.457","lastModified":"2026-05-20T16:23:25.990","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini()\n\nAfter cancel_delayed_work_sync() is called from\nxfrm_nat_keepalive_net_fini(), xfrm_state_fini() flushes remaining\nstates via __xfrm_state_delete(), which calls\nxfrm_nat_keepalive_state_updated() to re-schedule nat_keepalive_work.\n\nThe following is a simple race scenario:\n\n           cpu0                             cpu1\n\ncleanup_net() [Round 1]\n  ops_undo_list()\n    xfrm_net_exit()\n      xfrm_nat_keepalive_net_fini()\n        cancel_delayed_work_sync(nat_keepalive_work);\n      xfrm_state_fini()\n        xfrm_state_flush()\n          xfrm_state_delete(x)\n            __xfrm_state_delete(x)\n              xfrm_nat_keepalive_state_updated(x)\n                schedule_delayed_work(nat_keepalive_work);\n  rcu_barrier();\n  net_complete_free();\n  net_passive_dec(net);\n    llist_add(&net->defer_free_list, &defer_free_list);\n\ncleanup_net() [Round 2]\n  rcu_barrier();\n  net_complete_free()\n    kmem_cache_free(net_cachep, net);\n                                     nat_keepalive_work()\n                                       // on freed net\n\nTo prevent this, cancel_delayed_work_sync() is replaced with\ndisable_delayed_work_sync()."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.11","versionEndExcluding":"6.12.80","matchCriteriaId":"3C886EDB-88C5-47BE-9133-37C769192535"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.21","matchCriteriaId":"ED39847A-3B46-4729-B7CA-B2C30B9FA8FE"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.11","matchCriteriaId":"4CA2E747-A9EC-4518-9AA2-B4247FC748B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/21f2fc49ca6faa393c31da33b8a4e6c41fc84c13","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2255ed6adbc3100d2c4a83abd9d0396d04b87792","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/32d0f44c2f14d60fe8e920e69a28c11051543ec1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/daf8e3b253aa760ff9e96c7768a464bc1d6b3c90","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-31407","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-06T08:16:38.623","lastModified":"2026-05-20T16:22:08.980","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: conntrack: add missing netlink policy validations\n\nHyunwoo Kim reports out-of-bounds access in sctp and ctnetlink.\n\nThese attributes are used by the kernel without any validation.\nExtend the netlink policies accordingly.\n\nQuoting the reporter:\n  nlattr_to_sctp() assigns the user-supplied CTA_PROTOINFO_SCTP_STATE\n  value directly to ct->proto.sctp.state without checking that it is\n  within the valid range. [..]\n\n  and: ... with exp->dir = 100, the access at\n  ct->master->tuplehash[100] reads 5600 bytes past the start of a\n  320-byte nf_conn object, causing a slab-out-of-bounds read confirmed by\n  UBSAN."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.27","versionEndExcluding":"6.6.136","matchCriteriaId":"B3457033-D01A-43C8-836D-8E21A577B7A5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.83","matchCriteriaId":"7F0AE5B5-23AC-4DCC-B37A-51CA1DAE7BA8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.24","matchCriteriaId":"8126B8B8-6D0B-4443-86C1-672AEE893555"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.10","matchCriteriaId":"96D34333-38BE-4414-9E79-6EB764329581"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0fbae1e74493d5a160a70c51aeba035d8266ea7d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/67c53c1978cef3c504237275e39c857e2f6af56e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9174d28f3f15d8c4962f5980c0be167633880443","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c5e918390002edf0cff80a0e7ce1f86f16a9507c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f900e1d77ee0ef87bfb5ab3fe60f0b3d8ad5ba05","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-31408","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-06T08:16:38.757","lastModified":"2026-05-20T16:18:27.093","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold\n\nsco_recv_frame() reads conn->sk under sco_conn_lock() but immediately\nreleases the lock without holding a reference to the socket. A concurrent\nclose() can free the socket between the lock release and the subsequent\nsk->sk_state access, resulting in a use-after-free.\n\nOther functions in the same file (sco_sock_timeout(), sco_conn_del())\ncorrectly use sco_sock_hold() to safely hold a reference under the lock.\n\nFix by using sco_sock_hold() to take a reference before releasing the\nlock, and adding sock_put() on all exit paths."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12.1","versionEndExcluding":"5.15.203","matchCriteriaId":"A0A14F27-2B54-495E-9E83-FD1A2D3AC85C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.168","matchCriteriaId":"E2DDDCA1-6DAB-4018-B920-8F045DDD8D3B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.131","matchCriteriaId":"CE6ED4D4-0046-4573-BFA9-D64143B6A89F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.80","matchCriteriaId":"97EB19EC-A11E-49C6-9D2F-6F6EC6CB98B6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.21","matchCriteriaId":"ED39847A-3B46-4729-B7CA-B2C30B9FA8FE"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.11","matchCriteriaId":"4CA2E747-A9EC-4518-9AA2-B4247FC748B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*","matchCriteriaId":"6F62EECE-8FB1-4D57-85D8-CB9E23CF313C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*","matchCriteriaId":"4F76C298-81DC-43E4-8FC9-DC005A2116EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*","matchCriteriaId":"0AB349B2-3F78-4197-882B-90ADB3BF645A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*","matchCriteriaId":"6AC88830-A9BC-4607-B572-A4B502FC9FD0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*","matchCriteriaId":"476CB3A5-D022-4F13-AAEF-CB6A5785516A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/108b81514d8f2535eb16651495cefb2250528db3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/45aaca995e4a7a05b272a58e7ab2fff4f611b8f1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/598dbba9919c5e36c54fe1709b557d64120cb94b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7197462e90b8ce15caa1ae15d4bc2bb8cd21b11e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b0a7da0e3f7442545f071499beb36374714bb9de","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d57384e27d1ebf0047e3f00a6e1181b8be9857a2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e76e8f0581ef555eacc11dbb095e602fb30a5361","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-31409","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-06T08:16:38.943","lastModified":"2026-05-20T16:15:51.630","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: unset conn->binding on failed binding request\n\nWhen a multichannel SMB2_SESSION_SETUP request with\nSMB2_SESSION_REQ_FLAG_BINDING fails ksmbd sets conn->binding = true\nbut never clears it on the error path. This leaves the connection in\na binding state where all subsequent ksmbd_session_lookup_all() calls\nfall back to the global sessions table. This fix it by clearing\nconn->binding = false in the error path."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"6.1.167","matchCriteriaId":"54D2788B-5D8B-4E8C-A8AD-0650F3F1B069"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.20","matchCriteriaId":"E5571059-6552-48E7-9BEF-3E358C387171"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.10","matchCriteriaId":"96D34333-38BE-4414-9E79-6EB764329581"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/282343cf8a4a5a3603b1cb0e17a7083e4a593b03","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6260fc85ed1298a71d24a75d01f8b2e56d489a60","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6ebef4a220a1ebe345de899ebb9ae394206fe921","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/89afe5e2dbea6e9d8e5f11324149d06fa3a4efca","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9feb2d1bf86d9e5e66b8565f37f8d3a7d281a772","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d073870dab8f6dadced81d13d273ff0b21cb7f4e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-31410","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-06T08:16:39.117","lastModified":"2026-05-20T16:11:09.233","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: use volume UUID in FS_OBJECT_ID_INFORMATION\n\nUse sb->s_uuid for a proper volume identifier as the primary choice.\nFor filesystems that do not provide a UUID, fall back to stfs.f_fsid\nobtained from vfs_statfs()."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"6.12.78","matchCriteriaId":"E700F195-6718-4EBD-AE96-25DF6A4EB20D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.20","matchCriteriaId":"E5571059-6552-48E7-9BEF-3E358C387171"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.10","matchCriteriaId":"96D34333-38BE-4414-9E79-6EB764329581"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3a64125730cabc34fccfbc230c2667c2e14f7308","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3d80ebe6d1b7bc9ad20fd9b0c1a0c56d804f8a0a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c283a6ffe6d5d6e5594d991286b9ce15951572e1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ce00616bc1df675bfdacc968f2bf7c51f4669227","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-31411","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-08T14:16:27.977","lastModified":"2026-05-20T16:03:38.647","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: atm: fix crash due to unvalidated vcc pointer in sigd_send()\n\nReproducer available at [1].\n\nThe ATM send path (sendmsg -> vcc_sendmsg -> sigd_send) reads the vcc\npointer from msg->vcc and uses it directly without any validation. This\npointer comes from userspace via sendmsg() and can be arbitrarily forged:\n\n    int fd = socket(AF_ATMSVC, SOCK_DGRAM, 0);\n    ioctl(fd, ATMSIGD_CTRL);  // become ATM signaling daemon\n    struct msghdr msg = { .msg_iov = &iov, ... };\n    *(unsigned long *)(buf + 4) = 0xdeadbeef;  // fake vcc pointer\n    sendmsg(fd, &msg, 0);  // kernel dereferences 0xdeadbeef\n\nIn normal operation, the kernel sends the vcc pointer to the signaling\ndaemon via sigd_enq() when processing operations like connect(), bind(),\nor listen(). The daemon is expected to return the same pointer when\nresponding. However, a malicious daemon can send arbitrary pointer values.\n\nFix this by introducing find_get_vcc() which validates the pointer by\nsearching through vcc_hash (similar to how sigd_close() iterates over\nall VCCs), and acquires a reference via sock_hold() if found.\n\nSince struct atm_vcc embeds struct sock as its first member, they share\nthe same lifetime. Therefore using sock_hold/sock_put is sufficient to\nkeep the vcc alive while it is being used.\n\nNote that there may be a race with sigd_close() which could mark the vcc\nwith various flags (e.g., ATM_VF_RELEASED) after find_get_vcc() returns.\nHowever, sock_hold() guarantees the memory remains valid, so this race\nonly affects the logical state, not memory safety.\n\n[1]: https://gist.github.com/mrpre/1ba5949c45529c511152e2f4c755b0f3"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12.1","versionEndExcluding":"5.10.252","matchCriteriaId":"68B6D2AD-7565-4394-B77B-A1EEBCDF590F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.202","matchCriteriaId":"4002FC2B-1456-4666-B240-0EBF590C4671"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.165","matchCriteriaId":"797C7F46-D0BE-4FB8-A502-C5EF8E6B6654"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.128","matchCriteriaId":"851E9353-6C09-4CC9-877E-E09DB164A3C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*","matchCriteriaId":"4F76C298-81DC-43E4-8FC9-DC005A2116EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*","matchCriteriaId":"0AB349B2-3F78-4197-882B-90ADB3BF645A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*","matchCriteriaId":"6AC88830-A9BC-4607-B572-A4B502FC9FD0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*","matchCriteriaId":"476CB3A5-D022-4F13-AAEF-CB6A5785516A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*","matchCriteriaId":"512EE3A8-A590-4501-9A94-5D4B268D6138"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1c8bda3df028d5e54134077dcd09f46ca8cfceb5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/21c303fec138c002f90ed33bce60e807d53072bb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3e1a8b00095246a9a2b46b57f6d471c6d3c00ed2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/440c9a5fc477a8ee259d8bf669531250b8398651","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/69d3f9ee5489e6e8b66defcfa226e91d82393297","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ae88a5d2f29b69819dc7b04086734439d074a643","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c96549d07dfdd51aadf0722cfb40711574424840","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e3f80666c2739296c3b69a127300455c43aa1067","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-31412","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-10T11:16:22.967","lastModified":"2026-05-20T15:54:46.070","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_mass_storage: Fix potential integer overflow in check_command_size_in_blocks()\n\nThe `check_command_size_in_blocks()` function calculates the data size\nin bytes by left shifting `common->data_size_from_cmnd` by the block\nsize (`common->curlun->blkbits`). However, it does not validate whether\nthis shift operation will cause an integer overflow.\n\nInitially, the block size is set up in `fsg_lun_open()` , and the\n`common->data_size_from_cmnd` is set up in `do_scsi_command()`. During\ninitialization, there is no integer overflow check for the interaction\nbetween two variables.\n\nSo if a malicious USB host sends a SCSI READ or WRITE command\nrequesting a large amount of data (`common->data_size_from_cmnd`), the\nleft shift operation can wrap around. This results in a truncated data\nsize, which can bypass boundary checks and potentially lead to memory\ncorruption or out-of-bounds accesses.\n\nFix this by using the check_shl_overflow() macro to safely perform the\nshift and catch any overflows."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.3","versionEndExcluding":"6.1.167","matchCriteriaId":"BDC4AAED-D1FA-456B-BA2C-EB168B6B2315"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/228b37936376143f4b60cc6828663f6eaceb81b5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3428dc5520c811e66622b2f5fa43341bf9a1f8b3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/387ebb0453b99d71491419a5dc4ab4bee0cacbac","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8479891d1f04a8ce55366fe4ca361ccdb96f02e1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/91817ad5452defe69bc7bc0e355f0ed5d01125cc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ce0caaed5940162780c5c223b8ae54968a5f059b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-6068","sourceIdentifier":"cret@cert.org","published":"2026-04-10T14:16:38.723","lastModified":"2026-05-20T14:17:02.973","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"NASM contains a heap use after free vulnerability in response file (-@) processing where a dangling pointer to freed memory is stored in the global depend_file and later dereferenced, as the response-file buffer is freed before the pointer is used, allowing for data corruption or remote code execution."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nasm:netwide_assembler:3.02:rc5:*:*:*:*:*:*","matchCriteriaId":"EA22EDB2-D094-433E-887D-A211FEC02A90"}]}]}],"references":[{"url":"https://github.com/netwide-assembler/nasm/issues/222","source":"cret@cert.org","tags":["Exploit","Issue Tracking"]},{"url":"https://sekai.team/blog/nasm-cve-disclosure/cve-2026-6068","source":"cret@cert.org"}]}},{"cve":{"id":"CVE-2026-31413","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-12T06:16:20.050","lastModified":"2026-05-20T15:49:24.983","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix unsound scalar forking in maybe_fork_scalars() for BPF_OR\n\nmaybe_fork_scalars() is called for both BPF_AND and BPF_OR when the\nsource operand is a constant.  When dst has signed range [-1, 0], it\nforks the verifier state: the pushed path gets dst = 0, the current\npath gets dst = -1.\n\nFor BPF_AND this is correct: 0 & K == 0.\nFor BPF_OR this is wrong:    0 | K == K, not 0.\n\nThe pushed path therefore tracks dst as 0 when the runtime value is K,\nproducing an exploitable verifier/runtime divergence that allows\nout-of-bounds map access.\n\nFix this by passing env->insn_idx (instead of env->insn_idx + 1) to\npush_stack(), so the pushed path re-executes the ALU instruction with\ndst = 0 and naturally computes the correct result for any opcode."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12.75","versionEndExcluding":"6.12.80","matchCriteriaId":"E823EB64-1F92-40BB-891C-D94D00EDA086"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.18.16","versionEndExcluding":"6.18.21","matchCriteriaId":"6C57E63A-04BA-47E0-A942-789F7236A636"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19.6","versionEndExcluding":"6.19.11","matchCriteriaId":"1BFE33C3-C605-4CC2-9F15-3494BA78E2C9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/342aa1ee995ef5bbf876096dc3a5e51218d76fa4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/58bd87d0e69204dbd739e4387a1edb0c4b1644e7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c845894ebd6fb43226b3118d6b017942550910c5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d13281ae7ea8902b21d99d10a2c8caf0bdec0455","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-31414","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-13T14:16:10.537","lastModified":"2026-05-20T15:43:42.557","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_conntrack_expect: use expect->helper\n\nUse expect->helper in ctnetlink and /proc to dump the helper name.\nUsing nfct_help() without holding a reference to the master conntrack\nis unsafe.\n\nUse exp->master->helper in ctnetlink path if userspace does not provide\nan explicit helper when creating an expectation to retain the existing\nbehaviour. The ctnetlink expectation path holds the reference on the\nmaster conntrack and nf_conntrack_expect lock and the nfnetlink glue\npath refers to the master ct that is attached to the skb."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.30","versionEndExcluding":"6.1.168","matchCriteriaId":"FA3F529A-7902-49EA-972B-CF381C3A0208"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.134","matchCriteriaId":"F56F925B-BAF8-4F4B-B62F-1496AF19A307"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.81","matchCriteriaId":"6EF80433-B33B-43C5-8E64-0FA7B8DCE1BC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.22","matchCriteriaId":"C9DF8BCE-36D3-475D-9D21-19E4F02F9029"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.12","matchCriteriaId":"0A2B9540-02D5-41B4-B16A-82AF66FD4F36"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3dfd3f7712b5a800f2ba632179e9b738076a51f0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4bd1b3d839172724b33d8d02c5a4ff6a1c775417","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/847cb7fe26c5ce5dce0d1a41fac1ea488b7f1781","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b53294bff19e56ada2f230ceb8b1ffde61cc3817","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e7ccaa0a62a8ff2be5d521299ce79390c318d306","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f01794106042ee27e54af6fdf5b319a2fe3df94d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-31415","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-13T14:16:10.707","lastModified":"2026-05-20T15:41:05.197","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: avoid overflows in ip6_datagram_send_ctl()\n\nYiming Qian reported :\n<quote>\n I believe I found a locally triggerable kernel bug in the IPv6 sendmsg\n ancillary-data path that can panic the kernel via `skb_under_panic()`\n (local DoS).\n\n The core issue is a mismatch between:\n\n - a 16-bit length accumulator (`struct ipv6_txoptions::opt_flen`, type\n `__u16`) and\n - a pointer to the *last* provided destination-options header (`opt->dst1opt`)\n\n when multiple `IPV6_DSTOPTS` control messages (cmsgs) are provided.\n\n - `include/net/ipv6.h`:\n   - `struct ipv6_txoptions::opt_flen` is `__u16` (wrap possible).\n (lines 291-307, especially 298)\n - `net/ipv6/datagram.c:ip6_datagram_send_ctl()`:\n   - Accepts repeated `IPV6_DSTOPTS` and accumulates into `opt_flen`\n without rejecting duplicates. (lines 909-933)\n - `net/ipv6/ip6_output.c:__ip6_append_data()`:\n   - Uses `opt->opt_flen + opt->opt_nflen` to compute header\n sizes/headroom decisions. (lines 1448-1466, especially 1463-1465)\n - `net/ipv6/ip6_output.c:__ip6_make_skb()`:\n   - Calls `ipv6_push_frag_opts()` if `opt->opt_flen` is non-zero.\n (lines 1930-1934)\n - `net/ipv6/exthdrs.c:ipv6_push_frag_opts()` / `ipv6_push_exthdr()`:\n   - Push size comes from `ipv6_optlen(opt->dst1opt)` (based on the\n pointed-to header). (lines 1179-1185 and 1206-1211)\n\n 1. `opt_flen` is a 16-bit accumulator:\n\n - `include/net/ipv6.h:298` defines `__u16 opt_flen; /* after fragment hdr */`.\n\n 2. `ip6_datagram_send_ctl()` accepts *repeated* `IPV6_DSTOPTS` cmsgs\n and increments `opt_flen` each time:\n\n - In `net/ipv6/datagram.c:909-933`, for `IPV6_DSTOPTS`:\n   - It computes `len = ((hdr->hdrlen + 1) << 3);`\n   - It checks `CAP_NET_RAW` using `ns_capable(net->user_ns,\n CAP_NET_RAW)`. (line 922)\n   - Then it does:\n     - `opt->opt_flen += len;` (line 927)\n     - `opt->dst1opt = hdr;` (line 928)\n\n There is no duplicate rejection here (unlike the legacy\n `IPV6_2292DSTOPTS` path which rejects duplicates at\n `net/ipv6/datagram.c:901-904`).\n\n If enough large `IPV6_DSTOPTS` cmsgs are provided, `opt_flen` wraps\n while `dst1opt` still points to a large (2048-byte)\n destination-options header.\n\n In the attached PoC (`poc.c`):\n\n - 32 cmsgs with `hdrlen=255` => `len = (255+1)*8 = 2048`\n - 1 cmsg with `hdrlen=0` => `len = 8`\n - Total increment: `32*2048 + 8 = 65544`, so `(__u16)opt_flen == 8`\n - The last cmsg is 2048 bytes, so `dst1opt` points to a 2048-byte header.\n\n 3. The transmit path sizes headers using the wrapped `opt_flen`:\n\n- In `net/ipv6/ip6_output.c:1463-1465`:\n  - `headersize = sizeof(struct ipv6hdr) + (opt ? opt->opt_flen +\n opt->opt_nflen : 0) + ...;`\n\n With wrapped `opt_flen`, `headersize`/headroom decisions underestimate\n what will be pushed later.\n\n 4. When building the final skb, the actual push length comes from\n `dst1opt` and is not limited by wrapped `opt_flen`:\n\n - In `net/ipv6/ip6_output.c:1930-1934`:\n   - `if (opt->opt_flen) proto = ipv6_push_frag_opts(skb, opt, proto);`\n - In `net/ipv6/exthdrs.c:1206-1211`, `ipv6_push_frag_opts()` pushes\n `dst1opt` via `ipv6_push_exthdr()`.\n - In `net/ipv6/exthdrs.c:1179-1184`, `ipv6_push_exthdr()` does:\n   - `skb_push(skb, ipv6_optlen(opt));`\n   - `memcpy(h, opt, ipv6_optlen(opt));`\n\n With insufficient headroom, `skb_push()` underflows and triggers\n `skb_under_panic()` -> `BUG()`:\n\n - `net/core/skbuff.c:2669-2675` (`skb_push()` calls `skb_under_panic()`)\n - `net/core/skbuff.c:207-214` (`skb_panic()` ends in `BUG()`)\n\n - The `IPV6_DSTOPTS` cmsg path requires `CAP_NET_RAW` in the target\n netns user namespace (`ns_capable(net->user_ns, CAP_NET_RAW)`).\n - Root (or any task with `CAP_NET_RAW`) can trigger this without user\n namespaces.\n - An unprivileged `uid=1000` user can trigger this if unprivileged\n user namespaces are enabled and it can create a userns+netns to obtain\n namespaced `CAP_NET_RAW` (the attached PoC does this).\n\n - Local denial of service: kernel BUG/panic (system crash).\n -\n---truncated---"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-617"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.14","versionEndExcluding":"5.10.253","matchCriteriaId":"DE13CD56-EF71-4FB6-8909-29C447FC8FE7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.168","matchCriteriaId":"E2DDDCA1-6DAB-4018-B920-8F045DDD8D3B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.134","matchCriteriaId":"F56F925B-BAF8-4F4B-B62F-1496AF19A307"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.81","matchCriteriaId":"6EF80433-B33B-43C5-8E64-0FA7B8DCE1BC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.22","matchCriteriaId":"C9DF8BCE-36D3-475D-9D21-19E4F02F9029"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.12","matchCriteriaId":"0A2B9540-02D5-41B4-B16A-82AF66FD4F36"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*","matchCriteriaId":"512EE3A8-A590-4501-9A94-5D4B268D6138"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0bdaf54d3aaddfe8df29371260fa8d4939b4fd6f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2dbfb003bbf3fc0e94f07efefab0ebcf83029a2a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4082f9984a694829153115d28c956a3534f52f29","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4e453375561fc60820e6b9d8ebeb6b3ee177d42e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5e4ee5dbea134e9257f205e31a96040bed71e83f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/63fda74885555e6bd1623b5d811feec998740ba4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/872b74900d5daa37067ac676d9001bb929fc6a2a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9ed81d692758dfb9471d7799b24bfa7a08224c31","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-31416","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-13T14:16:10.907","lastModified":"2026-05-20T15:36:14.193","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nfnetlink_log: account for netlink header size\n\nThis is a followup to an old bug fix: NLMSG_DONE needs to account\nfor the netlink header size, not just the attribute size.\n\nThis can result in a WARN splat + drop of the netlink message,\nbut other than this there are no ill effects."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.10.61","versionEndExcluding":"3.11","matchCriteriaId":"8ABB7CF9-8D4E-413E-8EDC-DA5A95E13F5A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.12.34","versionEndExcluding":"3.13","matchCriteriaId":"18FF6293-6F8F-498F-8308-90E63A1F50C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.14.25","versionEndExcluding":"3.15","matchCriteriaId":"4CFF2573-7851-4AF4-957E-F311413FD9BB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.18","versionEndExcluding":"5.10.253","matchCriteriaId":"2D6F1017-3BB6-4EFD-AFC1-8429E91D98BB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.168","matchCriteriaId":"E2DDDCA1-6DAB-4018-B920-8F045DDD8D3B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.134","matchCriteriaId":"F56F925B-BAF8-4F4B-B62F-1496AF19A307"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.81","matchCriteriaId":"6EF80433-B33B-43C5-8E64-0FA7B8DCE1BC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.22","matchCriteriaId":"C9DF8BCE-36D3-475D-9D21-19E4F02F9029"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.12","matchCriteriaId":"0A2B9540-02D5-41B4-B16A-82AF66FD4F36"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*","matchCriteriaId":"512EE3A8-A590-4501-9A94-5D4B268D6138"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/09883bf257f4243ed5a1fd35078ec6f0d0f3696a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4ec216410fac9de83c99177a160ebb8d42fad075","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/607245c4dbb86d9a10dd8388da0fb82170a99b61","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6b419700e459fbf707ca1543b7c1b57a60fedb73","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6d52a4a0520a6696bdde51caa11f2d6821cd0c01","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/761b45c661af48da6a065868d59ab1e1f64fd9b6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/88a8f56e6276f616baad4274c6b8e4683e26e520","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f08ffa3e1c8e36b6131f69c5eb23700c28cbd262","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-31417","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-13T14:16:11.097","lastModified":"2026-05-20T19:34:29.973","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/x25: Fix overflow when accumulating packets\n\nAdd a check to ensure that `x25_sock.fraglen` does not overflow.\n\nThe `fraglen` also needs to be resetted when purging `fragment_queue` in\n`x25_clear_queues()`."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-191"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12.1","versionEndExcluding":"5.10.253","matchCriteriaId":"5F0E43E1-33E5-4828-9B4A-F710AF2E7217"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.168","matchCriteriaId":"E2DDDCA1-6DAB-4018-B920-8F045DDD8D3B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.134","matchCriteriaId":"F56F925B-BAF8-4F4B-B62F-1496AF19A307"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.81","matchCriteriaId":"6EF80433-B33B-43C5-8E64-0FA7B8DCE1BC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.22","matchCriteriaId":"C9DF8BCE-36D3-475D-9D21-19E4F02F9029"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.12","matchCriteriaId":"0A2B9540-02D5-41B4-B16A-82AF66FD4F36"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*","matchCriteriaId":"6F62EECE-8FB1-4D57-85D8-CB9E23CF313C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*","matchCriteriaId":"4F76C298-81DC-43E4-8FC9-DC005A2116EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*","matchCriteriaId":"0AB349B2-3F78-4197-882B-90ADB3BF645A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*","matchCriteriaId":"6AC88830-A9BC-4607-B572-A4B502FC9FD0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*","matchCriteriaId":"476CB3A5-D022-4F13-AAEF-CB6A5785516A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc6:*:*:*:*:*:*","matchCriteriaId":"8CFD5CDD-1709-44C7-82BD-BAFDC46990D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1734bd85c5e0a7a801295b729efb56b009cb8fc3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4e2d1bcef78d21247fe8fef13bc7ed95885df2b5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6e568835ea54a3e1d08e310e34f95d434e739477","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/798d613afb64b01a203f448fb0f43c37c6afe79d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8c92969c197b91c134be27dc3afb64ab468853a9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/96fc16370b0bceb289c7e0479bd0540b81e257aa","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a1822cb524e89b4cd2cf0b82e484a2335496a6d9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f953f11ccf4afe6feb635c08145f4240d9a6b544","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-31418","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-13T14:16:11.267","lastModified":"2026-05-20T19:32:14.053","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ipset: drop logically empty buckets in mtype_del\n\nmtype_del() counts empty slots below n->pos in k, but it only drops the\nbucket when both n->pos and k are zero. This misses buckets whose live\nentries have all been removed while n->pos still points past deleted slots.\n\nTreat a bucket as empty when all positions below n->pos are unused and\nrelease it directly instead of shrinking it further."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.24","versionEndExcluding":"5.5","matchCriteriaId":"BB4BEAA2-F466-4E3C-8EA8-F01B409EE01F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5.8","versionEndExcluding":"5.6","matchCriteriaId":"E3C9E794-4183-4A8B-8E8E-FBBD9B334429"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6.1","versionEndExcluding":"5.10.253","matchCriteriaId":"4F8ED570-37E2-4ED4-AF42-BCE310D198D4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.168","matchCriteriaId":"E2DDDCA1-6DAB-4018-B920-8F045DDD8D3B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.134","matchCriteriaId":"F56F925B-BAF8-4F4B-B62F-1496AF19A307"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.81","matchCriteriaId":"6EF80433-B33B-43C5-8E64-0FA7B8DCE1BC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.22","matchCriteriaId":"C9DF8BCE-36D3-475D-9D21-19E4F02F9029"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.12","matchCriteriaId":"0A2B9540-02D5-41B4-B16A-82AF66FD4F36"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.6:-:*:*:*:*:*:*","matchCriteriaId":"A92F7A0E-C302-4FEA-9EF3-1A3D5CF3AD54"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.6:rc4:*:*:*:*:*:*","matchCriteriaId":"DC0C894E-6323-44E5-89DD-8FB6A5C41CAF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.6:rc5:*:*:*:*:*:*","matchCriteriaId":"4C76EAC9-C2E6-4B6F-B002-ADBE74DDD794"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.6:rc6:*:*:*:*:*:*","matchCriteriaId":"F13B8FBF-E007-4F60-A290-2833B45F8520"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.6:rc7:*:*:*:*:*:*","matchCriteriaId":"CD0276C4-2C60-4C52-AC89-F96DF991B858"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/58f3a14826d4e6b0d5421f1a64be280b48601ea2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/68ca0eea0af02bed36c5e2c13e9fa1647c31a7d4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6cea34d7ec6829b62f521a37a287f670144a2233","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9862ef9ab0a116c6dca98842aab7de13a252ae02","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ad92ee87462f9a3061361d392e9dbfe2e5c1c9fb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b7eef00f08b92b0b9efe8ae0df6d0005e6199323","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c098ff857e7ca923539164af5b3c2fe3e8f8afaf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ceacaa76f221a6577aba945bb8873c2e640aeba4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-31419","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-13T14:16:11.447","lastModified":"2026-05-20T19:32:49.557","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bonding: fix use-after-free in bond_xmit_broadcast()\n\nbond_xmit_broadcast() reuses the original skb for the last slave\n(determined by bond_is_last_slave()) and clones it for others.\nConcurrent slave enslave/release can mutate the slave list during\nRCU-protected iteration, changing which slave is \"last\" mid-loop.\nThis causes the original skb to be double-consumed (double-freed).\n\nReplace the racy bond_is_last_slave() check with a simple index\ncomparison (i + 1 == slaves_count) against the pre-snapshot slave\ncount taken via READ_ONCE() before the loop.  This preserves the\nzero-copy optimization for the last slave while making the \"last\"\ndetermination stable against concurrent list mutations.\n\nThe UAF can trigger the following crash:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in skb_clone\nRead of size 8 at addr ffff888100ef8d40 by task exploit/147\n\nCPU: 1 UID: 0 PID: 147 Comm: exploit Not tainted 7.0.0-rc3+ #4 PREEMPTLAZY\nCall Trace:\n <TASK>\n dump_stack_lvl (lib/dump_stack.c:123)\n print_report (mm/kasan/report.c:379 mm/kasan/report.c:482)\n kasan_report (mm/kasan/report.c:597)\n skb_clone (include/linux/skbuff.h:1724 include/linux/skbuff.h:1792 include/linux/skbuff.h:3396 net/core/skbuff.c:2108)\n bond_xmit_broadcast (drivers/net/bonding/bond_main.c:5334)\n bond_start_xmit (drivers/net/bonding/bond_main.c:5567 drivers/net/bonding/bond_main.c:5593)\n dev_hard_start_xmit (include/linux/netdevice.h:5325 include/linux/netdevice.h:5334 net/core/dev.c:3871 net/core/dev.c:3887)\n __dev_queue_xmit (include/linux/netdevice.h:3601 net/core/dev.c:4838)\n ip6_finish_output2 (include/net/neighbour.h:540 include/net/neighbour.h:554 net/ipv6/ip6_output.c:136)\n ip6_finish_output (net/ipv6/ip6_output.c:208 net/ipv6/ip6_output.c:219)\n ip6_output (net/ipv6/ip6_output.c:250)\n ip6_send_skb (net/ipv6/ip6_output.c:1985)\n udp_v6_send_skb (net/ipv6/udp.c:1442)\n udpv6_sendmsg (net/ipv6/udp.c:1733)\n __sys_sendto (net/socket.c:730 net/socket.c:742 net/socket.c:2206)\n __x64_sys_sendto (net/socket.c:2209)\n do_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n </TASK>\n\nAllocated by task 147:\n\nFreed by task 147:\n\nThe buggy address belongs to the object at ffff888100ef8c80\n which belongs to the cache skbuff_head_cache of size 224\nThe buggy address is located 192 bytes inside of\n freed 224-byte region [ffff888100ef8c80, ffff888100ef8d60)\n\nMemory state around the buggy address:\n ffff888100ef8c00: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc\n ffff888100ef8c80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n>ffff888100ef8d00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc\n                                                    ^\n ffff888100ef8d80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb\n ffff888100ef8e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n=================================================================="}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.94","versionEndExcluding":"5.11","matchCriteriaId":"D97173A0-CD12-4773-B2F5-A9037AAB0383"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.17","versionEndExcluding":"5.16","matchCriteriaId":"FE141E86-782B-4D36-B214-2FB7AC66A083"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16.3","versionEndExcluding":"5.17","matchCriteriaId":"7532EA4E-6958-4B4C-8270-4601DA8D95B6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.17","versionEndExcluding":"6.12.86","matchCriteriaId":"E9F33D27-F3AA-49EF-8A71-D0AA86C50602"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.22","matchCriteriaId":"C9DF8BCE-36D3-475D-9D21-19E4F02F9029"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.12","matchCriteriaId":"0A2B9540-02D5-41B4-B16A-82AF66FD4F36"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2884bf72fb8f03409e423397319205de48adca16","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3453882f36c40d2339267093676585a89808a73d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d4cc7e4c80b1634c7b1497574a2fdb18df6c026c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f5b94654a4a19891a8108d66ef166de6c028c6cd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-31420","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-13T14:16:11.617","lastModified":"2026-05-20T18:11:34.427","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbridge: mrp: reject zero test interval to avoid OOM panic\n\nbr_mrp_start_test() and br_mrp_start_in_test() accept the user-supplied\ninterval value from netlink without validation. When interval is 0,\nusecs_to_jiffies(0) yields 0, causing the delayed work\n(br_mrp_test_work_expired / br_mrp_in_test_work_expired) to reschedule\nitself with zero delay. This creates a tight loop on system_percpu_wq\nthat allocates and transmits MRP test frames at maximum rate, exhausting\nall system memory and causing a kernel panic via OOM deadlock.\n\nThe same zero-interval issue applies to br_mrp_start_in_test_parse()\nfor interconnect test frames.\n\nUse NLA_POLICY_MIN(NLA_U32, 1) in the nla_policy tables for both\nIFLA_BRIDGE_MRP_START_TEST_INTERVAL and\nIFLA_BRIDGE_MRP_START_IN_TEST_INTERVAL, so zero is rejected at the\nnetlink attribute parsing layer before the value ever reaches the\nworkqueue scheduling code. This is consistent with how other bridge\nsubsystems (br_fdb, br_mst) enforce range constraints on netlink\nattributes."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-667"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.8","versionEndExcluding":"6.19.12","matchCriteriaId":"B469E475-132D-4946-9735-CFEFE1A51CA7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/c9bc352f716d1bebfe43354bce539ec2d0223b30","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fa6e24963342de4370e3a3c9af41e38277b74cf3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-31421","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-13T14:16:11.740","lastModified":"2026-05-20T18:10:34.707","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: cls_fw: fix NULL pointer dereference on shared blocks\n\nThe old-method path in fw_classify() calls tcf_block_q() and\ndereferences q->handle.  Shared blocks leave block->q NULL, causing a\nNULL deref when an empty cls_fw filter is attached to a shared block\nand a packet with a nonzero major skb mark is classified.\n\nReject the configuration in fw_change() when the old method (no\nTCA_OPTIONS) is used on a shared block, since fw_classify()'s\nold-method path needs block->q which is NULL for shared blocks.\n\nThe fixed null-ptr-deref calling stack:\n KASAN: null-ptr-deref in range [0x0000000000000038-0x000000000000003f]\n RIP: 0010:fw_classify (net/sched/cls_fw.c:81)\n Call Trace:\n  tcf_classify (./include/net/tc_wrapper.h:197 net/sched/cls_api.c:1764 net/sched/cls_api.c:1860)\n  tc_run (net/core/dev.c:4401)\n  __dev_queue_xmit (net/core/dev.c:4535 net/core/dev.c:4790)"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"5.10.253","matchCriteriaId":"202FFB00-4CA7-44CB-ACA1-E88A2BF2264B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.168","matchCriteriaId":"E2DDDCA1-6DAB-4018-B920-8F045DDD8D3B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.134","matchCriteriaId":"F56F925B-BAF8-4F4B-B62F-1496AF19A307"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.81","matchCriteriaId":"6EF80433-B33B-43C5-8E64-0FA7B8DCE1BC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.22","matchCriteriaId":"C9DF8BCE-36D3-475D-9D21-19E4F02F9029"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.12","matchCriteriaId":"0A2B9540-02D5-41B4-B16A-82AF66FD4F36"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/18328eff2f97d1a6adcdb6d4a0f42f2f83a31e28","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3cb055df9e8625ce699a259d8178d67b37f2b160","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3d41f9a314afa94b1c7c7c75405920123220e8cd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5cf41031922c154aa5ccda8bcdb0f5e6226582ec","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/96426c348def662b06bfdc65be3002905604927a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d6d5bd62a09650856e1e2010eb09853eba0d64e1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/faeea8bbf6e958bf3c00cb08263109661975987c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/febf64ca79a2d6540ab6e5e197fa0f4f7e84473e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-31422","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-13T14:16:11.907","lastModified":"2026-05-20T18:08:43.857","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: cls_flow: fix NULL pointer dereference on shared blocks\n\nflow_change() calls tcf_block_q() and dereferences q->handle to derive\na default baseclass.  Shared blocks leave block->q NULL, causing a NULL\nderef when a flow filter without a fully qualified baseclass is created\non a shared block.\n\nCheck tcf_block_shared() before accessing block->q and return -EINVAL\nfor shared blocks.  This avoids the null-deref shown below:\n\n=======================================================================\nKASAN: null-ptr-deref in range [0x0000000000000038-0x000000000000003f]\nRIP: 0010:flow_change (net/sched/cls_flow.c:508)\nCall Trace:\n tc_new_tfilter (net/sched/cls_api.c:2432)\n rtnetlink_rcv_msg (net/core/rtnetlink.c:6980)\n [...]\n======================================================================="}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"5.10.253","matchCriteriaId":"202FFB00-4CA7-44CB-ACA1-E88A2BF2264B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.168","matchCriteriaId":"E2DDDCA1-6DAB-4018-B920-8F045DDD8D3B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.134","matchCriteriaId":"F56F925B-BAF8-4F4B-B62F-1496AF19A307"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.81","matchCriteriaId":"6EF80433-B33B-43C5-8E64-0FA7B8DCE1BC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.22","matchCriteriaId":"C9DF8BCE-36D3-475D-9D21-19E4F02F9029"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.12","matchCriteriaId":"0A2B9540-02D5-41B4-B16A-82AF66FD4F36"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1a280dd4bd1d616a01d6ffe0de284c907b555504","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/415ea0c973c754b9f375225807810eb9045f4293","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4a09f72007201c9f667dc47f64517ec23eea65e5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/57f94ac7e953eece5ed4819605a18f3cdfc63dcc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/942813276edeb1741fa5b0a73471beb4e495fa08","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9bf5fc36a43f7b8b5507c96e74fb81f1e8b4957e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a208c3e1232997e9317887294c20008dfcb75449","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cc707a4fd4c3b6ab2722e06bc359aa010e13d408","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-31423","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-13T14:16:12.070","lastModified":"2026-05-20T18:06:31.413","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: sch_hfsc: fix divide-by-zero in rtsc_min()\n\nm2sm() converts a u32 slope to a u64 scaled value.  For large inputs\n(e.g. m1=4000000000), the result can reach 2^32.  rtsc_min() stores\nthe difference of two such u64 values in a u32 variable `dsm` and\nuses it as a divisor.  When the difference is exactly 2^32 the\ntruncation yields zero, causing a divide-by-zero oops in the\nconcave-curve intersection path:\n\n  Oops: divide error: 0000\n  RIP: 0010:rtsc_min (net/sched/sch_hfsc.c:601)\n  Call Trace:\n   init_ed (net/sched/sch_hfsc.c:629)\n   hfsc_enqueue (net/sched/sch_hfsc.c:1569)\n   [...]\n\nWiden `dsm` to u64 and replace do_div() with div64_u64() so the full\ndifference is preserved."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-369"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12.1","versionEndExcluding":"5.10.253","matchCriteriaId":"5F0E43E1-33E5-4828-9B4A-F710AF2E7217"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.168","matchCriteriaId":"E2DDDCA1-6DAB-4018-B920-8F045DDD8D3B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.134","matchCriteriaId":"F56F925B-BAF8-4F4B-B62F-1496AF19A307"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.81","matchCriteriaId":"6EF80433-B33B-43C5-8E64-0FA7B8DCE1BC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.22","matchCriteriaId":"C9DF8BCE-36D3-475D-9D21-19E4F02F9029"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.12","matchCriteriaId":"0A2B9540-02D5-41B4-B16A-82AF66FD4F36"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*","matchCriteriaId":"6F62EECE-8FB1-4D57-85D8-CB9E23CF313C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*","matchCriteriaId":"4F76C298-81DC-43E4-8FC9-DC005A2116EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*","matchCriteriaId":"0AB349B2-3F78-4197-882B-90ADB3BF645A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*","matchCriteriaId":"6AC88830-A9BC-4607-B572-A4B502FC9FD0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*","matchCriteriaId":"476CB3A5-D022-4F13-AAEF-CB6A5785516A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/17c1b9807b8a67d676b6dcf749ee932ebaa7f568","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/25b6821884713a31e2b49fb67b0ebd765b33e0a9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4576100b8cd03118267513cafacde164b498b322","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ab1ff5890c7354afc7be56502fcfbd61f3b7ae4f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ad8e8fec40290a8c8cf145c0deaadf76f80c5163","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b9e6431cbea8bb1fae8069ed099b4ee100499835","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c56f78614e7781aaceca9bd3cb2128bf7d45c3bd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d0aefec1b1a1ba2c1d251028dc2c4e5b4ce1fea5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-31424","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-13T14:16:12.240","lastModified":"2026-05-20T18:01:27.643","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: x_tables: restrict xt_check_match/xt_check_target extensions for NFPROTO_ARP\n\nWeiming Shi says:\n\nxt_match and xt_target structs registered with NFPROTO_UNSPEC can be\nloaded by any protocol family through nft_compat. When such a\nmatch/target sets .hooks to restrict which hooks it may run on, the\nbitmask uses NF_INET_* constants. This is only correct for families\nwhose hook layout matches NF_INET_*: IPv4, IPv6, INET, and bridge\nall share the same five hooks (PRE_ROUTING ... POST_ROUTING).\n\nARP only has three hooks (IN=0, OUT=1, FORWARD=2) with different\nsemantics. Because NF_ARP_OUT == 1 == NF_INET_LOCAL_IN, the .hooks\nvalidation silently passes for the wrong reasons, allowing matches to\nrun on ARP chains where the hook assumptions (e.g. state->in being\nset on input hooks) do not hold. This leads to NULL pointer\ndereferences; xt_devgroup is one concrete example:\n\n Oops: general protection fault, probably for non-canonical address 0xdffffc0000000044: 0000 [#1] SMP KASAN NOPTI\n KASAN: null-ptr-deref in range [0x0000000000000220-0x0000000000000227]\n RIP: 0010:devgroup_mt+0xff/0x350\n Call Trace:\n  <TASK>\n  nft_match_eval (net/netfilter/nft_compat.c:407)\n  nft_do_chain (net/netfilter/nf_tables_core.c:285)\n  nft_do_chain_arp (net/netfilter/nft_chain_filter.c:61)\n  nf_hook_slow (net/netfilter/core.c:623)\n  arp_xmit (net/ipv4/arp.c:666)\n  </TASK>\n Kernel panic - not syncing: Fatal exception in interrupt\n\nFix it by restricting arptables to NFPROTO_ARP extensions only.\nNote that arptables-legacy only supports:\n\n- arpt_CLASSIFY\n- arpt_mangle\n- arpt_MARK\n\nthat provide explicit NFPROTO_ARP match/target declarations."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.39","versionEndExcluding":"5.10.253","matchCriteriaId":"7F082A45-BA68-4936-9749-2D8CC8B26C30"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.168","matchCriteriaId":"E2DDDCA1-6DAB-4018-B920-8F045DDD8D3B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.134","matchCriteriaId":"F56F925B-BAF8-4F4B-B62F-1496AF19A307"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.81","matchCriteriaId":"6EF80433-B33B-43C5-8E64-0FA7B8DCE1BC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.22","matchCriteriaId":"C9DF8BCE-36D3-475D-9D21-19E4F02F9029"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.12","matchCriteriaId":"0A2B9540-02D5-41B4-B16A-82AF66FD4F36"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1cd6313c8644bfebbd813a05da9daa21b09dd68c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3d5d488f11776738deab9da336038add95d342d1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3e79374b03bf9a2f282f0eb1d0ac3776f7e0f28a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/80e3c75f71c3ea1e62fcb032382de13e00a68f8b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d9a0af9e43416aa50c0595e15fa01365a1c72c49","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/dc3e27dd7d76e21106b8f9bbdc31f5da74a89014","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e7e1b6bcb389c8708003d40613a59ff2496f6b1f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f00ac65c90ea475719e08d629e2e26c8b4e6999b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-31425","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-13T14:16:12.420","lastModified":"2026-05-20T17:56:52.097","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nrds: ib: reject FRMR registration before IB connection is established\n\nrds_ib_get_mr() extracts the rds_ib_connection from conn->c_transport_data\nand passes it to rds_ib_reg_frmr() for FRWR memory registration. On a\nfresh outgoing connection, ic is allocated in rds_ib_conn_alloc() with\ni_cm_id = NULL because the connection worker has not yet called\nrds_ib_conn_path_connect() to create the rdma_cm_id. When sendmsg() with\nRDS_CMSG_RDMA_MAP is called on such a connection, the sendmsg path parses\nthe control message before any connection establishment, allowing\nrds_ib_post_reg_frmr() to dereference ic->i_cm_id->qp and crash the\nkernel.\n\nThe existing guard in rds_ib_reg_frmr() only checks for !ic (added in\ncommit 9e630bcb7701), which does not catch this case since ic is allocated\nearly and is always non-NULL once the connection object exists.\n\n KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\n RIP: 0010:rds_ib_post_reg_frmr+0x50e/0x920\n Call Trace:\n  rds_ib_post_reg_frmr (net/rds/ib_frmr.c:167)\n  rds_ib_map_frmr (net/rds/ib_frmr.c:252)\n  rds_ib_reg_frmr (net/rds/ib_frmr.c:430)\n  rds_ib_get_mr (net/rds/ib_rdma.c:615)\n  __rds_rdma_map (net/rds/rdma.c:295)\n  rds_cmsg_rdma_map (net/rds/rdma.c:860)\n  rds_sendmsg (net/rds/send.c:1363)\n  ____sys_sendmsg\n  do_syscall_64\n\nAdd a check in rds_ib_get_mr() that verifies ic, i_cm_id, and qp are all\nnon-NULL before proceeding with FRMR registration, mirroring the guard\nalready present in rds_ib_post_inv(). Return -ENODEV when the connection\nis not ready, which the existing error handling in rds_cmsg_send() converts\nto -EAGAIN for userspace retry and triggers rds_conn_connect_if_down() to\nstart the connection worker."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.6","versionEndExcluding":"5.10.253","matchCriteriaId":"02FB4629-3CFA-4F2B-8699-141F5385D64A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.168","matchCriteriaId":"E2DDDCA1-6DAB-4018-B920-8F045DDD8D3B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.134","matchCriteriaId":"F56F925B-BAF8-4F4B-B62F-1496AF19A307"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.81","matchCriteriaId":"6EF80433-B33B-43C5-8E64-0FA7B8DCE1BC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.22","matchCriteriaId":"C9DF8BCE-36D3-475D-9D21-19E4F02F9029"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.12","matchCriteriaId":"0A2B9540-02D5-41B4-B16A-82AF66FD4F36"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/23e07c340c445f0ebff7757ba15434cb447eb662","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/450ec93c0f172374acbf236f1f5f02d53650aa2d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/47de5b73db3b88f45c107393f26aeba26e9e8fae","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6b0a8de67ac0c74e1a7df92b73c862cb36780dfc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/82e4a3b56b23b844802056c9e75a39d24169b0a4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a54ecccfae62c5c85259ae5ea5d9c20009519049","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a5bfd14c9a299e6db4add4440430ee5e010b03ad","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c506456ebf84c50ed9327473d4e9bd905def212b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-31426","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-13T14:16:12.600","lastModified":"2026-05-20T17:55:22.650","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: EC: clean up handlers on probe failure in acpi_ec_setup()\n\nWhen ec_install_handlers() returns -EPROBE_DEFER on reduced-hardware\nplatforms, it has already started the EC and installed the address\nspace handler with the struct acpi_ec pointer as handler context.\nHowever, acpi_ec_setup() propagates the error without any cleanup.\n\nThe caller acpi_ec_add() then frees the struct acpi_ec for non-boot\ninstances, leaving a dangling handler context in ACPICA.\n\nAny subsequent AML evaluation that accesses an EC OpRegion field\ndispatches into acpi_ec_space_handler() with the freed pointer,\ncausing a use-after-free:\n\n BUG: KASAN: slab-use-after-free in mutex_lock (kernel/locking/mutex.c:289)\n Write of size 8 at addr ffff88800721de38 by task init/1\n Call Trace:\n  <TASK>\n  mutex_lock (kernel/locking/mutex.c:289)\n  acpi_ec_space_handler (drivers/acpi/ec.c:1362)\n  acpi_ev_address_space_dispatch (drivers/acpi/acpica/evregion.c:293)\n  acpi_ex_access_region (drivers/acpi/acpica/exfldio.c:246)\n  acpi_ex_field_datum_io (drivers/acpi/acpica/exfldio.c:509)\n  acpi_ex_extract_from_field (drivers/acpi/acpica/exfldio.c:700)\n  acpi_ex_read_data_from_field (drivers/acpi/acpica/exfield.c:327)\n  acpi_ex_resolve_node_to_value (drivers/acpi/acpica/exresolv.c:392)\n  </TASK>\n\n Allocated by task 1:\n  acpi_ec_alloc (drivers/acpi/ec.c:1424)\n  acpi_ec_add (drivers/acpi/ec.c:1692)\n\n Freed by task 1:\n  kfree (mm/slub.c:6876)\n  acpi_ec_add (drivers/acpi/ec.c:1751)\n\nThe bug triggers on reduced-hardware EC platforms (ec->gpe < 0)\nwhen the GPIO IRQ provider defers probing. Once the stale handler\nexists, any unprivileged sysfs read that causes AML to touch an\nEC OpRegion (battery, thermal, backlight) exercises the dangling\npointer.\n\nFix this by calling ec_remove_handlers() in the error path of\nacpi_ec_setup() before clearing first_ec. ec_remove_handlers()\nchecks each EC_FLAGS_* bit before acting, so it is safe to call\nregardless of how far ec_install_handlers() progressed:\n\n  -ENODEV  (handler not installed): only calls acpi_ec_stop()\n  -EPROBE_DEFER (handler installed): removes handler, stops EC"}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7","versionEndExcluding":"6.1.168","matchCriteriaId":"0910DB26-69F0-4F59-B2B3-DC2B0824D0F6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.131","matchCriteriaId":"CE6ED4D4-0046-4573-BFA9-D64143B6A89F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.80","matchCriteriaId":"97EB19EC-A11E-49C6-9D2F-6F6EC6CB98B6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.21","matchCriteriaId":"ED39847A-3B46-4729-B7CA-B2C30B9FA8FE"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.11","matchCriteriaId":"4CA2E747-A9EC-4518-9AA2-B4247FC748B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.7:-:*:*:*:*:*:*","matchCriteriaId":"3D23CE42-BDB2-4216-8495-230ABE98FCDD"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/022d1727f33ff90b3e1775125264e3023901952e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/808c0f156f48d5b8ca34088cbbfba8444e606cbc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9c886e63b69658959633937e3acb7ca8addf7499","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/be1a827e15991e874e0d5222d0ea5fdad01960fe","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d04c007047c88158141d9bd5eac761cdadd3782c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f6484cadbcaf26b5844b51bd7307a663dda48ef6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-31427","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-13T14:16:12.783","lastModified":"2026-05-20T19:27:17.860","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_conntrack_sip: fix use of uninitialized rtp_addr in process_sdp\n\nprocess_sdp() declares union nf_inet_addr rtp_addr on the stack and\npasses it to the nf_nat_sip sdp_session hook after walking the SDP\nmedia descriptions. However rtp_addr is only initialized inside the\nmedia loop when a recognized media type with a non-zero port is found.\n\nIf the SDP body contains no m= lines, only inactive media sections\n(m=audio 0 ...) or only unrecognized media types, rtp_addr is never\nassigned. Despite that, the function still calls hooks->sdp_session()\nwith &rtp_addr, causing nf_nat_sdp_session() to format the stale stack\nvalue as an IP address and rewrite the SDP session owner and connection\nlines with it.\n\nWith CONFIG_INIT_STACK_ALL_ZERO (default on most distributions) this\nresults in the session-level o= and c= addresses being rewritten to\n0.0.0.0 for inactive SDP sessions. Without stack auto-init the\nrewritten address is whatever happened to be on the stack.\n\nFix this by pre-initializing rtp_addr from the session-level connection\naddress (caddr) when available, and tracking via a have_rtp_addr flag\nwhether any valid address was established. Skip the sdp_session hook\nentirely when no valid address exists."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-908"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.26","versionEndExcluding":"5.10.253","matchCriteriaId":"12FCCED5-075B-4D9E-9684-F4F99BF08DE6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.168","matchCriteriaId":"E2DDDCA1-6DAB-4018-B920-8F045DDD8D3B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.131","matchCriteriaId":"CE6ED4D4-0046-4573-BFA9-D64143B6A89F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.80","matchCriteriaId":"97EB19EC-A11E-49C6-9D2F-6F6EC6CB98B6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.21","matchCriteriaId":"ED39847A-3B46-4729-B7CA-B2C30B9FA8FE"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.11","matchCriteriaId":"4CA2E747-A9EC-4518-9AA2-B4247FC748B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/01f34a80ac23ae90b1909b94b4ed05343a62f646","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/52fdda318ef2362fc5936385bcb8b3d0328ee629","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6a2b724460cb67caed500c508c2ae5cf012e4db4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6e5e3c87b7e6212f1d8414fc2e4d158b01e12025","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7edca70751b9bdb5b83eed53cde21eccf3c86147","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/82baeb871e8f04906bc886273fdf0209e1754eb3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/faa6ea32797a1847790514ff0da1be1d09771580","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fe463e76c9b4b0b43b5ee8961b4c500231f1a3f6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-31428","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-13T14:16:12.957","lastModified":"2026-05-20T19:24:58.320","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nfnetlink_log: fix uninitialized padding leak in NFULA_PAYLOAD\n\n__build_packet_message() manually constructs the NFULA_PAYLOAD netlink\nattribute using skb_put() and skb_copy_bits(), bypassing the standard\nnla_reserve()/nla_put() helpers. While nla_total_size(data_len) bytes\nare allocated (including NLA alignment padding), only data_len bytes\nof actual packet data are copied. The trailing nla_padlen(data_len)\nbytes (1-3 when data_len is not 4-byte aligned) are never initialized,\nleaking stale heap contents to userspace via the NFLOG netlink socket.\n\nReplace the manual attribute construction with nla_reserve(), which\nhandles the tailroom check, header setup, and padding zeroing via\n__nla_reserve(). The subsequent skb_copy_bits() fills in the payload\ndata on top of the properly initialized attribute."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-908"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.24","versionEndExcluding":"5.10.253","matchCriteriaId":"23F88A56-E27D-46A7-B32C-65333C046B72"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.168","matchCriteriaId":"E2DDDCA1-6DAB-4018-B920-8F045DDD8D3B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.131","matchCriteriaId":"CE6ED4D4-0046-4573-BFA9-D64143B6A89F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.80","matchCriteriaId":"97EB19EC-A11E-49C6-9D2F-6F6EC6CB98B6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.21","matchCriteriaId":"ED39847A-3B46-4729-B7CA-B2C30B9FA8FE"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.11","matchCriteriaId":"4CA2E747-A9EC-4518-9AA2-B4247FC748B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/21d8efda029948d3666b0db5afcc0d36c0984aae","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/52025ebaa29f4eb4ed8bf92ce83a68f24ab7fdf7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7eff72968161fb8ddb26113344de3b92fb7d7ef5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7f3e5d72455936f42709116fabeca3bb216cda62","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a2f6ff3444b663d6cfa63eadd61327a18592885a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a8365d1064ded323797c5e28e91070c52f44b76c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c9f6c51d36482805ac3ffadb9663fe775a13e926","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fc961dd7272b5e4a462999635e44a4770d7f2482","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-31429","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-20T10:16:16.737","lastModified":"2026-05-20T19:23:01.650","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: skb: fix cross-cache free of KFENCE-allocated skb head\n\nSKB_SMALL_HEAD_CACHE_SIZE is intentionally set to a non-power-of-2\nvalue (e.g. 704 on x86_64) to avoid collisions with generic kmalloc\nbucket sizes. This ensures that skb_kfree_head() can reliably use\nskb_end_offset to distinguish skb heads allocated from\nskb_small_head_cache vs. generic kmalloc caches.\n\nHowever, when KFENCE is enabled, kfence_ksize() returns the exact\nrequested allocation size instead of the slab bucket size. If a caller\n(e.g. bpf_test_init) allocates skb head data via kzalloc() and the\nrequested size happens to equal SKB_SMALL_HEAD_CACHE_SIZE, then\nslab_build_skb() -> ksize() returns that exact value. After subtracting\nskb_shared_info overhead, skb_end_offset ends up matching\nSKB_SMALL_HEAD_HEADROOM, causing skb_kfree_head() to incorrectly free\nthe object to skb_small_head_cache instead of back to the original\nkmalloc cache, resulting in a slab cross-cache free:\n\n  kmem_cache_free(skbuff_small_head): Wrong slab cache. Expected\n  skbuff_small_head but got kmalloc-1k\n\nFix this by always calling kfree(head) in skb_kfree_head(). This keeps\nthe free path generic and avoids allocator-specific misclassification\nfor KFENCE objects."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.3","versionEndExcluding":"6.6.136","matchCriteriaId":"CEC191DD-B9E5-4BBF-87F3-133C249BE806"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.82","matchCriteriaId":"02904CAE-71D2-45B3-9EC3-F6A9D18B6307"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.23","matchCriteriaId":"E9E09FDD-9EE3-4A56-92E2-2B30AFD0072F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.13","matchCriteriaId":"1490EF9B-9080-481C-8D22-1306AAE664E4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*","matchCriteriaId":"512EE3A8-A590-4501-9A94-5D4B268D6138"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0f42e3f4fe2a58394e37241d02d9ca6ab7b7d516","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/128b03ccb2582a643983a48a37fda58df80edbde","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2d64618ea846d8d033477311f805ca487d6a6696","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/474e00b935db250cac320d10c1d3cf4e44b46721","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/60313768a8edc7094435975587c00c2d7b834083","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-6843","sourceIdentifier":"secalert@redhat.com","published":"2026-04-22T09:16:26.963","lastModified":"2026-05-20T14:10:44.400","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in nano. A local user could exploit a format string vulnerability in the `statusline()` function. By creating a directory with a name containing `printf` specifiers, the application attempts to display this name, leading to a segmentation fault (SEGV). This results in a Denial of Service (DoS) for the `nano` application."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Primary","description":[{"lang":"en","value":"CWE-134"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:nano:8.7:*:*:*:*:*:*:*","matchCriteriaId":"F492FE65-9914-49F9-998F-A33A20E854C7"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*","matchCriteriaId":"932D137F-528B-4526-9A89-CD59FA1AB0FE"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","matchCriteriaId":"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-6843","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460017","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-6844","sourceIdentifier":"secalert@redhat.com","published":"2026-04-22T09:16:27.140","lastModified":"2026-05-20T14:00:12.307","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in the `readelf` utility of the binutils package. A local attacker could exploit two Denial of Service (DoS) vulnerabilities by providing a specially crafted Executable and Linkable Format (ELF) file. One vulnerability, a resource exhaustion (CWE-400), can lead to an out-of-memory condition. The other, a null pointer dereference (CWE-476), can cause a segmentation fault. Both issues can result in the `readelf` utility becoming unresponsive or crashing, leading to a denial of service."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Primary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:binutils:-:*:*:*:*:*:*:*","matchCriteriaId":"70CA109B-85B9-4EF2-9A5F-A7D12F6EA878"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:hardened_images:-:*:*:*:*:*:*:*","matchCriteriaId":"87DEB507-5B64-47D7-9A50-3B87FD1E571F"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*","matchCriteriaId":"932D137F-528B-4526-9A89-CD59FA1AB0FE"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-6844","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460016","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-6845","sourceIdentifier":"secalert@redhat.com","published":"2026-04-22T09:16:27.373","lastModified":"2026-05-20T13:58:17.100","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in binutils, specifically within the `readelf` utility. This vulnerability allows a local attacker to cause a Denial of Service (DoS) by tricking a user into processing a specially crafted Executable and Linkable Format (ELF) file. The exploitation of this flaw can lead to the system becoming unresponsive due to excessive resource consumption or a program crash."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":3.6}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:binutils:-:*:*:*:*:*:*:*","matchCriteriaId":"70CA109B-85B9-4EF2-9A5F-A7D12F6EA878"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:hardened_images:-:*:*:*:*:*:*:*","matchCriteriaId":"87DEB507-5B64-47D7-9A50-3B87FD1E571F"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*","matchCriteriaId":"932D137F-528B-4526-9A89-CD59FA1AB0FE"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","matchCriteriaId":"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-6845","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460012","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-6846","sourceIdentifier":"secalert@redhat.com","published":"2026-04-22T09:16:27.607","lastModified":"2026-05-20T13:47:30.747","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended Common Object File Format) object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitrary code execution, allowing the attacker to run unauthorized commands, or cause a denial of service, making the system unavailable."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*","versionEndIncluding":"2.46","matchCriteriaId":"18449381-54BD-4732-A531-D44935A3ADAE"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:hardened_images:-:*:*:*:*:*:*:*","matchCriteriaId":"87DEB507-5B64-47D7-9A50-3B87FD1E571F"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*","matchCriteriaId":"932D137F-528B-4526-9A89-CD59FA1AB0FE"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","matchCriteriaId":"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-6846","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460006","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-6848","sourceIdentifier":"secalert@redhat.com","published":"2026-04-22T10:16:52.347","lastModified":"2026-05-20T13:38:24.593","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive operations, such as token generation or robot account creation, the re-authentication prompt can be bypassed. This allows a user with a timed-out session, or an attacker with access to an idle authenticated browser session, to perform privileged actions without providing valid credentials. The vulnerability enables unauthorized execution of sensitive operations despite the user interface displaying an error for invalid credentials."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Primary","description":[{"lang":"en","value":"CWE-613"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B1987BDA-0113-4603-B9BE-76647EB043F2"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-6848","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460119","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-6855","sourceIdentifier":"secalert@redhat.com","published":"2026-04-22T13:16:22.410","lastModified":"2026-05-20T13:20:33.817","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in InstructLab. A local attacker could exploit a path traversal vulnerability in the chat session handler by manipulating the `logs_dir` parameter. This allows the attacker to create new directories and write files to arbitrary locations on the system, potentially leading to unauthorized data modification or disclosure."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:instructlab:-:*:*:*:*:*:*:*","matchCriteriaId":"F16DE2EF-B42B-4D18-B9E4-3114EBBD65B1"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_ai:3.0:*:*:*:*:*:*:*","matchCriteriaId":"531FF57A-65AE-482C-9A43-D1F2ECAD6ED0"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-6855","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460013","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-31434","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-22T14:16:36.533","lastModified":"2026-05-20T15:11:33.287","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix leak of kobject name for sub-group space_info\n\nWhen create_space_info_sub_group() allocates elements of\nspace_info->sub_group[], kobject_init_and_add() is called for each\nelement via btrfs_sysfs_add_space_info_type(). However, when\ncheck_removing_space_info() frees these elements, it does not call\nbtrfs_sysfs_remove_space_info() on them. As a result, kobject_put() is\nnot called and the associated kobj->name objects are leaked.\n\nThis memory leak is reproduced by running the blktests test case\nzbd/009 on kernels built with CONFIG_DEBUG_KMEMLEAK. The kmemleak\nfeature reports the following error:\n\nunreferenced object 0xffff888112877d40 (size 16):\n  comm \"mount\", pid 1244, jiffies 4294996972\n  hex dump (first 16 bytes):\n    64 61 74 61 2d 72 65 6c 6f 63 00 c4 c6 a7 cb 7f  data-reloc......\n  backtrace (crc 53ffde4d):\n    __kmalloc_node_track_caller_noprof+0x619/0x870\n    kstrdup+0x42/0xc0\n    kobject_set_name_vargs+0x44/0x110\n    kobject_init_and_add+0xcf/0x150\n    btrfs_sysfs_add_space_info_type+0xfc/0x210 [btrfs]\n    create_space_info_sub_group.constprop.0+0xfb/0x1b0 [btrfs]\n    create_space_info+0x211/0x320 [btrfs]\n    btrfs_init_space_info+0x15a/0x1b0 [btrfs]\n    open_ctree+0x33c7/0x4a50 [btrfs]\n    btrfs_get_tree.cold+0x9f/0x1ee [btrfs]\n    vfs_get_tree+0x87/0x2f0\n    vfs_cmd_create+0xbd/0x280\n    __do_sys_fsconfig+0x3df/0x990\n    do_syscall_64+0x136/0x1540\n    entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nTo avoid the leak, call btrfs_sysfs_remove_space_info() instead of\nkfree() for the elements."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.162","versionEndExcluding":"6.1.168","matchCriteriaId":"1C240D52-1BFC-4F7E-A81D-58DE5E627247"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.122","versionEndExcluding":"6.6.131","matchCriteriaId":"71FB4B35-54E8-40A0-98EF-342E1577E167"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12.67","versionEndExcluding":"6.12.80","matchCriteriaId":"E63FD44B-7F11-44F2-B10F-0F52157A6163"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.16","versionEndExcluding":"6.18.21","matchCriteriaId":"A6CA36DA-3783-4321-81A6-485364836084"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.11","matchCriteriaId":"4CA2E747-A9EC-4518-9AA2-B4247FC748B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1737ddeafbb1304f41ec2eede4f7366082e7c96a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3c645c6f7e5470debbb81666b230056de48f36dc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3c844d01f9874a43004c82970d8da94f9aba8949","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/416484f21a9d1280cf6daa7ebc10c79b59c46e48","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/94054ffd311a1f76b7093ba8ebf50bdb0d28337c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a4376d9a5d4c9610e69def3fc0b32c86a7ab7a41","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-42510","sourceIdentifier":"cve@mitre.org","published":"2026-04-28T06:16:04.100","lastModified":"2026-05-20T17:16:22.640","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"OpenStack Ironic before 35.0.1 allows ipmitool execution in a non-default configuration that has a console interface."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.7,"impactScore":5.9}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-829"}]}],"references":[{"url":"https://bugs.launchpad.net/ironic/+bug/2148331","source":"cve@mitre.org"},{"url":"https://security.openstack.org/ossa/OSSA-2026-008.html","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/04/30/1","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-37530","sourceIdentifier":"cve@mitre.org","published":"2026-05-01T17:16:22.603","lastModified":"2026-05-20T15:25:15.650","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"AGL agl-service-can-low-level thru 17.1.12 contains a stack buffer overflow in the uds-c library. The send_diagnostic_request function in uds.c allocates a 6-byte stack buffer (MAX_DIAGNOSTIC_PAYLOAD_SIZE=6) but copies up to 7 bytes (MAX_UDS_REQUEST_PAYLOAD_LENGTH=7) via memcpy at an offset of 1+pid_length (2-3 bytes), resulting in 1-4 bytes of controlled stack overflow. The payload_length field (uint8_t) has no bounds check against the destination buffer. On 32-bit ARM automotive ECUs without stack canaries, this can lead to return address overwrite and RCE."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linuxfoundation:automotive_grade_linux:*:*:*:*:*:*:*:*","versionEndIncluding":"17.1.12","matchCriteriaId":"F565A1E5-42E5-4115-830F-2A328C92F35B"}]}]}],"references":[{"url":"https://gerrit.automotivelinux.org/gerrit/apps/agl-service-can-low-level","source":"cve@mitre.org","tags":["Broken Link"]},{"url":"https://gist.github.com/sgInnora/8526eedcfd826d05ef1fc45d8f405643","source":"cve@mitre.org","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-37541","sourceIdentifier":"cve@mitre.org","published":"2026-05-01T17:16:24.083","lastModified":"2026-05-20T15:20:03.423","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) 3.3.005. In canformat_gvret.cpp, the length field in GVRET binary data is not properly validated, allowing remote attackers to cause a denial of service or possibly execute arbitrary code via crafted GVRET frames."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:openvehicles:open_vehicle_monitoring_system_firmware:3.3.005:*:*:*:*:*:*:*","matchCriteriaId":"85BD9467-2887-419D-96B2-6E0418829A9A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:openvehicles:open_vehicle_monitoring_system:-:*:*:*:*:*:*:*","matchCriteriaId":"9C5E4E8C-8378-4B51-B19D-862DBB3859BC"}]}]}],"references":[{"url":"https://gist.github.com/sgInnora/f4ac66faeefe07a653ceeb3f58cdc381","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://github.com/openvehicles/Open-Vehicle-Monitoring-System-3","source":"cve@mitre.org","tags":["Product"]},{"url":"https://github.com/openvehicles/Open-Vehicle-Monitoring-System-3/issues/1393","source":"cve@mitre.org","tags":["Issue Tracking"]}]}},{"cve":{"id":"CVE-2026-42468","sourceIdentifier":"cve@mitre.org","published":"2026-05-01T17:16:25.150","lastModified":"2026-05-20T15:19:34.470","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) 3.3.005. In canformat_pcap.cpp , the parser's phdr.len field is not properly validated, allowing remote attackers to cause a denial of service or possibly execute arbitrary code via crafted PCAP input."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:openvehicles:open_vehicle_monitoring_system_firmware:3.3.005:*:*:*:*:*:*:*","matchCriteriaId":"85BD9467-2887-419D-96B2-6E0418829A9A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:openvehicles:open_vehicle_monitoring_system:-:*:*:*:*:*:*:*","matchCriteriaId":"9C5E4E8C-8378-4B51-B19D-862DBB3859BC"}]}]}],"references":[{"url":"https://gist.github.com/sgInnora/f4ac66faeefe07a653ceeb3f58cdc381","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://github.com/openvehicles/Open-Vehicle-Monitoring-System-3/issues/1392","source":"cve@mitre.org","tags":["Issue Tracking"]}]}},{"cve":{"id":"CVE-2026-42469","sourceIdentifier":"cve@mitre.org","published":"2026-05-01T17:16:25.260","lastModified":"2026-05-20T15:18:24.273","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) 3.3.005. In canformat_canswitch.cpp the parser does not properly validate a CANswitch DLC value, allowing remote attackers to cause a denial of service or possibly execute arbitrary code via crafted CANswitch frames."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":4.7}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:openvehicles:open_vehicle_monitoring_system_firmware:3.3.005:*:*:*:*:*:*:*","matchCriteriaId":"85BD9467-2887-419D-96B2-6E0418829A9A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:openvehicles:open_vehicle_monitoring_system:-:*:*:*:*:*:*:*","matchCriteriaId":"9C5E4E8C-8378-4B51-B19D-862DBB3859BC"}]}]}],"references":[{"url":"https://gist.github.com/sgInnora/f4ac66faeefe07a653ceeb3f58cdc381","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://github.com/openvehicles/Open-Vehicle-Monitoring-System-3/issues/1391","source":"cve@mitre.org","tags":["Issue Tracking"]}]}},{"cve":{"id":"CVE-2026-43067","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-05T16:16:15.937","lastModified":"2026-05-20T23:16:20.980","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: handle wraparound when searching for blocks for indirect mapped blocks\n\nCommit 4865c768b563 (\"ext4: always allocate blocks only from groups\ninode can use\") restricts what blocks will be allocated for indirect\nblock based files to block numbers that fit within 32-bit block\nnumbers.\n\nHowever, when using a review bot running on the latest Gemini LLM to\ncheck this commit when backporting into an LTS based kernel, it raised\nthis concern:\n\n   If ac->ac_g_ex.fe_group is >= ngroups (for instance, if the goal\n   group was populated via stream allocation from s_mb_last_groups),\n   then start will be >= ngroups.\n\n   Does this allow allocating blocks beyond the 32-bit limit for\n   indirect block mapped files? The commit message mentions that\n   ext4_mb_scan_groups_linear() takes care to not select unsupported\n   groups. However, its loop uses group = *start, and the very first\n   iteration will call ext4_mb_scan_group() with this unsupported\n   group because next_linear_group() is only called at the end of the\n   iteration.\n\nAfter reviewing the code paths involved and considering the LLM\nreview, I determined that this can happen when there is a file system\nwhere some files/directories are extent-mapped and others are\nindirect-block mapped.  To address this, add a safety clamp in\next4_mb_scan_groups()."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.203","versionEndExcluding":"5.16","matchCriteriaId":"65BC3363-9FA5-4980-B120-042521BD0F34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.130","versionEndExcluding":"6.6.134","matchCriteriaId":"B71F66A1-26CE-4A17-BBAB-34A1AE897567"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12.77","versionEndExcluding":"6.12.80","matchCriteriaId":"C8D55175-C5FF-47BC-BC65-A2B06E3021A1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.18.14","versionEndExcluding":"6.18.21","matchCriteriaId":"DEA57E4E-36B0-40D5-98B9-6A50348C9E74"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19.4","versionEndExcluding":"6.19.11","matchCriteriaId":"A67B0458-DAE3-4940-BBB2-1A4D263AF27B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.1.167:*:*:*:*:*:*:*","matchCriteriaId":"B898A4FB-4E74-40F7-B523-B71FFB681B6D"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/12624c5b724a81e14e532972b40d863b0de3b7d1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2a368ccddfc492a0aa951e2caef2985f20e96503","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4bec4a498ce86314d470ae6144120461f2138c29","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/83170a05908b6cf2fb3235d3065bf613ff866f3c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bb81702370fad22c06ca12b6e1648754dbc37e0f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f89bba144938921a2249237ad04a0183ff3f8930","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43068","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-05T16:16:16.053","lastModified":"2026-05-20T23:09:44.863","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid allocate block from corrupted group in ext4_mb_find_by_goal()\n\nThere's issue as follows:\n...\nEXT4-fs (mmcblk0p1): Delayed block allocation failed for inode 206 at logical offset 0 with max blocks 1 with error 117\nEXT4-fs (mmcblk0p1): This should not happen!! Data will be lost\n\nEXT4-fs (mmcblk0p1): Delayed block allocation failed for inode 206 at logical offset 0 with max blocks 1 with error 117\nEXT4-fs (mmcblk0p1): This should not happen!! Data will be lost\n\nEXT4-fs (mmcblk0p1): Delayed block allocation failed for inode 206 at logical offset 0 with max blocks 1 with error 117\nEXT4-fs (mmcblk0p1): This should not happen!! Data will be lost\n\nEXT4-fs (mmcblk0p1): Delayed block allocation failed for inode 206 at logical offset 0 with max blocks 1 with error 117\nEXT4-fs (mmcblk0p1): This should not happen!! Data will be lost\n\nEXT4-fs (mmcblk0p1): Delayed block allocation failed for inode 2243 at logical offset 0 with max blocks 1 with error 117\nEXT4-fs (mmcblk0p1): This should not happen!! Data will be lost\n\nEXT4-fs (mmcblk0p1): Delayed block allocation failed for inode 2239 at logical offset 0 with max blocks 1 with error 117\nEXT4-fs (mmcblk0p1): This should not happen!! Data will be lost\n\nEXT4-fs (mmcblk0p1): error count since last fsck: 1\nEXT4-fs (mmcblk0p1): initial error at time 1765597433: ext4_mb_generate_buddy:760\nEXT4-fs (mmcblk0p1): last error at time 1765597433: ext4_mb_generate_buddy:760\n...\n\nAccording to the log analysis, blocks are always requested from the\ncorrupted block group. This may happen as follows:\next4_mb_find_by_goal\n  ext4_mb_load_buddy\n   ext4_mb_load_buddy_gfp\n     ext4_mb_init_cache\n      ext4_read_block_bitmap_nowait\n      ext4_wait_block_bitmap\n       ext4_validate_block_bitmap\n        if (!grp || EXT4_MB_GRP_BBITMAP_CORRUPT(grp))\n         return -EFSCORRUPTED; // There's no logs.\n if (err)\n  return err;  // Will return error\next4_lock_group(ac->ac_sb, group);\n  if (unlikely(EXT4_MB_GRP_BBITMAP_CORRUPT(e4b->bd_info))) // Unreachable\n   goto out;\n\nAfter commit 9008a58e5dce (\"ext4: make the bitmap read routines return\nreal error codes\") merged, Commit 163a203ddb36 (\"ext4: mark block group\nas corrupt on block bitmap error\") is no real solution for allocating\nblocks from corrupted block groups. This is because if\n'EXT4_MB_GRP_BBITMAP_CORRUPT(e4b->bd_info)' is true, then\n'ext4_mb_load_buddy()' may return an error. This means that the block\nallocation will fail.\nTherefore, check block group if corrupted when ext4_mb_load_buddy()\nreturns error."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.12","versionEndExcluding":"5.10.253","matchCriteriaId":"0ECA9FA3-7D5A-47DF-96CD-50ED0F72C020"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.168","matchCriteriaId":"E2DDDCA1-6DAB-4018-B920-8F045DDD8D3B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.131","matchCriteriaId":"CE6ED4D4-0046-4573-BFA9-D64143B6A89F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.80","matchCriteriaId":"97EB19EC-A11E-49C6-9D2F-6F6EC6CB98B6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.21","matchCriteriaId":"ED39847A-3B46-4729-B7CA-B2C30B9FA8FE"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.11","matchCriteriaId":"4CA2E747-A9EC-4518-9AA2-B4247FC748B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*","matchCriteriaId":"512EE3A8-A590-4501-9A94-5D4B268D6138"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0b84571c886719823d537f05f4f07cad6357c4b7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1895f7904be71c48f1e6f338b28f24dabd6b8aeb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1c0d7c4cde38a887c6d74e0c89ddb25226943c78","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2d31a5073f86a177edf44015e0dedb0c47cfd6d8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/46066e3a06647c5b186cc6334409722622d05c44","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9370207b36d26e45a8c8ef0500706d37036edd6b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fea6b2e250ff48f10d166011b57a8516ae5438c9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ffc0a282462d45fee5957621be5afa29752f3b6d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43074","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-06T10:16:20.343","lastModified":"2026-05-20T23:20:05.510","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\neventpoll: defer struct eventpoll free to RCU grace period\n\nIn certain situations, ep_free() in eventpoll.c will kfree the epi->ep\neventpoll struct while it still being used by another concurrent thread.\nDefer the kfree() to an RCU callback to prevent UAF."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.1","versionEndExcluding":"6.6.136","matchCriteriaId":"03382702-BC98-477F-87AB-A5B1011E1D0C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.83","matchCriteriaId":"7F0AE5B5-23AC-4DCC-B37A-51CA1DAE7BA8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.24","matchCriteriaId":"8126B8B8-6D0B-4443-86C1-672AEE893555"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.14","matchCriteriaId":"D6A8A074-BBF4-4803-ABED-519A839435BB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.4:-:*:*:*:*:*:*","matchCriteriaId":"DE0B0BF6-0EEF-4FAD-927D-7A0DD77BEE75"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*","matchCriteriaId":"512EE3A8-A590-4501-9A94-5D4B268D6138"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/07712db80857d5d09ae08f3df85a708ecfc3b61f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5b1173b165421561db29f30afc7e97d940a398a9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7e8083f5eeedab0f460063b9c2c14c9a4e71a427","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a6566cd33f6f967a7651ebf2ce0dd31572e319cf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ae0bb9c1fb7c2594519aeeb096cf2c3b7837b322","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43075","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-06T10:16:20.463","lastModified":"2026-05-20T23:19:40.187","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix out-of-bounds write in ocfs2_write_end_inline\n\nKASAN reports a use-after-free write of 4086 bytes in\nocfs2_write_end_inline, called from ocfs2_write_end_nolock during a\ncopy_file_range splice fallback on a corrupted ocfs2 filesystem mounted on\na loop device.  The actual bug is an out-of-bounds write past the inode\nblock buffer, not a true use-after-free.  The write overflows into an\nadjacent freed page, which KASAN reports as UAF.\n\nThe root cause is that ocfs2_try_to_write_inline_data trusts the on-disk\nid_count field to determine whether a write fits in inline data.  On a\ncorrupted filesystem, id_count can exceed the physical maximum inline data\ncapacity, causing writes to overflow the inode block buffer.\n\nCall trace (crash path):\n\n   vfs_copy_file_range (fs/read_write.c:1634)\n     do_splice_direct\n       splice_direct_to_actor\n         iter_file_splice_write\n           ocfs2_file_write_iter\n             generic_perform_write\n               ocfs2_write_end\n                 ocfs2_write_end_nolock (fs/ocfs2/aops.c:1949)\n                   ocfs2_write_end_inline (fs/ocfs2/aops.c:1915)\n                     memcpy_from_folio     <-- KASAN: write OOB\n\nSo add id_count upper bound check in ocfs2_validate_inode_block() to\nalongside the existing i_size check to fix it."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.24.1","versionEndExcluding":"6.6.136","matchCriteriaId":"3C45350C-5A79-40F0-B6B0-BF9ED7FA81B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.83","matchCriteriaId":"7F0AE5B5-23AC-4DCC-B37A-51CA1DAE7BA8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.24","matchCriteriaId":"8126B8B8-6D0B-4443-86C1-672AEE893555"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.14","matchCriteriaId":"D6A8A074-BBF4-4803-ABED-519A839435BB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.24:-:*:*:*:*:*:*","matchCriteriaId":"6F3E61F3-1CF1-4176-94CD-89A408BCFC96"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*","matchCriteriaId":"512EE3A8-A590-4501-9A94-5D4B268D6138"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0c1af902223b6fcedb60904ca0b551254686c7b9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/69d3c69ade1e4285ab4ca48fe7acee0767e65604","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7bc5da4842bed3252d26e742213741a4d0ac1b14","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/947f953978b0d9463498d548d0f054f5a75be2e9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e2c9dc6b6e96f3585f2a1062ca3374a52db0938f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43076","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-06T10:16:20.590","lastModified":"2026-05-20T23:19:25.910","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: validate inline data i_size during inode read\n\nWhen reading an inode from disk, ocfs2_validate_inode_block() performs\nvarious sanity checks but does not validate the size of inline data.  If\nthe filesystem is corrupted, an inode's i_size can exceed the actual\ninline data capacity (id_count).\n\nThis causes ocfs2_dir_foreach_blk_id() to iterate beyond the inline data\nbuffer, triggering a use-after-free when accessing directory entries from\nfreed memory.\n\nIn the syzbot report:\n  - i_size was 1099511627576 bytes (~1TB)\n  - Actual inline data capacity (id_count) is typically <256 bytes\n  - A garbage rec_len (54648) caused ctx->pos to jump out of bounds\n  - This triggered a UAF in ocfs2_check_dir_entry()\n\nFix by adding a validation check in ocfs2_validate_inode_block() to ensure\ninodes with inline data have i_size <= id_count.  This catches the\ncorruption early during inode read and prevents all downstream code from\noperating on invalid data."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.24.1","versionEndExcluding":"6.6.136","matchCriteriaId":"3C45350C-5A79-40F0-B6B0-BF9ED7FA81B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.83","matchCriteriaId":"7F0AE5B5-23AC-4DCC-B37A-51CA1DAE7BA8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.24","matchCriteriaId":"8126B8B8-6D0B-4443-86C1-672AEE893555"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.14","matchCriteriaId":"D6A8A074-BBF4-4803-ABED-519A839435BB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.24:-:*:*:*:*:*:*","matchCriteriaId":"6F3E61F3-1CF1-4176-94CD-89A408BCFC96"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*","matchCriteriaId":"512EE3A8-A590-4501-9A94-5D4B268D6138"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1524af3685b35feac76662cc551cbc37bd14775f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/37f074e65f24f10f8d8df224a572e4cb9e6faf63","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/77d0295725109d77f5854ef5b58c0d06c08168cc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c1de19e891be3bfb3e1d0c7cf07bbb8fb3b77c1b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cd2d765aa7157f852999842af32148128c735d39","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43077","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-06T10:16:20.707","lastModified":"2026-05-20T23:19:13.320","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_aead - Fix minimum RX size check for decryption\n\nThe check for the minimum receive buffer size did not take the\ntag size into account during decryption.  Fix this by adding the\nrequired extra length."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14.1","versionEndExcluding":"5.10.254","matchCriteriaId":"E49F4532-8422-46F7-B2E8-96E820919D16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.204","matchCriteriaId":"FA800016-0012-4E3F-A528-2A7F378A0A4A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.170","matchCriteriaId":"E6653854-B188-42DD-B8C5-0143F1956AB1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.136","matchCriteriaId":"0A0F1E9A-F127-4699-A014-9E08441C9A14"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.83","matchCriteriaId":"7F0AE5B5-23AC-4DCC-B37A-51CA1DAE7BA8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.24","matchCriteriaId":"8126B8B8-6D0B-4443-86C1-672AEE893555"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.14","matchCriteriaId":"D6A8A074-BBF4-4803-ABED-519A839435BB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:4.14:-:*:*:*:*:*:*","matchCriteriaId":"7875AA30-1F6F-470C-A52D-ECBD6663CEC5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*","matchCriteriaId":"512EE3A8-A590-4501-9A94-5D4B268D6138"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1c76b5675119f694458293a2a81f40731c69bd32","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3afdc15d6173614d7d834517d9b65e7aa5a08548","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3d14bd48e3a77091cbce637a12c2ae31b4a1687c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/74a66fdb5282d89e348b00c42cfca3a936946d94","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/78cea133daf721698876e56135049a96d39d610a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/af2fa2fbbced26129813274b8b3f7705f280e174","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e86ab1e5661386a874fbb8551f0c04b8e9f8ad22","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fd427dd84f224309afbcc2cb67c7bb770a01265c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43078","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-06T10:16:20.853","lastModified":"2026-05-20T23:18:55.353","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl\n\nWhen page reassignment was added to af_alg_pull_tsgl the original\nloop wasn't updated so it may try to reassign one more page than\nnecessary.\n\nAdd the check to the reassignment so that this does not happen.\n\nAlso update the comment which still refers to the obsolete offset\nargument."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14.1","versionEndExcluding":"5.10.254","matchCriteriaId":"E49F4532-8422-46F7-B2E8-96E820919D16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.204","matchCriteriaId":"FA800016-0012-4E3F-A528-2A7F378A0A4A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.170","matchCriteriaId":"E6653854-B188-42DD-B8C5-0143F1956AB1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.137","matchCriteriaId":"3CA3EF52-168A-4348-8F5F-356C9EB69261"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.85","matchCriteriaId":"F17D292D-A9B5-4DC7-8002-51AB95335606"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.24","matchCriteriaId":"8126B8B8-6D0B-4443-86C1-672AEE893555"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.14","matchCriteriaId":"D6A8A074-BBF4-4803-ABED-519A839435BB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:4.14:-:*:*:*:*:*:*","matchCriteriaId":"7875AA30-1F6F-470C-A52D-ECBD6663CEC5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*","matchCriteriaId":"512EE3A8-A590-4501-9A94-5D4B268D6138"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2b781d1d4f933990318bcc5c68fb75a717379e42","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/31d00156e50ecad37f2cb6cbf04aaa9a260505ef","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/710a4ce5d7afd9fe082c75dec282ab4a11c0fe71","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9532501e0f1b200ea80baa0e33e0b06da10bb271","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c8369a6d62f5abde9cbd4b62c45bf4b996be2468","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/dea5fcf085f977b6c2de1b2d4ec4767b6c840d1f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f7826bc0b39928a4a22f6b815dd9940b22a63503","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fa48d3ea9cdbfb28c1fd6756c6c5cd01351aa51e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43084","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-06T10:16:21.610","lastModified":"2026-05-20T23:06:46.363","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nfnetlink_queue: make hash table per queue\n\nSharing a global hash table among all queues is tempting, but\nit can cause crash:\n\nBUG: KASAN: slab-use-after-free in nfqnl_recv_verdict+0x11ac/0x15e0 [nfnetlink_queue]\n[..]\n nfqnl_recv_verdict+0x11ac/0x15e0 [nfnetlink_queue]\n nfnetlink_rcv_msg+0x46a/0x930\n kmem_cache_alloc_node_noprof+0x11e/0x450\n\nstruct nf_queue_entry is freed via kfree, but parallel cpu can still\nencounter such an nf_queue_entry when walking the list.\n\nAlternative fix is to free the nf_queue_entry via kfree_rcu() instead,\nbut as we have to alloc/free for each skb this will cause more mem\npressure."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12.75","versionEndExcluding":"6.12.83","matchCriteriaId":"E1A21D87-0999-4B99-8C46-E845E91596BC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.18.14","versionEndExcluding":"6.18.24","matchCriteriaId":"F1EF34AA-110D-41A4-A945-0F3F8D525789"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19.4","versionEndExcluding":"6.19.14","matchCriteriaId":"92491DD1-C41C-4797-A5EB-8523985265BA"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/22730cb96093b5be0609063bbb1923dbecd61252","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/41e3652a178cb0eecd48e0e6e27fbb73a004046a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/936206e3f6ff411581e615e930263d6f8b78df9d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9e5ebef91120d2764aefe557c3a484b6288f341f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-44916","sourceIdentifier":"cve@mitre.org","published":"2026-05-08T07:16:29.163","lastModified":"2026-05-20T16:16:25.813","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In OpenStack Ironic before 35.0.2 (in a certain non-default configuration), instance_info['ks_template'] is rendered without sandboxing."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N","baseScore":3.0,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.3,"impactScore":1.4}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-1336"}]}],"references":[{"url":"https://bugs.launchpad.net/ironic/+bug/2148307","source":"cve@mitre.org"},{"url":"https://security.openstack.org/ossa/OSSA-2026-012.html","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/05/11/7","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-43378","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:48.990","lastModified":"2026-05-20T17:16:22.783","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: server: fix use-after-free in smb2_open()\n\nThe opinfo pointer obtained via rcu_dereference(fp->f_opinfo) is\ndereferenced after rcu_read_unlock(), creating a use-after-free\nwindow."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"6.1.167","matchCriteriaId":"54D2788B-5D8B-4E8C-A8AD-0650F3F1B069"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/190e5f808e8058640b408ccfed25440b441a718a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1e689a56173827669a35da7cb2a3c78ed5c53680","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/54b48ae83de8bb06e65079d96368efe359d4909c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8f5b1a7cb009a93c48e9e334a2f59a660f9afc07","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b720c84087cb547f23ce03eab93568c1769e4556","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e1b21e6066615e7d3d3a7aa2677e415e563fd7cc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43380","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:49.207","lastModified":"2026-05-20T17:16:22.927","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read\n\nThe q54sj108a2_debugfs_read function suffers from a stack buffer overflow\ndue to incorrect arguments passed to bin2hex(). The function currently\npasses 'data' as the destination and 'data_char' as the source.\n\nBecause bin2hex() converts each input byte into two hex characters, a\n32-byte block read results in 64 bytes of output. Since 'data' is only\n34 bytes (I2C_SMBUS_BLOCK_MAX + 2), this writes 30 bytes past the end\nof the buffer onto the stack.\n\nAdditionally, the arguments were swapped: it was reading from the\nzero-initialized 'data_char' and writing to 'data', resulting in\nall-zero output regardless of the actual I2C read.\n\nFix this by:\n1. Expanding 'data_char' to 66 bytes to safely hold the hex output.\n2. Correcting the bin2hex() argument order and using the actual read count.\n3. Using a pointer to select the correct output buffer for the final\n   simple_read_from_buffer call."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.167","matchCriteriaId":"2EDC6BAF-B710-4E26-B6AA-D68922EE7B43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/24a7b9daa103fa963b3fd37d8805b23e01621976","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/25dd70a03b1f5f3aa71e1a5091ecd9cd2a13ee43","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/52db5ef163c96f916d424e472fb17aadc35a9f7a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/73a7a345816946d276ad2c46c8bb771de67cfc46","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a0fc1b9c738fba231f190ab960c83202722efee5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b48a0f8d4541a4f6651dc9a64430ce9fdf5c120b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c59090c50f62a17129fc4c5407bc4071305a9e82","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43424","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:54.497","lastModified":"2026-05-20T18:37:33.487","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_tcm: Fix NULL pointer dereferences in nexus handling\n\nThe `tpg->tpg_nexus` pointer in the USB Target driver is dynamically\nmanaged and tied to userspace configuration via ConfigFS. It can be\nNULL if the USB host sends requests before the nexus is fully\nestablished or immediately after it is dropped.\n\nCurrently, functions like `bot_submit_command()` and the data\ntransfer paths retrieve `tv_nexus = tpg->tpg_nexus` and immediately\ndereference `tv_nexus->tvn_se_sess` without any validation. If a\nmalicious or misconfigured USB host sends a BOT (Bulk-Only Transport)\ncommand during this race window, it triggers a NULL pointer\ndereference, leading to a kernel panic (local DoS).\n\nThis exposes an inconsistent API usage within the module, as peer\nfunctions like `usbg_submit_command()` and `bot_send_bad_response()`\ncorrectly implement a NULL check for `tv_nexus` before proceeding.\n\nFix this by bringing consistency to the nexus handling. Add the\nmissing `if (!tv_nexus)` checks to the vulnerable BOT command and\nrequest processing paths, aborting the command gracefully with an\nerror instead of crashing the system."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5","versionEndExcluding":"5.10.253","matchCriteriaId":"69A57346-D8E9-487F-A201-B8C0896B3D73"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"6.1.167","matchCriteriaId":"56D62904-7C85-4BED-9EC0-3982B880F72D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2a2ef846a54a06c33b5c2d4b0d918583e1e7c0b7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3d309b37633c4a847fc149939a2c9576f1aa1065","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/679d9535aeb15c10bce89c44102004b96624d706","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b9b26d7f3aa288cfa54a7bc68612bab1f153f156","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b9fde507355342a2d64225d582dc8b98ff5ecb19","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d146f27758049fa55ae4c53785a852d3cf7a18d6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f962ca3b020e13d6714f27e8c36fe742441c58d1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43425","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:54.620","lastModified":"2026-05-20T18:35:46.093","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: image: mdc800: kill download URB on timeout\n\nmdc800_device_read() submits download_urb and waits for completion.\nIf the timeout fires and the device has not responded, the function\nreturns without killing the URB, leaving it active.\n\nA subsequent read() resubmits the same URB while it is still\nin-flight, triggering the WARN in usb_submit_urb():\n\n  \"URB submitted while active\"\n\nCheck the return value of wait_event_timeout() and kill the URB if\nit indicates timeout, ensuring the URB is complete before its status\nis inspected or the URB is resubmitted.\n\nSimilar to\n- commit 372c93131998 (\"USB: yurex: fix control-URB timeout handling\")\n- commit b98d5000c505 (\"media: rc: iguanair: handle timeouts\")"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12.1","versionEndExcluding":"5.10.253","matchCriteriaId":"5F0E43E1-33E5-4828-9B4A-F710AF2E7217"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.167","matchCriteriaId":"2EDC6BAF-B710-4E26-B6AA-D68922EE7B43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*","matchCriteriaId":"6F62EECE-8FB1-4D57-85D8-CB9E23CF313C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*","matchCriteriaId":"4F76C298-81DC-43E4-8FC9-DC005A2116EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*","matchCriteriaId":"0AB349B2-3F78-4197-882B-90ADB3BF645A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*","matchCriteriaId":"6AC88830-A9BC-4607-B572-A4B502FC9FD0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*","matchCriteriaId":"476CB3A5-D022-4F13-AAEF-CB6A5785516A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc6:*:*:*:*:*:*","matchCriteriaId":"8CFD5CDD-1709-44C7-82BD-BAFDC46990D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/15536f6c15f48037a1672cbdea53266d67861ff6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/155f471e38aa516f6c58c2ae03ca3dc222fa2fdb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1be3b77de4eb89af8ae2fd6610546be778e25589","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9bf877cc67309b2a063b0087c3ad8585fb11cec3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9fa5a49760979ba016506fe292a431c8b83f043e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b7fed917f84e484e06c5e9926746d0b524e3a93e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cc7398447810c9450c90d092efe9997569f8d96f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d4a400a6a4c4d49f77a04a3f401df5ae1a10657c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43426","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:54.740","lastModified":"2026-05-20T18:32:36.417","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: renesas_usbhs: fix use-after-free in ISR during device removal\n\nIn usbhs_remove(), the driver frees resources (including the pipe array)\nwhile the interrupt handler (usbhs_interrupt) is still registered. If an\ninterrupt fires after usbhs_pipe_remove() but before the driver is fully\nunbound, the ISR may access freed memory, causing a use-after-free.\n\nFix this by calling devm_free_irq() before freeing resources. This ensures\nthe interrupt handler is both disabled and synchronized (waits for any\nrunning ISR to complete) before usbhs_pipe_remove() is called."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0","versionEndExcluding":"5.10.253","matchCriteriaId":"4EA1E395-3D36-46C1-A53B-5DC1BFA1D52E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.167","matchCriteriaId":"2EDC6BAF-B710-4E26-B6AA-D68922EE7B43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0b7d11fd6e742ecc0b1eca44b4f0b93140c74bae","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1899edac312ef17a7234851686e8a703f56d0a84","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3cbc242b88c607f55da3d0d0d336b49bf1e20412","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/51afaf919bbaacdd9cc9e146033ae0a743a42dd7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6287e0c01ccb818e7214f88d885ffb7c9e81b0e0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6ffe44f022c95b1b29c691d2169c5abc046f7580","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9c6159d5b72d5fc265cce5da04f27d730b552e69","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c7012fc73dab4829404fedeeaa8531f12ac8545f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43427","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:54.867","lastModified":"2026-05-20T18:29:41.050","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: class: cdc-wdm: fix reordering issue in read code path\n\nQuoting the bug report:\n\nDue to compiler optimization or CPU out-of-order execution, the\ndesc->length update can be reordered before the memmove. If this\nhappens, wdm_read() can see the new length and call copy_to_user() on\nuninitialized memory. This also violates LKMM data race rules [1].\n\nFix it by using WRITE_ONCE and memory barriers."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.26.1","versionEndExcluding":"5.10.253","matchCriteriaId":"5F7C4E68-B5A8-416F-9E9E-9E29289DF9DC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.167","matchCriteriaId":"2EDC6BAF-B710-4E26-B6AA-D68922EE7B43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.26:-:*:*:*:*:*:*","matchCriteriaId":"2904D4F1-8EE3-49BD-8EA8-5C7FA05E28F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.26:rc4:*:*:*:*:*:*","matchCriteriaId":"12D0C03A-7D30-485F-8431-638918FE9658"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.26:rc5:*:*:*:*:*:*","matchCriteriaId":"8B8E0DDC-7566-4EF9-9A8F-B1870CA83144"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.26:rc6:*:*:*:*:*:*","matchCriteriaId":"764777FB-FD1E-4930-899C-AC5D2DF293E8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.26:rc7:*:*:*:*:*:*","matchCriteriaId":"95461D7E-A080-4B9E-BC72-6BDBC1C1A447"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.26:rc8:*:*:*:*:*:*","matchCriteriaId":"D913E879-38EC-46AE-9F20-5D3E5F2CDCC2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.26:rc9:*:*:*:*:*:*","matchCriteriaId":"B264E869-1A6C-4D85-9944-2E4EB523CD82"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*","matchCriteriaId":"512EE3A8-A590-4501-9A94-5D4B268D6138"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/170e8daca24da6edb4be82ab01abf44e87af387b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/276aef0fd2b92f41b920ac891c72cadeee957934","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4ee3062bf2c9a722afef429826e8607eaf3fc6a0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/638328ca9c17ae6511ad62198c57bae32ffa3c91","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/67ed312124bb1b61858778ac0b985b48961c862a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8df672bfe3ec2268c2636584202755898e547173","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c8fa96ed021923dae147bcd9f9205b8df7b82360","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e3c874b05901dc519054b5107d16620e6d2b5fea","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43428","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:54.990","lastModified":"2026-05-20T18:26:17.250","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: core: Limit the length of unkillable synchronous timeouts\n\nThe usb_control_msg(), usb_bulk_msg(), and usb_interrupt_msg() APIs in\nusbcore allow unlimited timeout durations.  And since they use\nuninterruptible waits, this leaves open the possibility of hanging a\ntask for an indefinitely long time, with no way to kill it short of\nunplugging the target device.\n\nTo prevent this sort of problem, enforce a maximum limit on the length\nof these unkillable timeouts.  The limit chosen here, somewhat\narbitrarily, is 60 seconds.  On many systems (although not all) this\nis short enough to avoid triggering the kernel's hung-task detector.\n\nIn addition, clear up the ambiguity of negative timeout values by\ntreating them the same as 0, i.e., using the maximum allowed timeout."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12.1","versionEndExcluding":"5.10.253","matchCriteriaId":"5F0E43E1-33E5-4828-9B4A-F710AF2E7217"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.167","matchCriteriaId":"2EDC6BAF-B710-4E26-B6AA-D68922EE7B43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*","matchCriteriaId":"6F62EECE-8FB1-4D57-85D8-CB9E23CF313C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*","matchCriteriaId":"4F76C298-81DC-43E4-8FC9-DC005A2116EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*","matchCriteriaId":"0AB349B2-3F78-4197-882B-90ADB3BF645A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*","matchCriteriaId":"6AC88830-A9BC-4607-B572-A4B502FC9FD0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*","matchCriteriaId":"476CB3A5-D022-4F13-AAEF-CB6A5785516A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/06d2bbc4c66c6b0e8a43728c4949026026a5be67","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1015c27a5e1a63efae2b18a9901494474b4d1dc3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/24b31a227f679a942d820840a4dea7f0c09a387f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2d34cb4d1d6283b4be9c78f4a83ed6956d3069ec","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4e86f5b79e62ded7e3c3ebd688cf5775e618148a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/64f3d75633aedc12bdff220e9a4337177430bd9d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/659c0c7d50a4b0f6aa197c4c098cfd91daf63862","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6c62935670acdbb7687ced20494923b66fbb0367","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43429","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:55.117","lastModified":"2026-05-20T18:23:12.607","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: usbtmc: Use usb_bulk_msg_killable() with user-specified timeouts\n\nThe usbtmc driver accepts timeout values specified by the user in an\nioctl command, and uses these timeouts for some usb_bulk_msg() calls.\nSince the user can specify arbitrarily long timeouts and\nusb_bulk_msg() uses unkillable waits, call usb_bulk_msg_killable()\ninstead to avoid the possibility of the user hanging a kernel thread\nindefinitely."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19","versionEndExcluding":"5.10.253","matchCriteriaId":"A8DA957C-C958-43FF-BB9F-975A326709F9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.167","matchCriteriaId":"2EDC6BAF-B710-4E26-B6AA-D68922EE7B43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0535f84cb94c9d8bcba0a2a5b3fac81b7d97235d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/39bd4097292fd8564cf2cfba9356f8ab11e38d12","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6cb7dc91f057dd8ce44f6caa2995d8e22784ed0a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/72c0a063489be183cfb99e7050aaef503bdb6449","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7784caa413a89487dd14dd5c41db8753483b2acb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7fa72c369c23c27d1f64883c1e276af950557fb1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d4f1c45bdff3f393f9ab7e76795901c442b9eb76","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e14a0dcdf468c3ad616bb06696c7c64c36e736d8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43430","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:55.243","lastModified":"2026-05-20T18:22:23.643","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: yurex: fix race in probe\n\nThe bbu member of the descriptor must be set to the value\nstanding for uninitialized values before the URB whose\ncompletion handler sets bbu is submitted. Otherwise there is\na window during which probing can overwrite already retrieved\ndata."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-362"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.37","versionEndExcluding":"5.10.253","matchCriteriaId":"23DA880E-FDBB-47BB-9873-3304EF86B098"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.167","matchCriteriaId":"2EDC6BAF-B710-4E26-B6AA-D68922EE7B43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*","matchCriteriaId":"512EE3A8-A590-4501-9A94-5D4B268D6138"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3cec135415a89723e2d38e1c8cc5098203355965","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/687d26d43a5aaf44323ce7d601cf242bb87e9559","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7a875c09899ba0404844abfd8f0d54cdc481c151","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/939e3d17b843b0bae70467fef4481069d73c8520","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a41d3d9202e951995cfac6248c565423079c71fa","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a7934d7202a39c3160aa30521c382c7b744ae4a2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a8b3b3d730acea1640bc89465f2832cf06a1e13a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/af83e92c329f11139d5eea2b5b7b83c26c3f67e7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43431","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:55.367","lastModified":"2026-05-20T18:21:21.917","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nxhci: Fix NULL pointer dereference when reading portli debugfs files\n\nMichal reported and debgged a NULL pointer dereference bug in the\nrecently added portli debugfs files\n\nOops is caused when there are more port registers counted in\nxhci->max_ports than ports reported by Supported Protocol capabilities.\nThis is possible if max_ports is more than maximum port number, or\nif there are gaps between ports of different speeds the 'Supported\nProtocol' capabilities.\n\nIn such cases port->rhub will be NULL so we can't reach xhci behind it.\nAdd an explicit NULL check for this case, and print portli in hex\nwithout dereferencing port->rhub."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/9c8bef223c6e991276188d30d74bdb2cbd8be652","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ae4ff9dead5efa2025eddfcdb29411432bf40a7c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43432","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:55.470","lastModified":"2026-05-20T18:18:34.580","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: xhci: Fix memory leak in xhci_disable_slot()\n\nxhci_alloc_command() allocates a command structure and, when the\nsecond argument is true, also allocates a completion structure.\nCurrently, the error handling path in xhci_disable_slot() only frees\nthe command structure using kfree(), causing the completion structure\nto leak.\n\nUse xhci_free_command() instead of kfree(). xhci_free_command() correctly\nfrees both the command structure and the associated completion structure.\nSince the command structure is allocated with zero-initialization,\ncommand->in_ctx is NULL and will not be erroneously freed by\nxhci_free_command().\n\nThis bug was found using an experimental static analysis tool we are\ndeveloping. The tool is based on the LLVM framework and is specifically\ndesigned to detect memory management issues. It is currently under\nactive development and not yet publicly available, but we plan to\nopen-source it after our research is published.\n\nThe bug was originally detected on v6.13-rc1 using our static analysis\ntool, and we have verified that the issue persists in the latest mainline\nkernel.\n\nWe performed build testing on x86_64 with allyesconfig using GCC=11.4.0.\nSince triggering these error paths in xhci_disable_slot() requires specific\nhardware conditions or abnormal state, we were unable to construct a test\ncase to reliably trigger these specific error paths at runtime."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.221","versionEndExcluding":"4.20","matchCriteriaId":"901C8646-1860-4CD8-B70D-C02E4CAD5E2F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.165","versionEndExcluding":"5.5","matchCriteriaId":"86894268-9F63-47BD-A035-219EBC359D4E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.85","versionEndExcluding":"5.10.253","matchCriteriaId":"C5B6032E-F367-42A0-9B64-BE8D27AA93C8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.8","versionEndExcluding":"5.15.203","matchCriteriaId":"67ECAE40-42E2-489F-9E3A-EE55CD5D9A2F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.167","matchCriteriaId":"2EDC6BAF-B710-4E26-B6AA-D68922EE7B43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/078b446efc0f5e496c31bccb72b98af979963a83","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1e800e26d54ccf2ddf2ea6d6cbe021c804d8aa62","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2e2baa8fb5aa4d080cbfeb84c51eff797529f413","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/46aea90763832cd6e9b0c2e1c00e6a9512156d4b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6288baf0c8c4dcfbf206773aede9c1f2269cec28","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/807e4fb5140c73eb5dba1e399a990db5c1f3cdf8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c1c8550e70401159184130a1afc6261db01fc0ce","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c65f1b840ab8ce72ba68f1b63bab7960f8fdfa89","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43454","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:58.160","lastModified":"2026-05-20T18:04:47.350","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: Fix for duplicate device in netdev hooks\n\nWhen handling NETDEV_REGISTER notification, duplicate device\nregistration must be avoided since the device may have been added by\nnft_netdev_hook_alloc() already when creating the hook."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.16","versionEndExcluding":"6.18.19","matchCriteriaId":"F7766422-FDBE-437C-8710-C7F7094B8844"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2041cdb078041611510fc189410bc70b29f688fb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6d2a95c6890577cc3eab2b20018e16850d7fb094","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b7cdc5a97d02c943f4bdde4d5767ad0c13cad92b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43455","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:58.263","lastModified":"2026-05-20T18:04:20.973","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmctp: route: hold key->lock in mctp_flow_prepare_output()\n\nmctp_flow_prepare_output() checks key->dev and may call\nmctp_dev_set_key(), but it does not hold key->lock while doing so.\n\nmctp_dev_set_key() and mctp_dev_release_key() are annotated with\n__must_hold(&key->lock), so key->dev access is intended to be\nserialized by key->lock. The mctp_sendmsg() transmit path reaches\nmctp_flow_prepare_output() via mctp_local_output() -> mctp_dst_output()\nwithout holding key->lock, so the check-and-set sequence is racy.\n\nExample interleaving:\n\n  CPU0                                  CPU1\n  ----                                  ----\n  mctp_flow_prepare_output(key, devA)\n    if (!key->dev)  // sees NULL\n                                        mctp_flow_prepare_output(\n                                            key, devB)\n                                          if (!key->dev)  // still NULL\n                                          mctp_dev_set_key(devB, key)\n                                            mctp_dev_hold(devB)\n                                            key->dev = devB\n    mctp_dev_set_key(devA, key)\n      mctp_dev_hold(devA)\n      key->dev = devA   // overwrites devB\n\nNow both devA and devB references were acquired, but only the final\nkey->dev value is tracked for release. One reference can be lost,\ncausing a resource leak as mctp_dev_release_key() would only decrease\nthe reference on one dev.\n\nFix by taking key->lock around the key->dev check and\nmctp_dev_set_key() call."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.167","matchCriteriaId":"2EDC6BAF-B710-4E26-B6AA-D68922EE7B43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0695712f3a6f1a48915f95767cfb42077683dcdc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/47893166bc5611ee9a20de6b8d2933b2320fb772","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7d86aa41c073c4e7eb75fd2e674f1fd8f289728a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/86f5334fcb48a5b611c33364ab52ca684d0f6d91","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8d27d9b260dd19c1b519e1a13de6448f9984e30e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/925a5ffd99cddd7a7e41d5ad120c7a2c6d50260f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43456","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:58.387","lastModified":"2026-05-20T18:03:53.577","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: fix type confusion in bond_setup_by_slave()\n\nkernel BUG at net/core/skbuff.c:2306!\nOops: invalid opcode: 0000 [#1] SMP KASAN NOPTI\nRIP: 0010:pskb_expand_head+0xa08/0xfe0 net/core/skbuff.c:2306\nRSP: 0018:ffffc90004aff760 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: ffff88807e3c8780 RCX: ffffffff89593e0e\nRDX: ffff88807b7c4900 RSI: ffffffff89594747 RDI: ffff88807b7c4900\nRBP: 0000000000000820 R08: 0000000000000005 R09: 0000000000000000\nR10: 00000000961a63e0 R11: 0000000000000000 R12: ffff88807e3c8780\nR13: 00000000961a6560 R14: dffffc0000000000 R15: 00000000961a63e0\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fe1a0ed8df0 CR3: 000000002d816000 CR4: 00000000003526f0\nCall Trace:\n <TASK>\n ipgre_header+0xdd/0x540 net/ipv4/ip_gre.c:900\n dev_hard_header include/linux/netdevice.h:3439 [inline]\n packet_snd net/packet/af_packet.c:3028 [inline]\n packet_sendmsg+0x3ae5/0x53c0 net/packet/af_packet.c:3108\n sock_sendmsg_nosec net/socket.c:727 [inline]\n __sock_sendmsg net/socket.c:742 [inline]\n ____sys_sendmsg+0xa54/0xc30 net/socket.c:2592\n ___sys_sendmsg+0x190/0x1e0 net/socket.c:2646\n __sys_sendmsg+0x170/0x220 net/socket.c:2678\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0x106/0xf80 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fe1a0e6c1a9\n\nWhen a non-Ethernet device (e.g. GRE tunnel) is enslaved to a bond,\nbond_setup_by_slave() directly copies the slave's header_ops to the\nbond device:\n\n    bond_dev->header_ops = slave_dev->header_ops;\n\nThis causes a type confusion when dev_hard_header() is later called\non the bond device. Functions like ipgre_header(), ip6gre_header(),all use\nnetdev_priv(dev) to access their device-specific private data. When\ncalled with the bond device, netdev_priv() returns the bond's private\ndata (struct bonding) instead of the expected type (e.g. struct\nip_tunnel), leading to garbage values being read and kernel crashes.\n\nFix this by introducing bond_header_ops with wrapper functions that\ndelegate to the active slave's header_ops using the slave's own\ndevice. This ensures netdev_priv() in the slave's header functions\nalways receives the correct device.\n\nThe fix is placed in the bonding driver rather than individual device\ndrivers, as the root cause is bond blindly inheriting header_ops from\nthe slave without considering that these callbacks expect a specific\nnetdev_priv() layout.\n\nThe type confusion can be observed by adding a printk in\nipgre_header() and running the following commands:\n\n    ip link add dummy0 type dummy\n    ip addr add 10.0.0.1/24 dev dummy0\n    ip link set dummy0 up\n    ip link add gre1 type gre local 10.0.0.1\n    ip link add bond1 type bond mode active-backup\n    ip link set gre1 master bond1\n    ip link set gre1 up\n    ip link set bond1 up\n    ip addr add fe80::1/64 dev bond1"}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-908"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.24","versionEndExcluding":"6.12.78","matchCriteriaId":"227D062B-E2ED-4370-867F-E543B0F2C78E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/6ac890f1d60ac3707ee8dae15a67d9a833e49956","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/950803f7254721c1c15858fbbfae3deaaeeecb11","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/95597d11dc8bddb2b9a051c9232000bfbb5e43ba","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9baf26a91565b7bb2b1d9f99aaf884a2b28c2f6d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43460","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:58.880","lastModified":"2026-05-20T18:50:11.847","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nspi: rockchip-sfc: Fix double-free in remove() callback\n\nThe driver uses devm_spi_register_controller() for registration, which\nautomatically unregisters the controller via devm cleanup when the\ndevice is removed. The manual call to spi_unregister_controller() in\nthe remove() callback can lead to a double-free.\n\nAnd to make sure controller is unregistered before DMA buffer is\nunmapped, switch to use spi_register_controller() in probe()."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-415"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.14","versionEndExcluding":"6.18.19","matchCriteriaId":"7484E98E-61F0-4DCE-9DBF-83D2F75F99EB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/111e2863372c322e836e0c896f6dd9cf4ee08c71","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/85fb53351e6a3b921357a2178671e847a087e400","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b6051f2bdd4bd3dde85b68558edd3a6843489221","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43461","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:58.977","lastModified":"2026-05-20T18:41:12.283","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nspi: amlogic: spifc-a4: Fix DMA mapping error handling\n\nFix three bugs in aml_sfc_dma_buffer_setup() error paths:\n1. Unnecessary goto: When the first DMA mapping (sfc->daddr) fails,\n   nothing needs cleanup. Use direct return instead of goto.\n2. Double-unmap bug: When info DMA mapping failed, the code would\n   unmap sfc->daddr inline, then fall through to out_map_data which\n   would unmap it again, causing a double-unmap.\n3. Wrong unmap size: The out_map_info label used datalen instead of\n   infolen when unmapping sfc->iaddr, which could lead to incorrect\n   DMA sync behavior."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.18","versionEndExcluding":"6.18.19","matchCriteriaId":"4B3A7D3C-8D62-43DB-ADD2-83F0634E4C23"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0a83d6c9e149a176340190fa9cbadf2266db4c9a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b20b437666e1cb26a7c499d1664e8f2a0ac67000","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c0b88f1176074f80140ed77fce909f254b7180ab","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43462","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:59.080","lastModified":"2026-05-20T18:40:51.467","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: spacemit: Fix error handling in emac_tx_mem_map()\n\nThe DMA mappings were leaked on mapping error. Free them with the\nexisting emac_free_tx_buf() function."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.18","versionEndExcluding":"6.18.19","matchCriteriaId":"4B3A7D3C-8D62-43DB-ADD2-83F0634E4C23"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/86292155bea578ebab0ca3b65d4d87ecd8a0e9ea","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c34ebd7b24ea70be3c6fdb6936f79f593f37df60","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/edeaba385318f60ec1b32470da4d5eb800294d16","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43463","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:59.183","lastModified":"2026-05-20T18:39:59.610","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc, afs: Fix missing error pointer check after rxrpc_kernel_lookup_peer()\n\nrxrpc_kernel_lookup_peer() can also return error pointers in addition to\nNULL, so just checking for NULL is not sufficient.\n\nFix this by:\n\n (1) Changing rxrpc_kernel_lookup_peer() to return -ENOMEM rather than NULL\n     on allocation failure.\n\n (2) Making the callers in afs use IS_ERR() and PTR_ERR() to pass on the\n     error code returned."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7.3","versionEndExcluding":"6.8","matchCriteriaId":"20F5F360-294D-4182-AC38-2F032FA57B3C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.8","versionEndExcluding":"6.18.19","matchCriteriaId":"757358ED-CB5E-401C-9CA4-AB514EFDC61C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/4245a79003adf30e67f8e9060915bd05cb31d142","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/54331c5dcc6d97683d7ca2788e7ef9c9505e1477","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d55fa7cd4b19ba91b34b307d769c149e56ad0a75","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43464","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:59.283","lastModified":"2026-05-20T18:39:13.850","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: RX, Fix XDP multi-buf frag counting for legacy RQ\n\nXDP multi-buf programs can modify the layout of the XDP buffer when the\nprogram calls bpf_xdp_pull_data() or bpf_xdp_adjust_tail(). The\nreferenced commit in the fixes tag corrected the assumption in the mlx5\ndriver that the XDP buffer layout doesn't change during a program\nexecution. However, this fix introduced another issue: the dropped\nfragments still need to be counted on the driver side to avoid page\nfragment reference counting issues.\n\nSuch issue can be observed with the\ntest_xdp_native_adjst_tail_shrnk_data selftest when using a payload of\n3600 and shrinking by 256 bytes (an upcoming selftest patch): the last\nfragment gets released by the XDP code but doesn't get tracked by the\ndriver. This results in a negative pp_ref_count during page release and\nthe following splat:\n\n  WARNING: include/net/page_pool/helpers.h:297 at mlx5e_page_release_fragmented.isra.0+0x4a/0x50 [mlx5_core], CPU#12: ip/3137\n  Modules linked in: [...]\n  CPU: 12 UID: 0 PID: 3137 Comm: ip Not tainted 6.19.0-rc3+ #12 NONE\n  Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\n  RIP: 0010:mlx5e_page_release_fragmented.isra.0+0x4a/0x50 [mlx5_core]\n  [...]\n  Call Trace:\n   <TASK>\n   mlx5e_dealloc_rx_wqe+0xcb/0x1a0 [mlx5_core]\n   mlx5e_free_rx_descs+0x7f/0x110 [mlx5_core]\n   mlx5e_close_rq+0x50/0x60 [mlx5_core]\n   mlx5e_close_queues+0x36/0x2c0 [mlx5_core]\n   mlx5e_close_channel+0x1c/0x50 [mlx5_core]\n   mlx5e_close_channels+0x45/0x80 [mlx5_core]\n   mlx5e_safe_switch_params+0x1a5/0x230 [mlx5_core]\n   mlx5e_change_mtu+0xf3/0x2f0 [mlx5_core]\n   netif_set_mtu_ext+0xf1/0x230\n   do_setlink.isra.0+0x219/0x1180\n   rtnl_newlink+0x79f/0xb60\n   rtnetlink_rcv_msg+0x213/0x3a0\n   netlink_rcv_skb+0x48/0xf0\n   netlink_unicast+0x24a/0x350\n   netlink_sendmsg+0x1ee/0x410\n   __sock_sendmsg+0x38/0x60\n   ____sys_sendmsg+0x232/0x280\n   ___sys_sendmsg+0x78/0xb0\n   __sys_sendmsg+0x5f/0xb0\n   [...]\n   do_syscall_64+0x57/0xc50\n\nThis patch fixes the issue by doing page frag counting on all the\noriginal XDP buffer fragments for all relevant XDP actions (XDP_TX ,\nXDP_REDIRECT and XDP_PASS). This is basically reverting to the original\ncounting before the commit in the fixes tag.\n\nAs frag_page is still pointing to the original tail, the nr_frags\nparameter to xdp_update_skb_frags_info() needs to be calculated\nin a different way to reflect the new nr_frags."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.115","versionEndExcluding":"6.7","matchCriteriaId":"E81F0DE3-D6B1-41D7-B6E1-1B9D9E102EFA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12.56","versionEndExcluding":"6.13","matchCriteriaId":"6635FA2E-5F6F-4D2C-8880-447F4C4951B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.17.6","versionEndExcluding":"6.18","matchCriteriaId":"8B7EFF9F-4A45-4CD5-85D2-F68BD7D7F5B3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.18.1","versionEndExcluding":"6.18.19","matchCriteriaId":"6F718F75-20D5-4D17-B698-1D1BD5FDE294"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.18:-:*:*:*:*:*:*","matchCriteriaId":"DCE57113-2223-4308-A0F2-5E6ECFBB3C23"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.18:rc3:*:*:*:*:*:*","matchCriteriaId":"26CA425A-E44F-49D2-92D9-1DDD56398440"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.18:rc4:*:*:*:*:*:*","matchCriteriaId":"BEEBB43A-4C9F-46BE-AA6D-9DBFD2244E55"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.18:rc5:*:*:*:*:*:*","matchCriteriaId":"2545FB83-C4A6-4F62-9ED1-09F75D2E3C78"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.18:rc6:*:*:*:*:*:*","matchCriteriaId":"E955EC5D-4684-4B5D-AE4D-F2BF9ADDBA1D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.18:rc7:*:*:*:*:*:*","matchCriteriaId":"38C4D89F-9A13-4D29-8645-C9785C142C07"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/03cb50e5b74fce8bf6d92b860371b66253cf0f8d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a6413e6f6c9d9bb9833324cb3753582f7bc0f2fa","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c74557495efb4bd0adefdfc8678ecdbc82a06da3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43465","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:59.410","lastModified":"2026-05-20T18:38:06.030","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: RX, Fix XDP multi-buf frag counting for striding RQ\n\nXDP multi-buf programs can modify the layout of the XDP buffer when the\nprogram calls bpf_xdp_pull_data() or bpf_xdp_adjust_tail(). The\nreferenced commit in the fixes tag corrected the assumption in the mlx5\ndriver that the XDP buffer layout doesn't change during a program\nexecution. However, this fix introduced another issue: the dropped\nfragments still need to be counted on the driver side to avoid page\nfragment reference counting issues.\n\nThe issue was discovered by the drivers/net/xdp.py selftest,\nmore specifically the test_xdp_native_tx_mb:\n- The mlx5 driver allocates a page_pool page and initializes it with\n  a frag counter of 64 (pp_ref_count=64) and the internal frag counter\n  to 0.\n- The test sends one packet with no payload.\n- On RX (mlx5e_skb_from_cqe_mpwrq_nonlinear()), mlx5 configures the XDP\n  buffer with the packet data starting in the first fragment which is the\n  page mentioned above.\n- The XDP program runs and calls bpf_xdp_pull_data() which moves the\n  header into the linear part of the XDP buffer. As the packet doesn't\n  contain more data, the program drops the tail fragment since it no\n  longer contains any payload (pp_ref_count=63).\n- mlx5 device skips counting this fragment. Internal frag counter\n  remains 0.\n- mlx5 releases all 64 fragments of the page but page pp_ref_count is\n  63 => negative reference counting error.\n\nResulting splat during the test:\n\n  WARNING: CPU: 0 PID: 188225 at ./include/net/page_pool/helpers.h:297 mlx5e_page_release_fragmented.isra.0+0xbd/0xe0 [mlx5_core]\n  Modules linked in: [...]\n  CPU: 0 UID: 0 PID: 188225 Comm: ip Not tainted 6.18.0-rc7_for_upstream_min_debug_2025_12_08_11_44 #1 NONE\n  Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n  RIP: 0010:mlx5e_page_release_fragmented.isra.0+0xbd/0xe0 [mlx5_core]\n  [...]\n  Call Trace:\n   <TASK>\n   mlx5e_free_rx_mpwqe+0x20a/0x250 [mlx5_core]\n   mlx5e_dealloc_rx_mpwqe+0x37/0xb0 [mlx5_core]\n   mlx5e_free_rx_descs+0x11a/0x170 [mlx5_core]\n   mlx5e_close_rq+0x78/0xa0 [mlx5_core]\n   mlx5e_close_queues+0x46/0x2a0 [mlx5_core]\n   mlx5e_close_channel+0x24/0x90 [mlx5_core]\n   mlx5e_close_channels+0x5d/0xf0 [mlx5_core]\n   mlx5e_safe_switch_params+0x2ec/0x380 [mlx5_core]\n   mlx5e_change_mtu+0x11d/0x490 [mlx5_core]\n   mlx5e_change_nic_mtu+0x19/0x30 [mlx5_core]\n   netif_set_mtu_ext+0xfc/0x240\n   do_setlink.isra.0+0x226/0x1100\n   rtnl_newlink+0x7a9/0xba0\n   rtnetlink_rcv_msg+0x220/0x3c0\n   netlink_rcv_skb+0x4b/0xf0\n   netlink_unicast+0x255/0x380\n   netlink_sendmsg+0x1f3/0x420\n   __sock_sendmsg+0x38/0x60\n   ____sys_sendmsg+0x1e8/0x240\n   ___sys_sendmsg+0x7c/0xb0\n   [...]\n   __sys_sendmsg+0x5f/0xb0\n   do_syscall_64+0x55/0xc70\n\nThe problem applies for XDP_PASS as well which is handled in a different\ncode path in the driver.\n\nThis patch fixes the issue by doing page frag counting on all the\noriginal XDP buffer fragments for all relevant XDP actions (XDP_TX ,\nXDP_REDIRECT and XDP_PASS). This is basically reverting to the original\ncounting before the commit in the fixes tag.\n\nAs frag_page is still pointing to the original tail, the nr_frags\nparameter to xdp_update_skb_frags_info() needs to be calculated\nin a different way to reflect the new nr_frags."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.115","versionEndExcluding":"6.7","matchCriteriaId":"E81F0DE3-D6B1-41D7-B6E1-1B9D9E102EFA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12.56","versionEndExcluding":"6.13","matchCriteriaId":"6635FA2E-5F6F-4D2C-8880-447F4C4951B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.17.6","versionEndExcluding":"6.18","matchCriteriaId":"8B7EFF9F-4A45-4CD5-85D2-F68BD7D7F5B3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.18.1","versionEndExcluding":"6.18.19","matchCriteriaId":"6F718F75-20D5-4D17-B698-1D1BD5FDE294"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.18:-:*:*:*:*:*:*","matchCriteriaId":"DCE57113-2223-4308-A0F2-5E6ECFBB3C23"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.18:rc3:*:*:*:*:*:*","matchCriteriaId":"26CA425A-E44F-49D2-92D9-1DDD56398440"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.18:rc4:*:*:*:*:*:*","matchCriteriaId":"BEEBB43A-4C9F-46BE-AA6D-9DBFD2244E55"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.18:rc5:*:*:*:*:*:*","matchCriteriaId":"2545FB83-C4A6-4F62-9ED1-09F75D2E3C78"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.18:rc6:*:*:*:*:*:*","matchCriteriaId":"E955EC5D-4684-4B5D-AE4D-F2BF9ADDBA1D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.18:rc7:*:*:*:*:*:*","matchCriteriaId":"38C4D89F-9A13-4D29-8645-C9785C142C07"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/043bd62f748bc9fd98154037aa598cffbd3c667c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7d7342a18fadcdb70a63b3c930dc63528ce51832","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/db25c42c2e1f9c0d136420fff5e5700f7e771a6f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43471","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:17:00.193","lastModified":"2026-05-20T18:25:59.750","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Fix possible NULL pointer dereference in ufshcd_add_command_trace()\n\nThe kernel log indicates a crash in ufshcd_add_command_trace, due to a NULL\npointer dereference when accessing hwq->id.  This can happen if\nufshcd_mcq_req_to_hwq() returns NULL.\n\nThis patch adds a NULL check for hwq before accessing its id field to\nprevent a kernel crash.\n\nKernel log excerpt:\n[<ffffffd5d192dc4c>] notify_die+0x4c/0x8c\n[<ffffffd5d1814e58>] __die+0x60/0xb0\n[<ffffffd5d1814d64>] die+0x4c/0xe0\n[<ffffffd5d181575c>] die_kernel_fault+0x74/0x88\n[<ffffffd5d1864db4>] __do_kernel_fault+0x314/0x318\n[<ffffffd5d2a3cdf8>] do_page_fault+0xa4/0x5f8\n[<ffffffd5d2a3cd34>] do_translation_fault+0x34/0x54\n[<ffffffd5d1864524>] do_mem_abort+0x50/0xa8\n[<ffffffd5d2a297dc>] el1_abort+0x3c/0x64\n[<ffffffd5d2a29718>] el1h_64_sync_handler+0x44/0xcc\n[<ffffffd5d181133c>] el1h_64_sync+0x80/0x88\n[<ffffffd5d255c1dc>] ufshcd_add_command_trace+0x23c/0x320\n[<ffffffd5d255bad8>] ufshcd_compl_one_cqe+0xa4/0x404\n[<ffffffd5d2572968>] ufshcd_mcq_poll_cqe_lock+0xac/0x104\n[<ffffffd5d11c7460>] ufs_mtk_mcq_intr+0x54/0x74 [ufs_mediatek_mod]\n[<ffffffd5d19ab92c>] __handle_irq_event_percpu+0xc8/0x348\n[<ffffffd5d19abca8>] handle_irq_event+0x3c/0xa8\n[<ffffffd5d19b1f0c>] handle_fasteoi_irq+0xf8/0x294\n[<ffffffd5d19aa778>] generic_handle_domain_irq+0x54/0x80\n[<ffffffd5d18102bc>] gic_handle_irq+0x1d4/0x330\n[<ffffffd5d1838210>] call_on_irq_stack+0x44/0x68\n[<ffffffd5d183af30>] do_interrupt_handler+0x78/0xd8\n[<ffffffd5d2a29c00>] el1_interrupt+0x48/0xa8\n[<ffffffd5d2a29ba8>] el1h_64_irq_handler+0x14/0x24\n[<ffffffd5d18113c4>] el1h_64_irq+0x80/0x88\n[<ffffffd5d2527fb4>] arch_local_irq_enable+0x4/0x1c\n[<ffffffd5d25282e4>] cpuidle_enter+0x34/0x54\n[<ffffffd5d195a678>] do_idle+0x1dc/0x2f8\n[<ffffffd5d195a7c4>] cpu_startup_entry+0x30/0x3c\n[<ffffffd5d18155c4>] secondary_start_kernel+0x134/0x1ac\n[<ffffffd5d18640bc>] __secondary_switched+0xc4/0xcc"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.41","versionEndExcluding":"6.6.130","matchCriteriaId":"26D3BD9B-33D9-4B3C-9FAA-E5BA5D7900AF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.9.10","versionEndExcluding":"6.10","matchCriteriaId":"9B0E24EE-A06E-497B-BF65-1F0729D0A2C3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.10.1","versionEndExcluding":"6.12.78","matchCriteriaId":"DC42FFE4-BBBB-48E5-AD62-DA7FEAD2DD43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.10:-:*:*:*:*:*:*","matchCriteriaId":"9EA80796-744E-45F5-8632-2AB4F7889FCD"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0614f5618c24fbc3d555efade22887b102ad7ad6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/30df81f2228d65bddf492db3929d9fcaffd38fc5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/93b9e7ee9e93629db80bbc9dab8a874215b89ccf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/be730f9ee92ae08f2bc4b336967bcfd8183c06fe","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f4f590c6c9df7453bbda2ef9170b1b09e42a124c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-4802","sourceIdentifier":"secalert@redhat.com","published":"2026-05-11T14:16:31.550","lastModified":"2026-05-20T21:16:17.973","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface (UI). An attacker can inject shell metacharacters and command substitutions into these parameters, leading to the execution of arbitrary shell commands on the affected system. This could result in a complete system compromise."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":5.9}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-4802","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451155","source":"secalert@redhat.com"},{"url":"https://github.com/cockpit-project/cockpit/blob/e204cd130/pkg/systemd/logsJournal.jsx#L206-L210","source":"secalert@redhat.com"},{"url":"http://www.openwall.com/lists/oss-security/2026/05/20/19","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-43995","sourceIdentifier":"security-advisories@github.com","published":"2026-05-11T18:16:37.660","lastModified":"2026-05-20T18:41:54.780","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, multiple tool implementations directly import and invoke raw HTTP clients (node-fetch, axios) instead of using the secured wrapper. These tools include (1) OpenAPIToolkit/OpenAPIToolkit.ts, (2) WebScraperTool/WebScraperTool.ts, (3) MCP/core.ts, and (4) Arxiv/core.ts. This vulnerability is fixed in 3.1.0."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:flowiseai:flowise:*:*:*:*:*:*:*:*","versionEndExcluding":"3.1.0","matchCriteriaId":"CB30DB8F-4F72-4FD3-90FB-8331F1CBB78E"}]}]}],"references":[{"url":"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-qqvm-66q4-vf5c","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-qqvm-66q4-vf5c","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-40367","sourceIdentifier":"secure@microsoft.com","published":"2026-05-12T18:17:15.760","lastModified":"2026-05-21T00:16:29.623","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally."}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":5.9}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-822"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*","matchCriteriaId":"3259EBFE-AE2D-48B8-BE9A-E22BBDB31378"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*","matchCriteriaId":"CD25F492-9272-4836-832C-8439EBE64CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*","matchCriteriaId":"CF5DDD09-902E-4881-98D0-CB896333B4AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*","matchCriteriaId":"26A3B226-5D7C-4556-9350-5222DC8EFC2C"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x64:*","matchCriteriaId":"851BAC4E-9965-4F40-9A6C-B73D9004F4C1"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x86:*","matchCriteriaId":"23B2FA23-76F4-4D83-A718-B8D04D7EA37B"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*","matchCriteriaId":"BF0E8112-5B6F-4E55-8E40-38ADCF6FC654"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x64:*","matchCriteriaId":"D31E509A-0B2E-4B41-88C4-0099E800AFE6"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x86:*","matchCriteriaId":"017A7041-BEF1-4E4E-AC8A-EFC6AFEB01FE"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:macos:*:*","matchCriteriaId":"EF3E56B5-E6A6-4061-9380-D421E52B9199"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*","versionEndExcluding":"16.0.19725.20280","matchCriteriaId":"E9919927-DE08-4AE4-B9F6-2A83117EE14A"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*","matchCriteriaId":"F815EF1D-7B60-47BE-9AC2-2548F99F10E4"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*","matchCriteriaId":"6122D014-5BF1-4AF4-8B4D-80205ED7785E"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:x64:*","matchCriteriaId":"E1FE9E95-4874-46EF-AC93-9E485F7A2AC0"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:x86:*","matchCriteriaId":"38479B5D-66F9-4260-A18A-F6E3D9B6991E"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40367","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-34645","sourceIdentifier":"psirt@adobe.com","published":"2026-05-12T20:16:35.423","lastModified":"2026-05-20T17:28:44.570","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user interaction."}],"metrics":{"cvssMetricV31":[{"source":"psirt@adobe.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"psirt@adobe.com","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.4","matchCriteriaId":"76AAB57F-7723-44E0-B91A-9F120C849AC4"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*","matchCriteriaId":"D258D9EF-94FB-41F0-A7A5-7F66FA7A0055"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*","matchCriteriaId":"4E5CF6F0-2388-4D3F-8FE1-43B8AF148564"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*","matchCriteriaId":"1C3D7164-1C5F-40BC-9EEC-B0E00CD45808"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*","matchCriteriaId":"68AAE162-5957-42AF-BE20-40F341837FAC"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p12:*:*:*:*:*:*","matchCriteriaId":"D9D01159-3309-4F6B-93B0-2D89DDD33DEE"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p13:*:*:*:*:*:*","matchCriteriaId":"91736E79-D8E7-4AF2-8E01-A7B4EB8AD6F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p14:*:*:*:*:*:*","matchCriteriaId":"8412C043-64E7-4DFF-A303-13A6FE113BFB"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p15:*:*:*:*:*:*","matchCriteriaId":"BBDA2BCF-E784-4CF3-B30D-6FF5BEE2055F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p16:*:*:*:*:*:*","matchCriteriaId":"00909C10-6C93-4735-94ED-18DCBD608A28"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p17:*:*:*:*:*:*","matchCriteriaId":"C6F35FE6-853D-4EC6-8A4F-07F4ABD6301A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*","matchCriteriaId":"D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*","matchCriteriaId":"CFEBDDF2-6443-4482-83B2-3CD272CF599F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*","matchCriteriaId":"6661093F-8D22-450F-BC6C-A8894A52E6A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*","matchCriteriaId":"2515DA6D-2E74-4A05-BD29-FEEF3322BCB6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*","matchCriteriaId":"69A1F1F7-E53C-40F3-B3D9-DC011FC353BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*","matchCriteriaId":"6A56E96C-6CE5-442C-AA88-F0059B02B5E7"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*","matchCriteriaId":"8867F510-201C-4199-8554-53DE156CE669"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*","matchCriteriaId":"23988132-DD4E-4968-B6B8-954122F76081"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*","matchCriteriaId":"9B07F7B2-E915-4EFF-8FFC-91143CEF082E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*","matchCriteriaId":"7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*","matchCriteriaId":"5764CC97-C866-415D-A3A1-5B5B9E1C06A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p11:*:*:*:*:*:*","matchCriteriaId":"E82D10D8-2894-4E5B-B47B-F00964DD5CDE"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p12:*:*:*:*:*:*","matchCriteriaId":"B044F2D9-E888-4852-8A40-DCE688860ED3"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p13:*:*:*:*:*:*","matchCriteriaId":"6423C754-36F9-4680-9211-60940ED63E79"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p14:*:*:*:*:*:*","matchCriteriaId":"3472064A-8C79-436B-965A-96834AE8D346"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p15:*:*:*:*:*:*","matchCriteriaId":"CDA8ABEB-F955-4D34-8219-C518B49F5543"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p16:*:*:*:*:*:*","matchCriteriaId":"55D6A6BD-9E63-448A-A286-437EA1580CEF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*","matchCriteriaId":"8605E4E6-0F7D-42C8-B35B-2349A0BEFC69"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*","matchCriteriaId":"B6318F97-E59A-4425-8DC7-045C78A644F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*","matchCriteriaId":"324A573E-DBC8-42A0-8CB8-EDD8FBAB7115"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*","matchCriteriaId":"54151A00-CFB8-4E6A-8E74-497CB67BF7E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*","matchCriteriaId":"6DF0E74D-9293-4209-97D1-A3BA13C3DDE9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*","matchCriteriaId":"8922D646-1A97-47ED-91C6-5A426781C98A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*","matchCriteriaId":"952787C6-9BF1-49FB-9824-1236678E1902"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*","matchCriteriaId":"898A8679-3C46-4718-9EDF-583ADDFCF2EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*","matchCriteriaId":"7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*","matchCriteriaId":"D6086841-C175-46A1-8414-71C6163A0E7A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p10:*:*:*:*:*:*","matchCriteriaId":"E57889CC-3E90-46AF-9CD6-3328DD501AD1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p11:*:*:*:*:*:*","matchCriteriaId":"47A86566-DE38-4032-947D-B6181F0BC120"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p12:*:*:*:*:*:*","matchCriteriaId":"B7D1D684-CE7E-4D6D-95B5-1F86A8DB6C66"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p13:*:*:*:*:*:*","matchCriteriaId":"CABF5BD0-1D06-483D-91D3-A773D99EF217"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p14:*:*:*:*:*:*","matchCriteriaId":"33512239-B316-4FE7-94F0-ABD30900238B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*","matchCriteriaId":"D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*","matchCriteriaId":"A576B1B5-73A2-431E-998F-7E5458B51D6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*","matchCriteriaId":"0E05F4AC-2A28-47E3-96DE-0E31AF73CD43"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*","matchCriteriaId":"3A9A62EE-1649-4815-8EC9-7AEF7949EB2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*","matchCriteriaId":"E58690F9-FA9C-42A0-B4CD-91FD1197A53E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*","matchCriteriaId":"77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*","matchCriteriaId":"8B83729E-80AF-47CE-A70C-32BF83024A40"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p9:*:*:*:*:*:*","matchCriteriaId":"73D22D42-646D-4955-A6F9-9B7BA63DC0A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*","matchCriteriaId":"B5D04853-0C2F-47DD-A939-3A8F6E22CB7D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*","matchCriteriaId":"6EBB0608-034B-4F07-A59B-9E6A989BA260"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*","matchCriteriaId":"B3BF9B08-84E3-4974-9DEB-F4285995D796"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:beta3:*:*:*:*:*:*","matchCriteriaId":"7771BEDB-05E2-430E-B2A2-E2F7574B7114"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*","matchCriteriaId":"2E05341A-C70C-4B3D-AF30-9520D6B97D30"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*","matchCriteriaId":"4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*","matchCriteriaId":"95026AA9-A28B-4D94-BD77-7628429EBA30"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p4:*:*:*:*:*:*","matchCriteriaId":"83FD1220-7D46-42B2-8110-30A934144572"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p5:*:*:*:*:*:*","matchCriteriaId":"3F1439CE-8A3B-414A-B974-559209FF480C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p6:*:*:*:*:*:*","matchCriteriaId":"13726DEE-FFCB-447B-9FFF-136F132F2C4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p7:*:*:*:*:*:*","matchCriteriaId":"1A9443CE-AE1F-4D66-9C88-5E2E3FD28EE6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p8:*:*:*:*:*:*","matchCriteriaId":"B5E29EF8-2569-4258-A66F-E1E5F621E0D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p9:*:*:*:*:*:*","matchCriteriaId":"141DC3FF-68ED-429D-B10F-3C61B1399513"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:-:*:*:*:*:*:*","matchCriteriaId":"1EE12F4B-5607-4790-A29B-EE23383BCC1A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*","matchCriteriaId":"6D05A958-9749-486A-A149-C21647CDCADF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:beta2:*:*:*:*:*:*","matchCriteriaId":"C9E12B43-AD3E-48A2-9042-5586186CA3BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p1:*:*:*:*:*:*","matchCriteriaId":"C267AF14-7BA8-4D1F-BCD9-BE3ED0DA3D25"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p2:*:*:*:*:*:*","matchCriteriaId":"B4947C63-CFD9-437B-A09E-A197DCE40095"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p3:*:*:*:*:*:*","matchCriteriaId":"7FB6D020-2E5C-4789-A063-2C907F3CF3FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p4:*:*:*:*:*:*","matchCriteriaId":"A607D50D-B385-41F3-B1A9-3B21F52F2386"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.9:beta1:*:*:*:*:*:*","matchCriteriaId":"E4800556-D9A9-41AA-84A8-610BDAE2DE24"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*","versionEndExcluding":"1.3.3","matchCriteriaId":"28120C2E-10AD-4476-B6C3-BE3A43946068"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*","matchCriteriaId":"C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p1:*:*:*:*:*:*","matchCriteriaId":"E396FB4F-B20A-4BF9-8FBD-014A0F197F08"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*","matchCriteriaId":"2ADE32D1-2845-4030-BE1F-ECE28189D0F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*","matchCriteriaId":"F2E771C9-86C4-455C-98D4-6F4FE7A9A822"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:*:*:*:*:*:*","matchCriteriaId":"491AB715-F62A-46DB-A56E-055CF7CB7BEF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p13:*:*:*:*:*:*","matchCriteriaId":"6FE364A8-4780-426F-9E8A-284A31FE2623"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p14:*:*:*:*:*:*","matchCriteriaId":"F9258027-8A6A-4C6A-BC6F-349B6E03D828"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p15:*:*:*:*:*:*","matchCriteriaId":"934C52C7-8751-481E-BAA7-F631C4E31F32"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p16:*:*:*:*:*:*","matchCriteriaId":"D3C5847F-57AA-4ADA-8997-5D4F5FDFF50E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p17:*:*:*:*:*:*","matchCriteriaId":"12F8A820-8F52-4214-9EB3-DFEA5C89D738"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p2:*:*:*:*:*:*","matchCriteriaId":"5677B7E2-FA07-4536-96A9-2C64BEFD3751"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p3:*:*:*:*:*:*","matchCriteriaId":"2DCD1522-6E27-474F-9FC6-413409D6AD55"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p4:*:*:*:*:*:*","matchCriteriaId":"B7968FCA-CCFD-4222-8FB8-E6E21107944F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p5:*:*:*:*:*:*","matchCriteriaId":"8C175A1F-7814-4C51-A7B7-AD5140F0688F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p6:*:*:*:*:*:*","matchCriteriaId":"E66CBFB3-40C3-474A-A3A3-12135F610814"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p7:*:*:*:*:*:*","matchCriteriaId":"F51DFA17-1875-41A9-B141-D89BB6238B3F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p8:*:*:*:*:*:*","matchCriteriaId":"5A4D10EF-9137-4DF5-A5DD-97907E8B4C02"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p9:*:*:*:*:*:*","matchCriteriaId":"5CD0DC76-7181-4954-A59E-AB7BB47D0576"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*","matchCriteriaId":"1C90C433-6655-4038-9AB3-0304C1AFF360"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p1:*:*:*:*:*:*","matchCriteriaId":"374E7EDD-512A-4633-A136-01A656935334"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*","matchCriteriaId":"89BAB227-03E6-4776-ADE4-9D9CB666EFD9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p11:*:*:*:*:*:*","matchCriteriaId":"0E5ACABA-D6D6-4F29-A9DD-5A04A44ABE64"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p12:*:*:*:*:*:*","matchCriteriaId":"FA80AFCE-2663-46C0-AEC0-C16C8E675E6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p13:*:*:*:*:*:*","matchCriteriaId":"EB9955CA-7E7B-40D3-A85D-58BB0D9AC897"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p14:*:*:*:*:*:*","matchCriteriaId":"5D0A17AC-D433-47C2-A1AC-88291DCCECCD"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p15:*:*:*:*:*:*","matchCriteriaId":"7E0FD85B-E851-436D-A789-852DD26A3B56"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p16:*:*:*:*:*:*","matchCriteriaId":"435DFE49-8BCF-4F74-856C-141037F8666B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p2:*:*:*:*:*:*","matchCriteriaId":"0E9D364A-C858-4160-8B8B-33ECF94796D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p3:*:*:*:*:*:*","matchCriteriaId":"61559E50-581E-40FF-9FD4-10192ECFCD04"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p4:*:*:*:*:*:*","matchCriteriaId":"DE3BFB41-5633-4167-B1EA-9E958BCE9DC2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p5:*:*:*:*:*:*","matchCriteriaId":"F2C525D2-837D-486A-8B38-5634AE2ECE2B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p6:*:*:*:*:*:*","matchCriteriaId":"6F220229-F2DF-4C9D-90A6-8B09F8BE3391"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p7:*:*:*:*:*:*","matchCriteriaId":"63AB9506-3F8E-4C2E-A859-2380431C15A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p8:*:*:*:*:*:*","matchCriteriaId":"51B76658-EA6B-4AC9-9D9C-374C5308D069"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*","matchCriteriaId":"6E94B136-7A2C-47F0-BCE4-6BB8E776A305"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*","matchCriteriaId":"15C638A8-EFE0-47DB-B1F9-34093AF0FC17"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*","matchCriteriaId":"CB863404-A9D7-4692-AB43-08945E669928"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*","matchCriteriaId":"D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*","matchCriteriaId":"A21F608C-C356-47B8-8FBB-DB28BABFC4C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p4:*:*:*:*:*:*","matchCriteriaId":"E14195F1-5016-46BE-A614-6FB4E312FC93"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p5:*:*:*:*:*:*","matchCriteriaId":"9C360EA8-B18F-4327-90EF-7EED2892BE4F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p6:*:*:*:*:*:*","matchCriteriaId":"500E3A54-D7C7-4887-9EA6-7DF85389A831"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p7:*:*:*:*:*:*","matchCriteriaId":"ED6FFC1D-E921-4FF7-9928-015630613FE1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p8:*:*:*:*:*:*","matchCriteriaId":"FB8CAC6E-DA06-4C82-B148-38234D4EB910"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p9:*:*:*:*:*:*","matchCriteriaId":"CEC04530-DA8F-4411-8C55-9291F5CBBC8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:-:*:*:*:*:*:*","matchCriteriaId":"D855D141-7876-4F5A-91BE-6350DD379879"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p1:*:*:*:*:*:*","matchCriteriaId":"79CBDF59-EB84-44D3-81CF-5CBF943B411E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p2:*:*:*:*:*:*","matchCriteriaId":"2117B163-D88E-4EB4-AEA7-F27FB732BD48"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p3:*:*:*:*:*:*","matchCriteriaId":"33E56E15-320F-4517-85C1-832A5942944C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p4:*:*:*:*:*:*","matchCriteriaId":"F50271FB-D419-4F63-A4CE-ED94C202AE8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.3:beta1:*:*:*:*:*:*","matchCriteriaId":"6A4BB895-9ECD-4026-9AC0-345F9AB817E1"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*","versionEndExcluding":"2.4.6","matchCriteriaId":"371EC52C-661F-45E9-B010-7E92E829684B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*","matchCriteriaId":"789BD987-9DAD-4EAE-93DE-0E267D54F124"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*","matchCriteriaId":"A3F113C0-00C5-4BC2-B42B-8AE3756252F2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p10:*:*:open_source:*:*:*","matchCriteriaId":"AE842CC8-7795-4238-B727-0BA2FFFBF62C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p11:*:*:open_source:*:*:*","matchCriteriaId":"AE724531-422D-4ABB-98F5-2C0B1BBEF031"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p12:*:*:open_source:*:*:*","matchCriteriaId":"BB499397-0E40-45B0-A7E9-BEFCC909DD07"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p13:*:*:open_source:*:*:*","matchCriteriaId":"0F972E57-B08E-46DF-88F1-A3002F001E83"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p14:*:*:open_source:*:*:*","matchCriteriaId":"F2DB3C10-65DF-4642-B581-8BE75FA2FAFA"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*","matchCriteriaId":"02592D65-2D2C-460A-A970-8A18F9B156ED"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*","matchCriteriaId":"457B89CF-C75E-4ED6-8603-9C52BA462A9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*","matchCriteriaId":"A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*","matchCriteriaId":"2A2DD9C6-BAF5-4DF5-9C14-3478923B2019"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*","matchCriteriaId":"BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*","matchCriteriaId":"2AA0B806-ABB8-4C18-9F9C-8291BE208F52"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*","matchCriteriaId":"AA9D4DAB-7567-48D7-BE60-2A10B35CFF27"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p9:*:*:open_source:*:*:*","matchCriteriaId":"A91E797D-63F6-4DE8-869C-AF0133DC6C03"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*","matchCriteriaId":"0E06FE04-8844-4409-92D9-4972B47C921B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*","matchCriteriaId":"99C620F3-40ED-4D7F-B6A1-205E948FD6F5"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*","matchCriteriaId":"FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:beta3:*:*:open_source:*:*:*","matchCriteriaId":"7EB4B9C5-513C-4039-8087-5E8880894318"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*","matchCriteriaId":"9C77154A-DBFE-48C3-A274-03075A0DB040"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*","matchCriteriaId":"F5AAC414-623C-444F-9BD5-EE0ACE2B2246"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*","matchCriteriaId":"8292888D-B0B0-4DF3-8719-EA4CDCAB39D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p4:*:*:open_source:*:*:*","matchCriteriaId":"9830E074-FDCF-41E9-98C7-10C20424EF4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p5:*:*:open_source:*:*:*","matchCriteriaId":"9D0C8648-B39E-47C7-AA5C-3AFED22F8D40"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p6:*:*:open_source:*:*:*","matchCriteriaId":"082F8B60-ECC5-4C55-BBFE-A0C8A3E95590"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p7:*:*:open_source:*:*:*","matchCriteriaId":"A7B83AD4-3134-414A-80E3-106C3C0F975A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p8:*:*:open_source:*:*:*","matchCriteriaId":"FAA14D5B-ACF2-497B-ACE7-33C42682D2DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p9:*:*:open_source:*:*:*","matchCriteriaId":"FCD04DB8-77E6-47FA-957C-F41530DC45E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:-:*:*:open_source:*:*:*","matchCriteriaId":"00E8284F-10CD-449C-AEF1-688B8287292F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*","matchCriteriaId":"59C10C74-FDB1-46EC-8F41-F3AC24AEFB7D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:beta2:*:*:open_source:*:*:*","matchCriteriaId":"2957B390-52C5-48D7-A6D7-709BC76B9C69"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p1:*:*:open_source:*:*:*","matchCriteriaId":"524F64B6-F7F7-4926-884F-E9448636007C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p2:*:*:open_source:*:*:*","matchCriteriaId":"9F56F919-69B6-4A77-B8CE-F13409542F14"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p3:*:*:open_source:*:*:*","matchCriteriaId":"F81D46F6-AEA3-4A83-A6F5-2231FD4CEC46"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p4:*:*:open_source:*:*:*","matchCriteriaId":"10A2F717-827A-424E-8DBA-CABED7C70A08"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.9:beta1:*:*:open_source:*:*:*","matchCriteriaId":"ED72E42E-7F55-4FEE-B936-B5EE688BF4E0"}]}]}],"references":[{"url":"https://helpx.adobe.com/security/products/magento/apsb26-49.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-34646","sourceIdentifier":"psirt@adobe.com","published":"2026-05-12T20:16:35.560","lastModified":"2026-05-20T17:28:28.863","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user interaction."}],"metrics":{"cvssMetricV31":[{"source":"psirt@adobe.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"psirt@adobe.com","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.4","matchCriteriaId":"76AAB57F-7723-44E0-B91A-9F120C849AC4"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*","matchCriteriaId":"D258D9EF-94FB-41F0-A7A5-7F66FA7A0055"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*","matchCriteriaId":"4E5CF6F0-2388-4D3F-8FE1-43B8AF148564"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*","matchCriteriaId":"1C3D7164-1C5F-40BC-9EEC-B0E00CD45808"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*","matchCriteriaId":"68AAE162-5957-42AF-BE20-40F341837FAC"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p12:*:*:*:*:*:*","matchCriteriaId":"D9D01159-3309-4F6B-93B0-2D89DDD33DEE"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p13:*:*:*:*:*:*","matchCriteriaId":"91736E79-D8E7-4AF2-8E01-A7B4EB8AD6F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p14:*:*:*:*:*:*","matchCriteriaId":"8412C043-64E7-4DFF-A303-13A6FE113BFB"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p15:*:*:*:*:*:*","matchCriteriaId":"BBDA2BCF-E784-4CF3-B30D-6FF5BEE2055F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p16:*:*:*:*:*:*","matchCriteriaId":"00909C10-6C93-4735-94ED-18DCBD608A28"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p17:*:*:*:*:*:*","matchCriteriaId":"C6F35FE6-853D-4EC6-8A4F-07F4ABD6301A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*","matchCriteriaId":"D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*","matchCriteriaId":"CFEBDDF2-6443-4482-83B2-3CD272CF599F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*","matchCriteriaId":"6661093F-8D22-450F-BC6C-A8894A52E6A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*","matchCriteriaId":"2515DA6D-2E74-4A05-BD29-FEEF3322BCB6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*","matchCriteriaId":"69A1F1F7-E53C-40F3-B3D9-DC011FC353BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*","matchCriteriaId":"6A56E96C-6CE5-442C-AA88-F0059B02B5E7"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*","matchCriteriaId":"8867F510-201C-4199-8554-53DE156CE669"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*","matchCriteriaId":"23988132-DD4E-4968-B6B8-954122F76081"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*","matchCriteriaId":"9B07F7B2-E915-4EFF-8FFC-91143CEF082E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*","matchCriteriaId":"7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*","matchCriteriaId":"5764CC97-C866-415D-A3A1-5B5B9E1C06A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p11:*:*:*:*:*:*","matchCriteriaId":"E82D10D8-2894-4E5B-B47B-F00964DD5CDE"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p12:*:*:*:*:*:*","matchCriteriaId":"B044F2D9-E888-4852-8A40-DCE688860ED3"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p13:*:*:*:*:*:*","matchCriteriaId":"6423C754-36F9-4680-9211-60940ED63E79"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p14:*:*:*:*:*:*","matchCriteriaId":"3472064A-8C79-436B-965A-96834AE8D346"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p15:*:*:*:*:*:*","matchCriteriaId":"CDA8ABEB-F955-4D34-8219-C518B49F5543"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p16:*:*:*:*:*:*","matchCriteriaId":"55D6A6BD-9E63-448A-A286-437EA1580CEF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*","matchCriteriaId":"8605E4E6-0F7D-42C8-B35B-2349A0BEFC69"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*","matchCriteriaId":"B6318F97-E59A-4425-8DC7-045C78A644F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*","matchCriteriaId":"324A573E-DBC8-42A0-8CB8-EDD8FBAB7115"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*","matchCriteriaId":"54151A00-CFB8-4E6A-8E74-497CB67BF7E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*","matchCriteriaId":"6DF0E74D-9293-4209-97D1-A3BA13C3DDE9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*","matchCriteriaId":"8922D646-1A97-47ED-91C6-5A426781C98A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*","matchCriteriaId":"952787C6-9BF1-49FB-9824-1236678E1902"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*","matchCriteriaId":"898A8679-3C46-4718-9EDF-583ADDFCF2EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*","matchCriteriaId":"7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*","matchCriteriaId":"D6086841-C175-46A1-8414-71C6163A0E7A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p10:*:*:*:*:*:*","matchCriteriaId":"E57889CC-3E90-46AF-9CD6-3328DD501AD1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p11:*:*:*:*:*:*","matchCriteriaId":"47A86566-DE38-4032-947D-B6181F0BC120"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p12:*:*:*:*:*:*","matchCriteriaId":"B7D1D684-CE7E-4D6D-95B5-1F86A8DB6C66"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p13:*:*:*:*:*:*","matchCriteriaId":"CABF5BD0-1D06-483D-91D3-A773D99EF217"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p14:*:*:*:*:*:*","matchCriteriaId":"33512239-B316-4FE7-94F0-ABD30900238B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*","matchCriteriaId":"D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*","matchCriteriaId":"A576B1B5-73A2-431E-998F-7E5458B51D6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*","matchCriteriaId":"0E05F4AC-2A28-47E3-96DE-0E31AF73CD43"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*","matchCriteriaId":"3A9A62EE-1649-4815-8EC9-7AEF7949EB2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*","matchCriteriaId":"E58690F9-FA9C-42A0-B4CD-91FD1197A53E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*","matchCriteriaId":"77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*","matchCriteriaId":"8B83729E-80AF-47CE-A70C-32BF83024A40"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p9:*:*:*:*:*:*","matchCriteriaId":"73D22D42-646D-4955-A6F9-9B7BA63DC0A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*","matchCriteriaId":"B5D04853-0C2F-47DD-A939-3A8F6E22CB7D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*","matchCriteriaId":"6EBB0608-034B-4F07-A59B-9E6A989BA260"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*","matchCriteriaId":"B3BF9B08-84E3-4974-9DEB-F4285995D796"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:beta3:*:*:*:*:*:*","matchCriteriaId":"7771BEDB-05E2-430E-B2A2-E2F7574B7114"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*","matchCriteriaId":"2E05341A-C70C-4B3D-AF30-9520D6B97D30"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*","matchCriteriaId":"4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*","matchCriteriaId":"95026AA9-A28B-4D94-BD77-7628429EBA30"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p4:*:*:*:*:*:*","matchCriteriaId":"83FD1220-7D46-42B2-8110-30A934144572"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p5:*:*:*:*:*:*","matchCriteriaId":"3F1439CE-8A3B-414A-B974-559209FF480C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p6:*:*:*:*:*:*","matchCriteriaId":"13726DEE-FFCB-447B-9FFF-136F132F2C4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p7:*:*:*:*:*:*","matchCriteriaId":"1A9443CE-AE1F-4D66-9C88-5E2E3FD28EE6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p8:*:*:*:*:*:*","matchCriteriaId":"B5E29EF8-2569-4258-A66F-E1E5F621E0D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p9:*:*:*:*:*:*","matchCriteriaId":"141DC3FF-68ED-429D-B10F-3C61B1399513"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:-:*:*:*:*:*:*","matchCriteriaId":"1EE12F4B-5607-4790-A29B-EE23383BCC1A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*","matchCriteriaId":"6D05A958-9749-486A-A149-C21647CDCADF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:beta2:*:*:*:*:*:*","matchCriteriaId":"C9E12B43-AD3E-48A2-9042-5586186CA3BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p1:*:*:*:*:*:*","matchCriteriaId":"C267AF14-7BA8-4D1F-BCD9-BE3ED0DA3D25"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p2:*:*:*:*:*:*","matchCriteriaId":"B4947C63-CFD9-437B-A09E-A197DCE40095"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p3:*:*:*:*:*:*","matchCriteriaId":"7FB6D020-2E5C-4789-A063-2C907F3CF3FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p4:*:*:*:*:*:*","matchCriteriaId":"A607D50D-B385-41F3-B1A9-3B21F52F2386"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.9:beta1:*:*:*:*:*:*","matchCriteriaId":"E4800556-D9A9-41AA-84A8-610BDAE2DE24"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*","versionEndExcluding":"1.3.3","matchCriteriaId":"28120C2E-10AD-4476-B6C3-BE3A43946068"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*","matchCriteriaId":"C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p1:*:*:*:*:*:*","matchCriteriaId":"E396FB4F-B20A-4BF9-8FBD-014A0F197F08"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*","matchCriteriaId":"2ADE32D1-2845-4030-BE1F-ECE28189D0F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*","matchCriteriaId":"F2E771C9-86C4-455C-98D4-6F4FE7A9A822"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:*:*:*:*:*:*","matchCriteriaId":"491AB715-F62A-46DB-A56E-055CF7CB7BEF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p13:*:*:*:*:*:*","matchCriteriaId":"6FE364A8-4780-426F-9E8A-284A31FE2623"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p14:*:*:*:*:*:*","matchCriteriaId":"F9258027-8A6A-4C6A-BC6F-349B6E03D828"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p15:*:*:*:*:*:*","matchCriteriaId":"934C52C7-8751-481E-BAA7-F631C4E31F32"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p16:*:*:*:*:*:*","matchCriteriaId":"D3C5847F-57AA-4ADA-8997-5D4F5FDFF50E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p17:*:*:*:*:*:*","matchCriteriaId":"12F8A820-8F52-4214-9EB3-DFEA5C89D738"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p2:*:*:*:*:*:*","matchCriteriaId":"5677B7E2-FA07-4536-96A9-2C64BEFD3751"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p3:*:*:*:*:*:*","matchCriteriaId":"2DCD1522-6E27-474F-9FC6-413409D6AD55"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p4:*:*:*:*:*:*","matchCriteriaId":"B7968FCA-CCFD-4222-8FB8-E6E21107944F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p5:*:*:*:*:*:*","matchCriteriaId":"8C175A1F-7814-4C51-A7B7-AD5140F0688F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p6:*:*:*:*:*:*","matchCriteriaId":"E66CBFB3-40C3-474A-A3A3-12135F610814"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p7:*:*:*:*:*:*","matchCriteriaId":"F51DFA17-1875-41A9-B141-D89BB6238B3F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p8:*:*:*:*:*:*","matchCriteriaId":"5A4D10EF-9137-4DF5-A5DD-97907E8B4C02"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p9:*:*:*:*:*:*","matchCriteriaId":"5CD0DC76-7181-4954-A59E-AB7BB47D0576"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*","matchCriteriaId":"1C90C433-6655-4038-9AB3-0304C1AFF360"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p1:*:*:*:*:*:*","matchCriteriaId":"374E7EDD-512A-4633-A136-01A656935334"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*","matchCriteriaId":"89BAB227-03E6-4776-ADE4-9D9CB666EFD9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p11:*:*:*:*:*:*","matchCriteriaId":"0E5ACABA-D6D6-4F29-A9DD-5A04A44ABE64"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p12:*:*:*:*:*:*","matchCriteriaId":"FA80AFCE-2663-46C0-AEC0-C16C8E675E6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p13:*:*:*:*:*:*","matchCriteriaId":"EB9955CA-7E7B-40D3-A85D-58BB0D9AC897"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p14:*:*:*:*:*:*","matchCriteriaId":"5D0A17AC-D433-47C2-A1AC-88291DCCECCD"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p15:*:*:*:*:*:*","matchCriteriaId":"7E0FD85B-E851-436D-A789-852DD26A3B56"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p16:*:*:*:*:*:*","matchCriteriaId":"435DFE49-8BCF-4F74-856C-141037F8666B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p2:*:*:*:*:*:*","matchCriteriaId":"0E9D364A-C858-4160-8B8B-33ECF94796D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p3:*:*:*:*:*:*","matchCriteriaId":"61559E50-581E-40FF-9FD4-10192ECFCD04"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p4:*:*:*:*:*:*","matchCriteriaId":"DE3BFB41-5633-4167-B1EA-9E958BCE9DC2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p5:*:*:*:*:*:*","matchCriteriaId":"F2C525D2-837D-486A-8B38-5634AE2ECE2B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p6:*:*:*:*:*:*","matchCriteriaId":"6F220229-F2DF-4C9D-90A6-8B09F8BE3391"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p7:*:*:*:*:*:*","matchCriteriaId":"63AB9506-3F8E-4C2E-A859-2380431C15A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p8:*:*:*:*:*:*","matchCriteriaId":"51B76658-EA6B-4AC9-9D9C-374C5308D069"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*","matchCriteriaId":"6E94B136-7A2C-47F0-BCE4-6BB8E776A305"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*","matchCriteriaId":"15C638A8-EFE0-47DB-B1F9-34093AF0FC17"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*","matchCriteriaId":"CB863404-A9D7-4692-AB43-08945E669928"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*","matchCriteriaId":"D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*","matchCriteriaId":"A21F608C-C356-47B8-8FBB-DB28BABFC4C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p4:*:*:*:*:*:*","matchCriteriaId":"E14195F1-5016-46BE-A614-6FB4E312FC93"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p5:*:*:*:*:*:*","matchCriteriaId":"9C360EA8-B18F-4327-90EF-7EED2892BE4F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p6:*:*:*:*:*:*","matchCriteriaId":"500E3A54-D7C7-4887-9EA6-7DF85389A831"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p7:*:*:*:*:*:*","matchCriteriaId":"ED6FFC1D-E921-4FF7-9928-015630613FE1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p8:*:*:*:*:*:*","matchCriteriaId":"FB8CAC6E-DA06-4C82-B148-38234D4EB910"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p9:*:*:*:*:*:*","matchCriteriaId":"CEC04530-DA8F-4411-8C55-9291F5CBBC8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:-:*:*:*:*:*:*","matchCriteriaId":"D855D141-7876-4F5A-91BE-6350DD379879"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p1:*:*:*:*:*:*","matchCriteriaId":"79CBDF59-EB84-44D3-81CF-5CBF943B411E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p2:*:*:*:*:*:*","matchCriteriaId":"2117B163-D88E-4EB4-AEA7-F27FB732BD48"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p3:*:*:*:*:*:*","matchCriteriaId":"33E56E15-320F-4517-85C1-832A5942944C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p4:*:*:*:*:*:*","matchCriteriaId":"F50271FB-D419-4F63-A4CE-ED94C202AE8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.3:beta1:*:*:*:*:*:*","matchCriteriaId":"6A4BB895-9ECD-4026-9AC0-345F9AB817E1"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*","versionEndExcluding":"2.4.6","matchCriteriaId":"371EC52C-661F-45E9-B010-7E92E829684B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*","matchCriteriaId":"789BD987-9DAD-4EAE-93DE-0E267D54F124"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*","matchCriteriaId":"A3F113C0-00C5-4BC2-B42B-8AE3756252F2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p10:*:*:open_source:*:*:*","matchCriteriaId":"AE842CC8-7795-4238-B727-0BA2FFFBF62C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p11:*:*:open_source:*:*:*","matchCriteriaId":"AE724531-422D-4ABB-98F5-2C0B1BBEF031"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p12:*:*:open_source:*:*:*","matchCriteriaId":"BB499397-0E40-45B0-A7E9-BEFCC909DD07"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p13:*:*:open_source:*:*:*","matchCriteriaId":"0F972E57-B08E-46DF-88F1-A3002F001E83"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p14:*:*:open_source:*:*:*","matchCriteriaId":"F2DB3C10-65DF-4642-B581-8BE75FA2FAFA"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*","matchCriteriaId":"02592D65-2D2C-460A-A970-8A18F9B156ED"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*","matchCriteriaId":"457B89CF-C75E-4ED6-8603-9C52BA462A9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*","matchCriteriaId":"A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*","matchCriteriaId":"2A2DD9C6-BAF5-4DF5-9C14-3478923B2019"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*","matchCriteriaId":"BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*","matchCriteriaId":"2AA0B806-ABB8-4C18-9F9C-8291BE208F52"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*","matchCriteriaId":"AA9D4DAB-7567-48D7-BE60-2A10B35CFF27"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p9:*:*:open_source:*:*:*","matchCriteriaId":"A91E797D-63F6-4DE8-869C-AF0133DC6C03"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*","matchCriteriaId":"0E06FE04-8844-4409-92D9-4972B47C921B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*","matchCriteriaId":"99C620F3-40ED-4D7F-B6A1-205E948FD6F5"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*","matchCriteriaId":"FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:beta3:*:*:open_source:*:*:*","matchCriteriaId":"7EB4B9C5-513C-4039-8087-5E8880894318"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*","matchCriteriaId":"9C77154A-DBFE-48C3-A274-03075A0DB040"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*","matchCriteriaId":"F5AAC414-623C-444F-9BD5-EE0ACE2B2246"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*","matchCriteriaId":"8292888D-B0B0-4DF3-8719-EA4CDCAB39D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p4:*:*:open_source:*:*:*","matchCriteriaId":"9830E074-FDCF-41E9-98C7-10C20424EF4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p5:*:*:open_source:*:*:*","matchCriteriaId":"9D0C8648-B39E-47C7-AA5C-3AFED22F8D40"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p6:*:*:open_source:*:*:*","matchCriteriaId":"082F8B60-ECC5-4C55-BBFE-A0C8A3E95590"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p7:*:*:open_source:*:*:*","matchCriteriaId":"A7B83AD4-3134-414A-80E3-106C3C0F975A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p8:*:*:open_source:*:*:*","matchCriteriaId":"FAA14D5B-ACF2-497B-ACE7-33C42682D2DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p9:*:*:open_source:*:*:*","matchCriteriaId":"FCD04DB8-77E6-47FA-957C-F41530DC45E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:-:*:*:open_source:*:*:*","matchCriteriaId":"00E8284F-10CD-449C-AEF1-688B8287292F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*","matchCriteriaId":"59C10C74-FDB1-46EC-8F41-F3AC24AEFB7D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:beta2:*:*:open_source:*:*:*","matchCriteriaId":"2957B390-52C5-48D7-A6D7-709BC76B9C69"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p1:*:*:open_source:*:*:*","matchCriteriaId":"524F64B6-F7F7-4926-884F-E9448636007C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p2:*:*:open_source:*:*:*","matchCriteriaId":"9F56F919-69B6-4A77-B8CE-F13409542F14"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p3:*:*:open_source:*:*:*","matchCriteriaId":"F81D46F6-AEA3-4A83-A6F5-2231FD4CEC46"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p4:*:*:open_source:*:*:*","matchCriteriaId":"10A2F717-827A-424E-8DBA-CABED7C70A08"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.9:beta1:*:*:open_source:*:*:*","matchCriteriaId":"ED72E42E-7F55-4FEE-B936-B5EE688BF4E0"}]}]}],"references":[{"url":"https://helpx.adobe.com/security/products/magento/apsb26-49.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-34647","sourceIdentifier":"psirt@adobe.com","published":"2026-05-12T20:16:35.677","lastModified":"2026-05-20T17:28:09.157","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed."}],"metrics":{"cvssMetricV31":[{"source":"psirt@adobe.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.0}]},"weaknesses":[{"source":"psirt@adobe.com","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.4","matchCriteriaId":"76AAB57F-7723-44E0-B91A-9F120C849AC4"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*","matchCriteriaId":"D258D9EF-94FB-41F0-A7A5-7F66FA7A0055"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*","matchCriteriaId":"4E5CF6F0-2388-4D3F-8FE1-43B8AF148564"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*","matchCriteriaId":"1C3D7164-1C5F-40BC-9EEC-B0E00CD45808"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*","matchCriteriaId":"68AAE162-5957-42AF-BE20-40F341837FAC"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p12:*:*:*:*:*:*","matchCriteriaId":"D9D01159-3309-4F6B-93B0-2D89DDD33DEE"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p13:*:*:*:*:*:*","matchCriteriaId":"91736E79-D8E7-4AF2-8E01-A7B4EB8AD6F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p14:*:*:*:*:*:*","matchCriteriaId":"8412C043-64E7-4DFF-A303-13A6FE113BFB"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p15:*:*:*:*:*:*","matchCriteriaId":"BBDA2BCF-E784-4CF3-B30D-6FF5BEE2055F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p16:*:*:*:*:*:*","matchCriteriaId":"00909C10-6C93-4735-94ED-18DCBD608A28"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p17:*:*:*:*:*:*","matchCriteriaId":"C6F35FE6-853D-4EC6-8A4F-07F4ABD6301A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*","matchCriteriaId":"D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*","matchCriteriaId":"CFEBDDF2-6443-4482-83B2-3CD272CF599F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*","matchCriteriaId":"6661093F-8D22-450F-BC6C-A8894A52E6A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*","matchCriteriaId":"2515DA6D-2E74-4A05-BD29-FEEF3322BCB6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*","matchCriteriaId":"69A1F1F7-E53C-40F3-B3D9-DC011FC353BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*","matchCriteriaId":"6A56E96C-6CE5-442C-AA88-F0059B02B5E7"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*","matchCriteriaId":"8867F510-201C-4199-8554-53DE156CE669"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*","matchCriteriaId":"23988132-DD4E-4968-B6B8-954122F76081"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*","matchCriteriaId":"9B07F7B2-E915-4EFF-8FFC-91143CEF082E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*","matchCriteriaId":"7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*","matchCriteriaId":"5764CC97-C866-415D-A3A1-5B5B9E1C06A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p11:*:*:*:*:*:*","matchCriteriaId":"E82D10D8-2894-4E5B-B47B-F00964DD5CDE"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p12:*:*:*:*:*:*","matchCriteriaId":"B044F2D9-E888-4852-8A40-DCE688860ED3"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p13:*:*:*:*:*:*","matchCriteriaId":"6423C754-36F9-4680-9211-60940ED63E79"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p14:*:*:*:*:*:*","matchCriteriaId":"3472064A-8C79-436B-965A-96834AE8D346"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p15:*:*:*:*:*:*","matchCriteriaId":"CDA8ABEB-F955-4D34-8219-C518B49F5543"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p16:*:*:*:*:*:*","matchCriteriaId":"55D6A6BD-9E63-448A-A286-437EA1580CEF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*","matchCriteriaId":"8605E4E6-0F7D-42C8-B35B-2349A0BEFC69"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*","matchCriteriaId":"B6318F97-E59A-4425-8DC7-045C78A644F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*","matchCriteriaId":"324A573E-DBC8-42A0-8CB8-EDD8FBAB7115"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*","matchCriteriaId":"54151A00-CFB8-4E6A-8E74-497CB67BF7E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*","matchCriteriaId":"6DF0E74D-9293-4209-97D1-A3BA13C3DDE9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*","matchCriteriaId":"8922D646-1A97-47ED-91C6-5A426781C98A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*","matchCriteriaId":"952787C6-9BF1-49FB-9824-1236678E1902"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*","matchCriteriaId":"898A8679-3C46-4718-9EDF-583ADDFCF2EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*","matchCriteriaId":"7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*","matchCriteriaId":"D6086841-C175-46A1-8414-71C6163A0E7A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p10:*:*:*:*:*:*","matchCriteriaId":"E57889CC-3E90-46AF-9CD6-3328DD501AD1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p11:*:*:*:*:*:*","matchCriteriaId":"47A86566-DE38-4032-947D-B6181F0BC120"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p12:*:*:*:*:*:*","matchCriteriaId":"B7D1D684-CE7E-4D6D-95B5-1F86A8DB6C66"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p13:*:*:*:*:*:*","matchCriteriaId":"CABF5BD0-1D06-483D-91D3-A773D99EF217"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p14:*:*:*:*:*:*","matchCriteriaId":"33512239-B316-4FE7-94F0-ABD30900238B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*","matchCriteriaId":"D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*","matchCriteriaId":"A576B1B5-73A2-431E-998F-7E5458B51D6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*","matchCriteriaId":"0E05F4AC-2A28-47E3-96DE-0E31AF73CD43"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*","matchCriteriaId":"3A9A62EE-1649-4815-8EC9-7AEF7949EB2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*","matchCriteriaId":"E58690F9-FA9C-42A0-B4CD-91FD1197A53E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*","matchCriteriaId":"77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*","matchCriteriaId":"8B83729E-80AF-47CE-A70C-32BF83024A40"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p9:*:*:*:*:*:*","matchCriteriaId":"73D22D42-646D-4955-A6F9-9B7BA63DC0A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*","matchCriteriaId":"B5D04853-0C2F-47DD-A939-3A8F6E22CB7D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*","matchCriteriaId":"6EBB0608-034B-4F07-A59B-9E6A989BA260"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*","matchCriteriaId":"B3BF9B08-84E3-4974-9DEB-F4285995D796"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:beta3:*:*:*:*:*:*","matchCriteriaId":"7771BEDB-05E2-430E-B2A2-E2F7574B7114"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*","matchCriteriaId":"2E05341A-C70C-4B3D-AF30-9520D6B97D30"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*","matchCriteriaId":"4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*","matchCriteriaId":"95026AA9-A28B-4D94-BD77-7628429EBA30"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p4:*:*:*:*:*:*","matchCriteriaId":"83FD1220-7D46-42B2-8110-30A934144572"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p5:*:*:*:*:*:*","matchCriteriaId":"3F1439CE-8A3B-414A-B974-559209FF480C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p6:*:*:*:*:*:*","matchCriteriaId":"13726DEE-FFCB-447B-9FFF-136F132F2C4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p7:*:*:*:*:*:*","matchCriteriaId":"1A9443CE-AE1F-4D66-9C88-5E2E3FD28EE6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p8:*:*:*:*:*:*","matchCriteriaId":"B5E29EF8-2569-4258-A66F-E1E5F621E0D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p9:*:*:*:*:*:*","matchCriteriaId":"141DC3FF-68ED-429D-B10F-3C61B1399513"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:-:*:*:*:*:*:*","matchCriteriaId":"1EE12F4B-5607-4790-A29B-EE23383BCC1A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*","matchCriteriaId":"6D05A958-9749-486A-A149-C21647CDCADF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:beta2:*:*:*:*:*:*","matchCriteriaId":"C9E12B43-AD3E-48A2-9042-5586186CA3BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p1:*:*:*:*:*:*","matchCriteriaId":"C267AF14-7BA8-4D1F-BCD9-BE3ED0DA3D25"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p2:*:*:*:*:*:*","matchCriteriaId":"B4947C63-CFD9-437B-A09E-A197DCE40095"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p3:*:*:*:*:*:*","matchCriteriaId":"7FB6D020-2E5C-4789-A063-2C907F3CF3FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p4:*:*:*:*:*:*","matchCriteriaId":"A607D50D-B385-41F3-B1A9-3B21F52F2386"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.9:beta1:*:*:*:*:*:*","matchCriteriaId":"E4800556-D9A9-41AA-84A8-610BDAE2DE24"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*","versionEndExcluding":"1.3.3","matchCriteriaId":"28120C2E-10AD-4476-B6C3-BE3A43946068"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*","matchCriteriaId":"C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p1:*:*:*:*:*:*","matchCriteriaId":"E396FB4F-B20A-4BF9-8FBD-014A0F197F08"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*","matchCriteriaId":"2ADE32D1-2845-4030-BE1F-ECE28189D0F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*","matchCriteriaId":"F2E771C9-86C4-455C-98D4-6F4FE7A9A822"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:*:*:*:*:*:*","matchCriteriaId":"491AB715-F62A-46DB-A56E-055CF7CB7BEF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p13:*:*:*:*:*:*","matchCriteriaId":"6FE364A8-4780-426F-9E8A-284A31FE2623"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p14:*:*:*:*:*:*","matchCriteriaId":"F9258027-8A6A-4C6A-BC6F-349B6E03D828"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p15:*:*:*:*:*:*","matchCriteriaId":"934C52C7-8751-481E-BAA7-F631C4E31F32"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p16:*:*:*:*:*:*","matchCriteriaId":"D3C5847F-57AA-4ADA-8997-5D4F5FDFF50E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p17:*:*:*:*:*:*","matchCriteriaId":"12F8A820-8F52-4214-9EB3-DFEA5C89D738"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p2:*:*:*:*:*:*","matchCriteriaId":"5677B7E2-FA07-4536-96A9-2C64BEFD3751"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p3:*:*:*:*:*:*","matchCriteriaId":"2DCD1522-6E27-474F-9FC6-413409D6AD55"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p4:*:*:*:*:*:*","matchCriteriaId":"B7968FCA-CCFD-4222-8FB8-E6E21107944F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p5:*:*:*:*:*:*","matchCriteriaId":"8C175A1F-7814-4C51-A7B7-AD5140F0688F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p6:*:*:*:*:*:*","matchCriteriaId":"E66CBFB3-40C3-474A-A3A3-12135F610814"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p7:*:*:*:*:*:*","matchCriteriaId":"F51DFA17-1875-41A9-B141-D89BB6238B3F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p8:*:*:*:*:*:*","matchCriteriaId":"5A4D10EF-9137-4DF5-A5DD-97907E8B4C02"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p9:*:*:*:*:*:*","matchCriteriaId":"5CD0DC76-7181-4954-A59E-AB7BB47D0576"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*","matchCriteriaId":"1C90C433-6655-4038-9AB3-0304C1AFF360"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p1:*:*:*:*:*:*","matchCriteriaId":"374E7EDD-512A-4633-A136-01A656935334"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*","matchCriteriaId":"89BAB227-03E6-4776-ADE4-9D9CB666EFD9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p11:*:*:*:*:*:*","matchCriteriaId":"0E5ACABA-D6D6-4F29-A9DD-5A04A44ABE64"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p12:*:*:*:*:*:*","matchCriteriaId":"FA80AFCE-2663-46C0-AEC0-C16C8E675E6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p13:*:*:*:*:*:*","matchCriteriaId":"EB9955CA-7E7B-40D3-A85D-58BB0D9AC897"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p14:*:*:*:*:*:*","matchCriteriaId":"5D0A17AC-D433-47C2-A1AC-88291DCCECCD"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p15:*:*:*:*:*:*","matchCriteriaId":"7E0FD85B-E851-436D-A789-852DD26A3B56"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p16:*:*:*:*:*:*","matchCriteriaId":"435DFE49-8BCF-4F74-856C-141037F8666B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p2:*:*:*:*:*:*","matchCriteriaId":"0E9D364A-C858-4160-8B8B-33ECF94796D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p3:*:*:*:*:*:*","matchCriteriaId":"61559E50-581E-40FF-9FD4-10192ECFCD04"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p4:*:*:*:*:*:*","matchCriteriaId":"DE3BFB41-5633-4167-B1EA-9E958BCE9DC2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p5:*:*:*:*:*:*","matchCriteriaId":"F2C525D2-837D-486A-8B38-5634AE2ECE2B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p6:*:*:*:*:*:*","matchCriteriaId":"6F220229-F2DF-4C9D-90A6-8B09F8BE3391"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p7:*:*:*:*:*:*","matchCriteriaId":"63AB9506-3F8E-4C2E-A859-2380431C15A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p8:*:*:*:*:*:*","matchCriteriaId":"51B76658-EA6B-4AC9-9D9C-374C5308D069"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*","matchCriteriaId":"6E94B136-7A2C-47F0-BCE4-6BB8E776A305"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*","matchCriteriaId":"15C638A8-EFE0-47DB-B1F9-34093AF0FC17"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*","matchCriteriaId":"CB863404-A9D7-4692-AB43-08945E669928"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*","matchCriteriaId":"D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*","matchCriteriaId":"A21F608C-C356-47B8-8FBB-DB28BABFC4C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p4:*:*:*:*:*:*","matchCriteriaId":"E14195F1-5016-46BE-A614-6FB4E312FC93"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p5:*:*:*:*:*:*","matchCriteriaId":"9C360EA8-B18F-4327-90EF-7EED2892BE4F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p6:*:*:*:*:*:*","matchCriteriaId":"500E3A54-D7C7-4887-9EA6-7DF85389A831"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p7:*:*:*:*:*:*","matchCriteriaId":"ED6FFC1D-E921-4FF7-9928-015630613FE1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p8:*:*:*:*:*:*","matchCriteriaId":"FB8CAC6E-DA06-4C82-B148-38234D4EB910"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p9:*:*:*:*:*:*","matchCriteriaId":"CEC04530-DA8F-4411-8C55-9291F5CBBC8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:-:*:*:*:*:*:*","matchCriteriaId":"D855D141-7876-4F5A-91BE-6350DD379879"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p1:*:*:*:*:*:*","matchCriteriaId":"79CBDF59-EB84-44D3-81CF-5CBF943B411E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p2:*:*:*:*:*:*","matchCriteriaId":"2117B163-D88E-4EB4-AEA7-F27FB732BD48"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p3:*:*:*:*:*:*","matchCriteriaId":"33E56E15-320F-4517-85C1-832A5942944C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p4:*:*:*:*:*:*","matchCriteriaId":"F50271FB-D419-4F63-A4CE-ED94C202AE8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.3:beta1:*:*:*:*:*:*","matchCriteriaId":"6A4BB895-9ECD-4026-9AC0-345F9AB817E1"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*","versionEndExcluding":"2.4.6","matchCriteriaId":"371EC52C-661F-45E9-B010-7E92E829684B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*","matchCriteriaId":"789BD987-9DAD-4EAE-93DE-0E267D54F124"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*","matchCriteriaId":"A3F113C0-00C5-4BC2-B42B-8AE3756252F2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p10:*:*:open_source:*:*:*","matchCriteriaId":"AE842CC8-7795-4238-B727-0BA2FFFBF62C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p11:*:*:open_source:*:*:*","matchCriteriaId":"AE724531-422D-4ABB-98F5-2C0B1BBEF031"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p12:*:*:open_source:*:*:*","matchCriteriaId":"BB499397-0E40-45B0-A7E9-BEFCC909DD07"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p13:*:*:open_source:*:*:*","matchCriteriaId":"0F972E57-B08E-46DF-88F1-A3002F001E83"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p14:*:*:open_source:*:*:*","matchCriteriaId":"F2DB3C10-65DF-4642-B581-8BE75FA2FAFA"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*","matchCriteriaId":"02592D65-2D2C-460A-A970-8A18F9B156ED"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*","matchCriteriaId":"457B89CF-C75E-4ED6-8603-9C52BA462A9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*","matchCriteriaId":"A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*","matchCriteriaId":"2A2DD9C6-BAF5-4DF5-9C14-3478923B2019"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*","matchCriteriaId":"BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*","matchCriteriaId":"2AA0B806-ABB8-4C18-9F9C-8291BE208F52"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*","matchCriteriaId":"AA9D4DAB-7567-48D7-BE60-2A10B35CFF27"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p9:*:*:open_source:*:*:*","matchCriteriaId":"A91E797D-63F6-4DE8-869C-AF0133DC6C03"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*","matchCriteriaId":"0E06FE04-8844-4409-92D9-4972B47C921B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*","matchCriteriaId":"99C620F3-40ED-4D7F-B6A1-205E948FD6F5"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*","matchCriteriaId":"FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:beta3:*:*:open_source:*:*:*","matchCriteriaId":"7EB4B9C5-513C-4039-8087-5E8880894318"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*","matchCriteriaId":"9C77154A-DBFE-48C3-A274-03075A0DB040"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*","matchCriteriaId":"F5AAC414-623C-444F-9BD5-EE0ACE2B2246"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*","matchCriteriaId":"8292888D-B0B0-4DF3-8719-EA4CDCAB39D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p4:*:*:open_source:*:*:*","matchCriteriaId":"9830E074-FDCF-41E9-98C7-10C20424EF4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p5:*:*:open_source:*:*:*","matchCriteriaId":"9D0C8648-B39E-47C7-AA5C-3AFED22F8D40"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p6:*:*:open_source:*:*:*","matchCriteriaId":"082F8B60-ECC5-4C55-BBFE-A0C8A3E95590"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p7:*:*:open_source:*:*:*","matchCriteriaId":"A7B83AD4-3134-414A-80E3-106C3C0F975A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p8:*:*:open_source:*:*:*","matchCriteriaId":"FAA14D5B-ACF2-497B-ACE7-33C42682D2DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p9:*:*:open_source:*:*:*","matchCriteriaId":"FCD04DB8-77E6-47FA-957C-F41530DC45E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:-:*:*:open_source:*:*:*","matchCriteriaId":"00E8284F-10CD-449C-AEF1-688B8287292F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*","matchCriteriaId":"59C10C74-FDB1-46EC-8F41-F3AC24AEFB7D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:beta2:*:*:open_source:*:*:*","matchCriteriaId":"2957B390-52C5-48D7-A6D7-709BC76B9C69"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p1:*:*:open_source:*:*:*","matchCriteriaId":"524F64B6-F7F7-4926-884F-E9448636007C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p2:*:*:open_source:*:*:*","matchCriteriaId":"9F56F919-69B6-4A77-B8CE-F13409542F14"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p3:*:*:open_source:*:*:*","matchCriteriaId":"F81D46F6-AEA3-4A83-A6F5-2231FD4CEC46"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p4:*:*:open_source:*:*:*","matchCriteriaId":"10A2F717-827A-424E-8DBA-CABED7C70A08"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.9:beta1:*:*:open_source:*:*:*","matchCriteriaId":"ED72E42E-7F55-4FEE-B936-B5EE688BF4E0"}]}]}],"references":[{"url":"https://helpx.adobe.com/security/products/magento/apsb26-49.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-34648","sourceIdentifier":"psirt@adobe.com","published":"2026-05-12T20:16:35.797","lastModified":"2026-05-20T17:27:51.283","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction."}],"metrics":{"cvssMetricV31":[{"source":"psirt@adobe.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"psirt@adobe.com","type":"Primary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.4","matchCriteriaId":"76AAB57F-7723-44E0-B91A-9F120C849AC4"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*","matchCriteriaId":"D258D9EF-94FB-41F0-A7A5-7F66FA7A0055"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*","matchCriteriaId":"4E5CF6F0-2388-4D3F-8FE1-43B8AF148564"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*","matchCriteriaId":"1C3D7164-1C5F-40BC-9EEC-B0E00CD45808"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*","matchCriteriaId":"68AAE162-5957-42AF-BE20-40F341837FAC"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p12:*:*:*:*:*:*","matchCriteriaId":"D9D01159-3309-4F6B-93B0-2D89DDD33DEE"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p13:*:*:*:*:*:*","matchCriteriaId":"91736E79-D8E7-4AF2-8E01-A7B4EB8AD6F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p14:*:*:*:*:*:*","matchCriteriaId":"8412C043-64E7-4DFF-A303-13A6FE113BFB"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p15:*:*:*:*:*:*","matchCriteriaId":"BBDA2BCF-E784-4CF3-B30D-6FF5BEE2055F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p16:*:*:*:*:*:*","matchCriteriaId":"00909C10-6C93-4735-94ED-18DCBD608A28"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p17:*:*:*:*:*:*","matchCriteriaId":"C6F35FE6-853D-4EC6-8A4F-07F4ABD6301A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*","matchCriteriaId":"D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*","matchCriteriaId":"CFEBDDF2-6443-4482-83B2-3CD272CF599F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*","matchCriteriaId":"6661093F-8D22-450F-BC6C-A8894A52E6A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*","matchCriteriaId":"2515DA6D-2E74-4A05-BD29-FEEF3322BCB6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*","matchCriteriaId":"69A1F1F7-E53C-40F3-B3D9-DC011FC353BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*","matchCriteriaId":"6A56E96C-6CE5-442C-AA88-F0059B02B5E7"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*","matchCriteriaId":"8867F510-201C-4199-8554-53DE156CE669"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*","matchCriteriaId":"23988132-DD4E-4968-B6B8-954122F76081"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*","matchCriteriaId":"9B07F7B2-E915-4EFF-8FFC-91143CEF082E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*","matchCriteriaId":"7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*","matchCriteriaId":"5764CC97-C866-415D-A3A1-5B5B9E1C06A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p11:*:*:*:*:*:*","matchCriteriaId":"E82D10D8-2894-4E5B-B47B-F00964DD5CDE"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p12:*:*:*:*:*:*","matchCriteriaId":"B044F2D9-E888-4852-8A40-DCE688860ED3"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p13:*:*:*:*:*:*","matchCriteriaId":"6423C754-36F9-4680-9211-60940ED63E79"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p14:*:*:*:*:*:*","matchCriteriaId":"3472064A-8C79-436B-965A-96834AE8D346"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p15:*:*:*:*:*:*","matchCriteriaId":"CDA8ABEB-F955-4D34-8219-C518B49F5543"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p16:*:*:*:*:*:*","matchCriteriaId":"55D6A6BD-9E63-448A-A286-437EA1580CEF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*","matchCriteriaId":"8605E4E6-0F7D-42C8-B35B-2349A0BEFC69"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*","matchCriteriaId":"B6318F97-E59A-4425-8DC7-045C78A644F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*","matchCriteriaId":"324A573E-DBC8-42A0-8CB8-EDD8FBAB7115"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*","matchCriteriaId":"54151A00-CFB8-4E6A-8E74-497CB67BF7E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*","matchCriteriaId":"6DF0E74D-9293-4209-97D1-A3BA13C3DDE9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*","matchCriteriaId":"8922D646-1A97-47ED-91C6-5A426781C98A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*","matchCriteriaId":"952787C6-9BF1-49FB-9824-1236678E1902"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*","matchCriteriaId":"898A8679-3C46-4718-9EDF-583ADDFCF2EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*","matchCriteriaId":"7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*","matchCriteriaId":"D6086841-C175-46A1-8414-71C6163A0E7A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p10:*:*:*:*:*:*","matchCriteriaId":"E57889CC-3E90-46AF-9CD6-3328DD501AD1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p11:*:*:*:*:*:*","matchCriteriaId":"47A86566-DE38-4032-947D-B6181F0BC120"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p12:*:*:*:*:*:*","matchCriteriaId":"B7D1D684-CE7E-4D6D-95B5-1F86A8DB6C66"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p13:*:*:*:*:*:*","matchCriteriaId":"CABF5BD0-1D06-483D-91D3-A773D99EF217"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p14:*:*:*:*:*:*","matchCriteriaId":"33512239-B316-4FE7-94F0-ABD30900238B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*","matchCriteriaId":"D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*","matchCriteriaId":"A576B1B5-73A2-431E-998F-7E5458B51D6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*","matchCriteriaId":"0E05F4AC-2A28-47E3-96DE-0E31AF73CD43"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*","matchCriteriaId":"3A9A62EE-1649-4815-8EC9-7AEF7949EB2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*","matchCriteriaId":"E58690F9-FA9C-42A0-B4CD-91FD1197A53E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*","matchCriteriaId":"77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*","matchCriteriaId":"8B83729E-80AF-47CE-A70C-32BF83024A40"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p9:*:*:*:*:*:*","matchCriteriaId":"73D22D42-646D-4955-A6F9-9B7BA63DC0A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*","matchCriteriaId":"B5D04853-0C2F-47DD-A939-3A8F6E22CB7D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*","matchCriteriaId":"6EBB0608-034B-4F07-A59B-9E6A989BA260"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*","matchCriteriaId":"B3BF9B08-84E3-4974-9DEB-F4285995D796"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:beta3:*:*:*:*:*:*","matchCriteriaId":"7771BEDB-05E2-430E-B2A2-E2F7574B7114"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*","matchCriteriaId":"2E05341A-C70C-4B3D-AF30-9520D6B97D30"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*","matchCriteriaId":"4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*","matchCriteriaId":"95026AA9-A28B-4D94-BD77-7628429EBA30"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p4:*:*:*:*:*:*","matchCriteriaId":"83FD1220-7D46-42B2-8110-30A934144572"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p5:*:*:*:*:*:*","matchCriteriaId":"3F1439CE-8A3B-414A-B974-559209FF480C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p6:*:*:*:*:*:*","matchCriteriaId":"13726DEE-FFCB-447B-9FFF-136F132F2C4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p7:*:*:*:*:*:*","matchCriteriaId":"1A9443CE-AE1F-4D66-9C88-5E2E3FD28EE6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p8:*:*:*:*:*:*","matchCriteriaId":"B5E29EF8-2569-4258-A66F-E1E5F621E0D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p9:*:*:*:*:*:*","matchCriteriaId":"141DC3FF-68ED-429D-B10F-3C61B1399513"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:-:*:*:*:*:*:*","matchCriteriaId":"1EE12F4B-5607-4790-A29B-EE23383BCC1A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*","matchCriteriaId":"6D05A958-9749-486A-A149-C21647CDCADF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:beta2:*:*:*:*:*:*","matchCriteriaId":"C9E12B43-AD3E-48A2-9042-5586186CA3BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p1:*:*:*:*:*:*","matchCriteriaId":"C267AF14-7BA8-4D1F-BCD9-BE3ED0DA3D25"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p2:*:*:*:*:*:*","matchCriteriaId":"B4947C63-CFD9-437B-A09E-A197DCE40095"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p3:*:*:*:*:*:*","matchCriteriaId":"7FB6D020-2E5C-4789-A063-2C907F3CF3FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p4:*:*:*:*:*:*","matchCriteriaId":"A607D50D-B385-41F3-B1A9-3B21F52F2386"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.9:beta1:*:*:*:*:*:*","matchCriteriaId":"E4800556-D9A9-41AA-84A8-610BDAE2DE24"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*","versionEndExcluding":"1.3.3","matchCriteriaId":"28120C2E-10AD-4476-B6C3-BE3A43946068"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*","matchCriteriaId":"C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p1:*:*:*:*:*:*","matchCriteriaId":"E396FB4F-B20A-4BF9-8FBD-014A0F197F08"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*","matchCriteriaId":"2ADE32D1-2845-4030-BE1F-ECE28189D0F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*","matchCriteriaId":"F2E771C9-86C4-455C-98D4-6F4FE7A9A822"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:*:*:*:*:*:*","matchCriteriaId":"491AB715-F62A-46DB-A56E-055CF7CB7BEF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p13:*:*:*:*:*:*","matchCriteriaId":"6FE364A8-4780-426F-9E8A-284A31FE2623"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p14:*:*:*:*:*:*","matchCriteriaId":"F9258027-8A6A-4C6A-BC6F-349B6E03D828"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p15:*:*:*:*:*:*","matchCriteriaId":"934C52C7-8751-481E-BAA7-F631C4E31F32"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p16:*:*:*:*:*:*","matchCriteriaId":"D3C5847F-57AA-4ADA-8997-5D4F5FDFF50E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p17:*:*:*:*:*:*","matchCriteriaId":"12F8A820-8F52-4214-9EB3-DFEA5C89D738"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p2:*:*:*:*:*:*","matchCriteriaId":"5677B7E2-FA07-4536-96A9-2C64BEFD3751"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p3:*:*:*:*:*:*","matchCriteriaId":"2DCD1522-6E27-474F-9FC6-413409D6AD55"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p4:*:*:*:*:*:*","matchCriteriaId":"B7968FCA-CCFD-4222-8FB8-E6E21107944F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p5:*:*:*:*:*:*","matchCriteriaId":"8C175A1F-7814-4C51-A7B7-AD5140F0688F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p6:*:*:*:*:*:*","matchCriteriaId":"E66CBFB3-40C3-474A-A3A3-12135F610814"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p7:*:*:*:*:*:*","matchCriteriaId":"F51DFA17-1875-41A9-B141-D89BB6238B3F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p8:*:*:*:*:*:*","matchCriteriaId":"5A4D10EF-9137-4DF5-A5DD-97907E8B4C02"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p9:*:*:*:*:*:*","matchCriteriaId":"5CD0DC76-7181-4954-A59E-AB7BB47D0576"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*","matchCriteriaId":"1C90C433-6655-4038-9AB3-0304C1AFF360"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p1:*:*:*:*:*:*","matchCriteriaId":"374E7EDD-512A-4633-A136-01A656935334"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*","matchCriteriaId":"89BAB227-03E6-4776-ADE4-9D9CB666EFD9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p11:*:*:*:*:*:*","matchCriteriaId":"0E5ACABA-D6D6-4F29-A9DD-5A04A44ABE64"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p12:*:*:*:*:*:*","matchCriteriaId":"FA80AFCE-2663-46C0-AEC0-C16C8E675E6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p13:*:*:*:*:*:*","matchCriteriaId":"EB9955CA-7E7B-40D3-A85D-58BB0D9AC897"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p14:*:*:*:*:*:*","matchCriteriaId":"5D0A17AC-D433-47C2-A1AC-88291DCCECCD"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p15:*:*:*:*:*:*","matchCriteriaId":"7E0FD85B-E851-436D-A789-852DD26A3B56"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p16:*:*:*:*:*:*","matchCriteriaId":"435DFE49-8BCF-4F74-856C-141037F8666B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p2:*:*:*:*:*:*","matchCriteriaId":"0E9D364A-C858-4160-8B8B-33ECF94796D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p3:*:*:*:*:*:*","matchCriteriaId":"61559E50-581E-40FF-9FD4-10192ECFCD04"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p4:*:*:*:*:*:*","matchCriteriaId":"DE3BFB41-5633-4167-B1EA-9E958BCE9DC2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p5:*:*:*:*:*:*","matchCriteriaId":"F2C525D2-837D-486A-8B38-5634AE2ECE2B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p6:*:*:*:*:*:*","matchCriteriaId":"6F220229-F2DF-4C9D-90A6-8B09F8BE3391"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p7:*:*:*:*:*:*","matchCriteriaId":"63AB9506-3F8E-4C2E-A859-2380431C15A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p8:*:*:*:*:*:*","matchCriteriaId":"51B76658-EA6B-4AC9-9D9C-374C5308D069"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*","matchCriteriaId":"6E94B136-7A2C-47F0-BCE4-6BB8E776A305"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*","matchCriteriaId":"15C638A8-EFE0-47DB-B1F9-34093AF0FC17"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*","matchCriteriaId":"CB863404-A9D7-4692-AB43-08945E669928"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*","matchCriteriaId":"D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*","matchCriteriaId":"A21F608C-C356-47B8-8FBB-DB28BABFC4C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p4:*:*:*:*:*:*","matchCriteriaId":"E14195F1-5016-46BE-A614-6FB4E312FC93"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p5:*:*:*:*:*:*","matchCriteriaId":"9C360EA8-B18F-4327-90EF-7EED2892BE4F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p6:*:*:*:*:*:*","matchCriteriaId":"500E3A54-D7C7-4887-9EA6-7DF85389A831"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p7:*:*:*:*:*:*","matchCriteriaId":"ED6FFC1D-E921-4FF7-9928-015630613FE1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p8:*:*:*:*:*:*","matchCriteriaId":"FB8CAC6E-DA06-4C82-B148-38234D4EB910"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p9:*:*:*:*:*:*","matchCriteriaId":"CEC04530-DA8F-4411-8C55-9291F5CBBC8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:-:*:*:*:*:*:*","matchCriteriaId":"D855D141-7876-4F5A-91BE-6350DD379879"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p1:*:*:*:*:*:*","matchCriteriaId":"79CBDF59-EB84-44D3-81CF-5CBF943B411E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p2:*:*:*:*:*:*","matchCriteriaId":"2117B163-D88E-4EB4-AEA7-F27FB732BD48"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p3:*:*:*:*:*:*","matchCriteriaId":"33E56E15-320F-4517-85C1-832A5942944C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p4:*:*:*:*:*:*","matchCriteriaId":"F50271FB-D419-4F63-A4CE-ED94C202AE8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.3:beta1:*:*:*:*:*:*","matchCriteriaId":"6A4BB895-9ECD-4026-9AC0-345F9AB817E1"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*","versionEndExcluding":"2.4.6","matchCriteriaId":"371EC52C-661F-45E9-B010-7E92E829684B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*","matchCriteriaId":"789BD987-9DAD-4EAE-93DE-0E267D54F124"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*","matchCriteriaId":"A3F113C0-00C5-4BC2-B42B-8AE3756252F2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p10:*:*:open_source:*:*:*","matchCriteriaId":"AE842CC8-7795-4238-B727-0BA2FFFBF62C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p11:*:*:open_source:*:*:*","matchCriteriaId":"AE724531-422D-4ABB-98F5-2C0B1BBEF031"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p12:*:*:open_source:*:*:*","matchCriteriaId":"BB499397-0E40-45B0-A7E9-BEFCC909DD07"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p13:*:*:open_source:*:*:*","matchCriteriaId":"0F972E57-B08E-46DF-88F1-A3002F001E83"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p14:*:*:open_source:*:*:*","matchCriteriaId":"F2DB3C10-65DF-4642-B581-8BE75FA2FAFA"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*","matchCriteriaId":"02592D65-2D2C-460A-A970-8A18F9B156ED"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*","matchCriteriaId":"457B89CF-C75E-4ED6-8603-9C52BA462A9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*","matchCriteriaId":"A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*","matchCriteriaId":"2A2DD9C6-BAF5-4DF5-9C14-3478923B2019"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*","matchCriteriaId":"BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*","matchCriteriaId":"2AA0B806-ABB8-4C18-9F9C-8291BE208F52"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*","matchCriteriaId":"AA9D4DAB-7567-48D7-BE60-2A10B35CFF27"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p9:*:*:open_source:*:*:*","matchCriteriaId":"A91E797D-63F6-4DE8-869C-AF0133DC6C03"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*","matchCriteriaId":"0E06FE04-8844-4409-92D9-4972B47C921B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*","matchCriteriaId":"99C620F3-40ED-4D7F-B6A1-205E948FD6F5"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*","matchCriteriaId":"FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:beta3:*:*:open_source:*:*:*","matchCriteriaId":"7EB4B9C5-513C-4039-8087-5E8880894318"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*","matchCriteriaId":"9C77154A-DBFE-48C3-A274-03075A0DB040"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*","matchCriteriaId":"F5AAC414-623C-444F-9BD5-EE0ACE2B2246"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*","matchCriteriaId":"8292888D-B0B0-4DF3-8719-EA4CDCAB39D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p4:*:*:open_source:*:*:*","matchCriteriaId":"9830E074-FDCF-41E9-98C7-10C20424EF4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p5:*:*:open_source:*:*:*","matchCriteriaId":"9D0C8648-B39E-47C7-AA5C-3AFED22F8D40"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p6:*:*:open_source:*:*:*","matchCriteriaId":"082F8B60-ECC5-4C55-BBFE-A0C8A3E95590"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p7:*:*:open_source:*:*:*","matchCriteriaId":"A7B83AD4-3134-414A-80E3-106C3C0F975A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p8:*:*:open_source:*:*:*","matchCriteriaId":"FAA14D5B-ACF2-497B-ACE7-33C42682D2DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p9:*:*:open_source:*:*:*","matchCriteriaId":"FCD04DB8-77E6-47FA-957C-F41530DC45E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:-:*:*:open_source:*:*:*","matchCriteriaId":"00E8284F-10CD-449C-AEF1-688B8287292F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*","matchCriteriaId":"59C10C74-FDB1-46EC-8F41-F3AC24AEFB7D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:beta2:*:*:open_source:*:*:*","matchCriteriaId":"2957B390-52C5-48D7-A6D7-709BC76B9C69"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p1:*:*:open_source:*:*:*","matchCriteriaId":"524F64B6-F7F7-4926-884F-E9448636007C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p2:*:*:open_source:*:*:*","matchCriteriaId":"9F56F919-69B6-4A77-B8CE-F13409542F14"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p3:*:*:open_source:*:*:*","matchCriteriaId":"F81D46F6-AEA3-4A83-A6F5-2231FD4CEC46"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p4:*:*:open_source:*:*:*","matchCriteriaId":"10A2F717-827A-424E-8DBA-CABED7C70A08"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.9:beta1:*:*:open_source:*:*:*","matchCriteriaId":"ED72E42E-7F55-4FEE-B936-B5EE688BF4E0"}]}]}],"references":[{"url":"https://helpx.adobe.com/security/products/magento/apsb26-49.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-34649","sourceIdentifier":"psirt@adobe.com","published":"2026-05-12T20:16:35.917","lastModified":"2026-05-20T17:13:54.970","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction."}],"metrics":{"cvssMetricV31":[{"source":"psirt@adobe.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"psirt@adobe.com","type":"Primary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.4","matchCriteriaId":"76AAB57F-7723-44E0-B91A-9F120C849AC4"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*","matchCriteriaId":"D258D9EF-94FB-41F0-A7A5-7F66FA7A0055"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*","matchCriteriaId":"4E5CF6F0-2388-4D3F-8FE1-43B8AF148564"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*","matchCriteriaId":"1C3D7164-1C5F-40BC-9EEC-B0E00CD45808"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*","matchCriteriaId":"68AAE162-5957-42AF-BE20-40F341837FAC"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p12:*:*:*:*:*:*","matchCriteriaId":"D9D01159-3309-4F6B-93B0-2D89DDD33DEE"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p13:*:*:*:*:*:*","matchCriteriaId":"91736E79-D8E7-4AF2-8E01-A7B4EB8AD6F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p14:*:*:*:*:*:*","matchCriteriaId":"8412C043-64E7-4DFF-A303-13A6FE113BFB"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p15:*:*:*:*:*:*","matchCriteriaId":"BBDA2BCF-E784-4CF3-B30D-6FF5BEE2055F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p16:*:*:*:*:*:*","matchCriteriaId":"00909C10-6C93-4735-94ED-18DCBD608A28"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p17:*:*:*:*:*:*","matchCriteriaId":"C6F35FE6-853D-4EC6-8A4F-07F4ABD6301A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*","matchCriteriaId":"D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*","matchCriteriaId":"CFEBDDF2-6443-4482-83B2-3CD272CF599F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*","matchCriteriaId":"6661093F-8D22-450F-BC6C-A8894A52E6A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*","matchCriteriaId":"2515DA6D-2E74-4A05-BD29-FEEF3322BCB6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*","matchCriteriaId":"69A1F1F7-E53C-40F3-B3D9-DC011FC353BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*","matchCriteriaId":"6A56E96C-6CE5-442C-AA88-F0059B02B5E7"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*","matchCriteriaId":"8867F510-201C-4199-8554-53DE156CE669"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*","matchCriteriaId":"23988132-DD4E-4968-B6B8-954122F76081"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*","matchCriteriaId":"9B07F7B2-E915-4EFF-8FFC-91143CEF082E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*","matchCriteriaId":"7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*","matchCriteriaId":"5764CC97-C866-415D-A3A1-5B5B9E1C06A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p11:*:*:*:*:*:*","matchCriteriaId":"E82D10D8-2894-4E5B-B47B-F00964DD5CDE"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p12:*:*:*:*:*:*","matchCriteriaId":"B044F2D9-E888-4852-8A40-DCE688860ED3"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p13:*:*:*:*:*:*","matchCriteriaId":"6423C754-36F9-4680-9211-60940ED63E79"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p14:*:*:*:*:*:*","matchCriteriaId":"3472064A-8C79-436B-965A-96834AE8D346"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p15:*:*:*:*:*:*","matchCriteriaId":"CDA8ABEB-F955-4D34-8219-C518B49F5543"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p16:*:*:*:*:*:*","matchCriteriaId":"55D6A6BD-9E63-448A-A286-437EA1580CEF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*","matchCriteriaId":"8605E4E6-0F7D-42C8-B35B-2349A0BEFC69"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*","matchCriteriaId":"B6318F97-E59A-4425-8DC7-045C78A644F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*","matchCriteriaId":"324A573E-DBC8-42A0-8CB8-EDD8FBAB7115"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*","matchCriteriaId":"54151A00-CFB8-4E6A-8E74-497CB67BF7E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*","matchCriteriaId":"6DF0E74D-9293-4209-97D1-A3BA13C3DDE9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*","matchCriteriaId":"8922D646-1A97-47ED-91C6-5A426781C98A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*","matchCriteriaId":"952787C6-9BF1-49FB-9824-1236678E1902"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*","matchCriteriaId":"898A8679-3C46-4718-9EDF-583ADDFCF2EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*","matchCriteriaId":"7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*","matchCriteriaId":"D6086841-C175-46A1-8414-71C6163A0E7A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p10:*:*:*:*:*:*","matchCriteriaId":"E57889CC-3E90-46AF-9CD6-3328DD501AD1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p11:*:*:*:*:*:*","matchCriteriaId":"47A86566-DE38-4032-947D-B6181F0BC120"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p12:*:*:*:*:*:*","matchCriteriaId":"B7D1D684-CE7E-4D6D-95B5-1F86A8DB6C66"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p13:*:*:*:*:*:*","matchCriteriaId":"CABF5BD0-1D06-483D-91D3-A773D99EF217"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p14:*:*:*:*:*:*","matchCriteriaId":"33512239-B316-4FE7-94F0-ABD30900238B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*","matchCriteriaId":"D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*","matchCriteriaId":"A576B1B5-73A2-431E-998F-7E5458B51D6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*","matchCriteriaId":"0E05F4AC-2A28-47E3-96DE-0E31AF73CD43"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*","matchCriteriaId":"3A9A62EE-1649-4815-8EC9-7AEF7949EB2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*","matchCriteriaId":"E58690F9-FA9C-42A0-B4CD-91FD1197A53E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*","matchCriteriaId":"77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*","matchCriteriaId":"8B83729E-80AF-47CE-A70C-32BF83024A40"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p9:*:*:*:*:*:*","matchCriteriaId":"73D22D42-646D-4955-A6F9-9B7BA63DC0A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*","matchCriteriaId":"B5D04853-0C2F-47DD-A939-3A8F6E22CB7D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*","matchCriteriaId":"6EBB0608-034B-4F07-A59B-9E6A989BA260"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*","matchCriteriaId":"B3BF9B08-84E3-4974-9DEB-F4285995D796"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:beta3:*:*:*:*:*:*","matchCriteriaId":"7771BEDB-05E2-430E-B2A2-E2F7574B7114"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*","matchCriteriaId":"2E05341A-C70C-4B3D-AF30-9520D6B97D30"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*","matchCriteriaId":"4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*","matchCriteriaId":"95026AA9-A28B-4D94-BD77-7628429EBA30"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p4:*:*:*:*:*:*","matchCriteriaId":"83FD1220-7D46-42B2-8110-30A934144572"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p5:*:*:*:*:*:*","matchCriteriaId":"3F1439CE-8A3B-414A-B974-559209FF480C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p6:*:*:*:*:*:*","matchCriteriaId":"13726DEE-FFCB-447B-9FFF-136F132F2C4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p7:*:*:*:*:*:*","matchCriteriaId":"1A9443CE-AE1F-4D66-9C88-5E2E3FD28EE6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p8:*:*:*:*:*:*","matchCriteriaId":"B5E29EF8-2569-4258-A66F-E1E5F621E0D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p9:*:*:*:*:*:*","matchCriteriaId":"141DC3FF-68ED-429D-B10F-3C61B1399513"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:-:*:*:*:*:*:*","matchCriteriaId":"1EE12F4B-5607-4790-A29B-EE23383BCC1A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*","matchCriteriaId":"6D05A958-9749-486A-A149-C21647CDCADF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:beta2:*:*:*:*:*:*","matchCriteriaId":"C9E12B43-AD3E-48A2-9042-5586186CA3BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p1:*:*:*:*:*:*","matchCriteriaId":"C267AF14-7BA8-4D1F-BCD9-BE3ED0DA3D25"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p2:*:*:*:*:*:*","matchCriteriaId":"B4947C63-CFD9-437B-A09E-A197DCE40095"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p3:*:*:*:*:*:*","matchCriteriaId":"7FB6D020-2E5C-4789-A063-2C907F3CF3FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p4:*:*:*:*:*:*","matchCriteriaId":"A607D50D-B385-41F3-B1A9-3B21F52F2386"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.9:beta1:*:*:*:*:*:*","matchCriteriaId":"E4800556-D9A9-41AA-84A8-610BDAE2DE24"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*","versionEndExcluding":"1.3.3","matchCriteriaId":"28120C2E-10AD-4476-B6C3-BE3A43946068"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*","matchCriteriaId":"C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p1:*:*:*:*:*:*","matchCriteriaId":"E396FB4F-B20A-4BF9-8FBD-014A0F197F08"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*","matchCriteriaId":"2ADE32D1-2845-4030-BE1F-ECE28189D0F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*","matchCriteriaId":"F2E771C9-86C4-455C-98D4-6F4FE7A9A822"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:*:*:*:*:*:*","matchCriteriaId":"491AB715-F62A-46DB-A56E-055CF7CB7BEF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p13:*:*:*:*:*:*","matchCriteriaId":"6FE364A8-4780-426F-9E8A-284A31FE2623"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p14:*:*:*:*:*:*","matchCriteriaId":"F9258027-8A6A-4C6A-BC6F-349B6E03D828"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p15:*:*:*:*:*:*","matchCriteriaId":"934C52C7-8751-481E-BAA7-F631C4E31F32"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p16:*:*:*:*:*:*","matchCriteriaId":"D3C5847F-57AA-4ADA-8997-5D4F5FDFF50E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p17:*:*:*:*:*:*","matchCriteriaId":"12F8A820-8F52-4214-9EB3-DFEA5C89D738"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p2:*:*:*:*:*:*","matchCriteriaId":"5677B7E2-FA07-4536-96A9-2C64BEFD3751"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p3:*:*:*:*:*:*","matchCriteriaId":"2DCD1522-6E27-474F-9FC6-413409D6AD55"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p4:*:*:*:*:*:*","matchCriteriaId":"B7968FCA-CCFD-4222-8FB8-E6E21107944F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p5:*:*:*:*:*:*","matchCriteriaId":"8C175A1F-7814-4C51-A7B7-AD5140F0688F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p6:*:*:*:*:*:*","matchCriteriaId":"E66CBFB3-40C3-474A-A3A3-12135F610814"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p7:*:*:*:*:*:*","matchCriteriaId":"F51DFA17-1875-41A9-B141-D89BB6238B3F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p8:*:*:*:*:*:*","matchCriteriaId":"5A4D10EF-9137-4DF5-A5DD-97907E8B4C02"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p9:*:*:*:*:*:*","matchCriteriaId":"5CD0DC76-7181-4954-A59E-AB7BB47D0576"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*","matchCriteriaId":"1C90C433-6655-4038-9AB3-0304C1AFF360"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p1:*:*:*:*:*:*","matchCriteriaId":"374E7EDD-512A-4633-A136-01A656935334"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*","matchCriteriaId":"89BAB227-03E6-4776-ADE4-9D9CB666EFD9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p11:*:*:*:*:*:*","matchCriteriaId":"0E5ACABA-D6D6-4F29-A9DD-5A04A44ABE64"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p12:*:*:*:*:*:*","matchCriteriaId":"FA80AFCE-2663-46C0-AEC0-C16C8E675E6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p13:*:*:*:*:*:*","matchCriteriaId":"EB9955CA-7E7B-40D3-A85D-58BB0D9AC897"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p14:*:*:*:*:*:*","matchCriteriaId":"5D0A17AC-D433-47C2-A1AC-88291DCCECCD"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p15:*:*:*:*:*:*","matchCriteriaId":"7E0FD85B-E851-436D-A789-852DD26A3B56"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p16:*:*:*:*:*:*","matchCriteriaId":"435DFE49-8BCF-4F74-856C-141037F8666B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p2:*:*:*:*:*:*","matchCriteriaId":"0E9D364A-C858-4160-8B8B-33ECF94796D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p3:*:*:*:*:*:*","matchCriteriaId":"61559E50-581E-40FF-9FD4-10192ECFCD04"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p4:*:*:*:*:*:*","matchCriteriaId":"DE3BFB41-5633-4167-B1EA-9E958BCE9DC2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p5:*:*:*:*:*:*","matchCriteriaId":"F2C525D2-837D-486A-8B38-5634AE2ECE2B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p6:*:*:*:*:*:*","matchCriteriaId":"6F220229-F2DF-4C9D-90A6-8B09F8BE3391"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p7:*:*:*:*:*:*","matchCriteriaId":"63AB9506-3F8E-4C2E-A859-2380431C15A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p8:*:*:*:*:*:*","matchCriteriaId":"51B76658-EA6B-4AC9-9D9C-374C5308D069"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*","matchCriteriaId":"6E94B136-7A2C-47F0-BCE4-6BB8E776A305"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*","matchCriteriaId":"15C638A8-EFE0-47DB-B1F9-34093AF0FC17"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*","matchCriteriaId":"CB863404-A9D7-4692-AB43-08945E669928"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*","matchCriteriaId":"D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*","matchCriteriaId":"A21F608C-C356-47B8-8FBB-DB28BABFC4C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p4:*:*:*:*:*:*","matchCriteriaId":"E14195F1-5016-46BE-A614-6FB4E312FC93"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p5:*:*:*:*:*:*","matchCriteriaId":"9C360EA8-B18F-4327-90EF-7EED2892BE4F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p6:*:*:*:*:*:*","matchCriteriaId":"500E3A54-D7C7-4887-9EA6-7DF85389A831"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p7:*:*:*:*:*:*","matchCriteriaId":"ED6FFC1D-E921-4FF7-9928-015630613FE1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p8:*:*:*:*:*:*","matchCriteriaId":"FB8CAC6E-DA06-4C82-B148-38234D4EB910"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p9:*:*:*:*:*:*","matchCriteriaId":"CEC04530-DA8F-4411-8C55-9291F5CBBC8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:-:*:*:*:*:*:*","matchCriteriaId":"D855D141-7876-4F5A-91BE-6350DD379879"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p1:*:*:*:*:*:*","matchCriteriaId":"79CBDF59-EB84-44D3-81CF-5CBF943B411E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p2:*:*:*:*:*:*","matchCriteriaId":"2117B163-D88E-4EB4-AEA7-F27FB732BD48"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p3:*:*:*:*:*:*","matchCriteriaId":"33E56E15-320F-4517-85C1-832A5942944C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p4:*:*:*:*:*:*","matchCriteriaId":"F50271FB-D419-4F63-A4CE-ED94C202AE8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.3:beta1:*:*:*:*:*:*","matchCriteriaId":"6A4BB895-9ECD-4026-9AC0-345F9AB817E1"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*","versionEndExcluding":"2.4.6","matchCriteriaId":"371EC52C-661F-45E9-B010-7E92E829684B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*","matchCriteriaId":"789BD987-9DAD-4EAE-93DE-0E267D54F124"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*","matchCriteriaId":"A3F113C0-00C5-4BC2-B42B-8AE3756252F2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p10:*:*:open_source:*:*:*","matchCriteriaId":"AE842CC8-7795-4238-B727-0BA2FFFBF62C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p11:*:*:open_source:*:*:*","matchCriteriaId":"AE724531-422D-4ABB-98F5-2C0B1BBEF031"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p12:*:*:open_source:*:*:*","matchCriteriaId":"BB499397-0E40-45B0-A7E9-BEFCC909DD07"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p13:*:*:open_source:*:*:*","matchCriteriaId":"0F972E57-B08E-46DF-88F1-A3002F001E83"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p14:*:*:open_source:*:*:*","matchCriteriaId":"F2DB3C10-65DF-4642-B581-8BE75FA2FAFA"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*","matchCriteriaId":"02592D65-2D2C-460A-A970-8A18F9B156ED"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*","matchCriteriaId":"457B89CF-C75E-4ED6-8603-9C52BA462A9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*","matchCriteriaId":"A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*","matchCriteriaId":"2A2DD9C6-BAF5-4DF5-9C14-3478923B2019"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*","matchCriteriaId":"BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*","matchCriteriaId":"2AA0B806-ABB8-4C18-9F9C-8291BE208F52"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*","matchCriteriaId":"AA9D4DAB-7567-48D7-BE60-2A10B35CFF27"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p9:*:*:open_source:*:*:*","matchCriteriaId":"A91E797D-63F6-4DE8-869C-AF0133DC6C03"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*","matchCriteriaId":"0E06FE04-8844-4409-92D9-4972B47C921B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*","matchCriteriaId":"99C620F3-40ED-4D7F-B6A1-205E948FD6F5"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*","matchCriteriaId":"FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:beta3:*:*:open_source:*:*:*","matchCriteriaId":"7EB4B9C5-513C-4039-8087-5E8880894318"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*","matchCriteriaId":"9C77154A-DBFE-48C3-A274-03075A0DB040"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*","matchCriteriaId":"F5AAC414-623C-444F-9BD5-EE0ACE2B2246"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*","matchCriteriaId":"8292888D-B0B0-4DF3-8719-EA4CDCAB39D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p4:*:*:open_source:*:*:*","matchCriteriaId":"9830E074-FDCF-41E9-98C7-10C20424EF4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p5:*:*:open_source:*:*:*","matchCriteriaId":"9D0C8648-B39E-47C7-AA5C-3AFED22F8D40"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p6:*:*:open_source:*:*:*","matchCriteriaId":"082F8B60-ECC5-4C55-BBFE-A0C8A3E95590"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p7:*:*:open_source:*:*:*","matchCriteriaId":"A7B83AD4-3134-414A-80E3-106C3C0F975A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p8:*:*:open_source:*:*:*","matchCriteriaId":"FAA14D5B-ACF2-497B-ACE7-33C42682D2DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p9:*:*:open_source:*:*:*","matchCriteriaId":"FCD04DB8-77E6-47FA-957C-F41530DC45E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:-:*:*:open_source:*:*:*","matchCriteriaId":"00E8284F-10CD-449C-AEF1-688B8287292F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*","matchCriteriaId":"59C10C74-FDB1-46EC-8F41-F3AC24AEFB7D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:beta2:*:*:open_source:*:*:*","matchCriteriaId":"2957B390-52C5-48D7-A6D7-709BC76B9C69"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p1:*:*:open_source:*:*:*","matchCriteriaId":"524F64B6-F7F7-4926-884F-E9448636007C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p2:*:*:open_source:*:*:*","matchCriteriaId":"9F56F919-69B6-4A77-B8CE-F13409542F14"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p3:*:*:open_source:*:*:*","matchCriteriaId":"F81D46F6-AEA3-4A83-A6F5-2231FD4CEC46"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p4:*:*:open_source:*:*:*","matchCriteriaId":"10A2F717-827A-424E-8DBA-CABED7C70A08"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.9:beta1:*:*:open_source:*:*:*","matchCriteriaId":"ED72E42E-7F55-4FEE-B936-B5EE688BF4E0"}]}]}],"references":[{"url":"https://helpx.adobe.com/security/products/magento/apsb26-49.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-34650","sourceIdentifier":"psirt@adobe.com","published":"2026-05-12T20:16:36.033","lastModified":"2026-05-20T17:13:27.387","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction."}],"metrics":{"cvssMetricV31":[{"source":"psirt@adobe.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"psirt@adobe.com","type":"Primary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.4","matchCriteriaId":"76AAB57F-7723-44E0-B91A-9F120C849AC4"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*","matchCriteriaId":"D258D9EF-94FB-41F0-A7A5-7F66FA7A0055"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*","matchCriteriaId":"4E5CF6F0-2388-4D3F-8FE1-43B8AF148564"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*","matchCriteriaId":"1C3D7164-1C5F-40BC-9EEC-B0E00CD45808"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*","matchCriteriaId":"68AAE162-5957-42AF-BE20-40F341837FAC"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p12:*:*:*:*:*:*","matchCriteriaId":"D9D01159-3309-4F6B-93B0-2D89DDD33DEE"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p13:*:*:*:*:*:*","matchCriteriaId":"91736E79-D8E7-4AF2-8E01-A7B4EB8AD6F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p14:*:*:*:*:*:*","matchCriteriaId":"8412C043-64E7-4DFF-A303-13A6FE113BFB"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p15:*:*:*:*:*:*","matchCriteriaId":"BBDA2BCF-E784-4CF3-B30D-6FF5BEE2055F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p16:*:*:*:*:*:*","matchCriteriaId":"00909C10-6C93-4735-94ED-18DCBD608A28"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p17:*:*:*:*:*:*","matchCriteriaId":"C6F35FE6-853D-4EC6-8A4F-07F4ABD6301A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*","matchCriteriaId":"D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*","matchCriteriaId":"CFEBDDF2-6443-4482-83B2-3CD272CF599F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*","matchCriteriaId":"6661093F-8D22-450F-BC6C-A8894A52E6A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*","matchCriteriaId":"2515DA6D-2E74-4A05-BD29-FEEF3322BCB6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*","matchCriteriaId":"69A1F1F7-E53C-40F3-B3D9-DC011FC353BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*","matchCriteriaId":"6A56E96C-6CE5-442C-AA88-F0059B02B5E7"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*","matchCriteriaId":"8867F510-201C-4199-8554-53DE156CE669"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*","matchCriteriaId":"23988132-DD4E-4968-B6B8-954122F76081"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*","matchCriteriaId":"9B07F7B2-E915-4EFF-8FFC-91143CEF082E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*","matchCriteriaId":"7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*","matchCriteriaId":"5764CC97-C866-415D-A3A1-5B5B9E1C06A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p11:*:*:*:*:*:*","matchCriteriaId":"E82D10D8-2894-4E5B-B47B-F00964DD5CDE"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p12:*:*:*:*:*:*","matchCriteriaId":"B044F2D9-E888-4852-8A40-DCE688860ED3"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p13:*:*:*:*:*:*","matchCriteriaId":"6423C754-36F9-4680-9211-60940ED63E79"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p14:*:*:*:*:*:*","matchCriteriaId":"3472064A-8C79-436B-965A-96834AE8D346"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p15:*:*:*:*:*:*","matchCriteriaId":"CDA8ABEB-F955-4D34-8219-C518B49F5543"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p16:*:*:*:*:*:*","matchCriteriaId":"55D6A6BD-9E63-448A-A286-437EA1580CEF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*","matchCriteriaId":"8605E4E6-0F7D-42C8-B35B-2349A0BEFC69"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*","matchCriteriaId":"B6318F97-E59A-4425-8DC7-045C78A644F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*","matchCriteriaId":"324A573E-DBC8-42A0-8CB8-EDD8FBAB7115"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*","matchCriteriaId":"54151A00-CFB8-4E6A-8E74-497CB67BF7E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*","matchCriteriaId":"6DF0E74D-9293-4209-97D1-A3BA13C3DDE9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*","matchCriteriaId":"8922D646-1A97-47ED-91C6-5A426781C98A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*","matchCriteriaId":"952787C6-9BF1-49FB-9824-1236678E1902"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*","matchCriteriaId":"898A8679-3C46-4718-9EDF-583ADDFCF2EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*","matchCriteriaId":"7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*","matchCriteriaId":"D6086841-C175-46A1-8414-71C6163A0E7A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p10:*:*:*:*:*:*","matchCriteriaId":"E57889CC-3E90-46AF-9CD6-3328DD501AD1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p11:*:*:*:*:*:*","matchCriteriaId":"47A86566-DE38-4032-947D-B6181F0BC120"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p12:*:*:*:*:*:*","matchCriteriaId":"B7D1D684-CE7E-4D6D-95B5-1F86A8DB6C66"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p13:*:*:*:*:*:*","matchCriteriaId":"CABF5BD0-1D06-483D-91D3-A773D99EF217"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p14:*:*:*:*:*:*","matchCriteriaId":"33512239-B316-4FE7-94F0-ABD30900238B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*","matchCriteriaId":"D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*","matchCriteriaId":"A576B1B5-73A2-431E-998F-7E5458B51D6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*","matchCriteriaId":"0E05F4AC-2A28-47E3-96DE-0E31AF73CD43"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*","matchCriteriaId":"3A9A62EE-1649-4815-8EC9-7AEF7949EB2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*","matchCriteriaId":"E58690F9-FA9C-42A0-B4CD-91FD1197A53E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*","matchCriteriaId":"77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*","matchCriteriaId":"8B83729E-80AF-47CE-A70C-32BF83024A40"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p9:*:*:*:*:*:*","matchCriteriaId":"73D22D42-646D-4955-A6F9-9B7BA63DC0A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*","matchCriteriaId":"B5D04853-0C2F-47DD-A939-3A8F6E22CB7D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*","matchCriteriaId":"6EBB0608-034B-4F07-A59B-9E6A989BA260"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*","matchCriteriaId":"B3BF9B08-84E3-4974-9DEB-F4285995D796"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:beta3:*:*:*:*:*:*","matchCriteriaId":"7771BEDB-05E2-430E-B2A2-E2F7574B7114"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*","matchCriteriaId":"2E05341A-C70C-4B3D-AF30-9520D6B97D30"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*","matchCriteriaId":"4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*","matchCriteriaId":"95026AA9-A28B-4D94-BD77-7628429EBA30"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p4:*:*:*:*:*:*","matchCriteriaId":"83FD1220-7D46-42B2-8110-30A934144572"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p5:*:*:*:*:*:*","matchCriteriaId":"3F1439CE-8A3B-414A-B974-559209FF480C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p6:*:*:*:*:*:*","matchCriteriaId":"13726DEE-FFCB-447B-9FFF-136F132F2C4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p7:*:*:*:*:*:*","matchCriteriaId":"1A9443CE-AE1F-4D66-9C88-5E2E3FD28EE6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p8:*:*:*:*:*:*","matchCriteriaId":"B5E29EF8-2569-4258-A66F-E1E5F621E0D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p9:*:*:*:*:*:*","matchCriteriaId":"141DC3FF-68ED-429D-B10F-3C61B1399513"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:-:*:*:*:*:*:*","matchCriteriaId":"1EE12F4B-5607-4790-A29B-EE23383BCC1A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*","matchCriteriaId":"6D05A958-9749-486A-A149-C21647CDCADF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:beta2:*:*:*:*:*:*","matchCriteriaId":"C9E12B43-AD3E-48A2-9042-5586186CA3BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p1:*:*:*:*:*:*","matchCriteriaId":"C267AF14-7BA8-4D1F-BCD9-BE3ED0DA3D25"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p2:*:*:*:*:*:*","matchCriteriaId":"B4947C63-CFD9-437B-A09E-A197DCE40095"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p3:*:*:*:*:*:*","matchCriteriaId":"7FB6D020-2E5C-4789-A063-2C907F3CF3FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p4:*:*:*:*:*:*","matchCriteriaId":"A607D50D-B385-41F3-B1A9-3B21F52F2386"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.9:beta1:*:*:*:*:*:*","matchCriteriaId":"E4800556-D9A9-41AA-84A8-610BDAE2DE24"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*","versionEndExcluding":"1.3.3","matchCriteriaId":"28120C2E-10AD-4476-B6C3-BE3A43946068"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*","matchCriteriaId":"C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p1:*:*:*:*:*:*","matchCriteriaId":"E396FB4F-B20A-4BF9-8FBD-014A0F197F08"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*","matchCriteriaId":"2ADE32D1-2845-4030-BE1F-ECE28189D0F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*","matchCriteriaId":"F2E771C9-86C4-455C-98D4-6F4FE7A9A822"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:*:*:*:*:*:*","matchCriteriaId":"491AB715-F62A-46DB-A56E-055CF7CB7BEF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p13:*:*:*:*:*:*","matchCriteriaId":"6FE364A8-4780-426F-9E8A-284A31FE2623"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p14:*:*:*:*:*:*","matchCriteriaId":"F9258027-8A6A-4C6A-BC6F-349B6E03D828"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p15:*:*:*:*:*:*","matchCriteriaId":"934C52C7-8751-481E-BAA7-F631C4E31F32"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p16:*:*:*:*:*:*","matchCriteriaId":"D3C5847F-57AA-4ADA-8997-5D4F5FDFF50E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p17:*:*:*:*:*:*","matchCriteriaId":"12F8A820-8F52-4214-9EB3-DFEA5C89D738"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p2:*:*:*:*:*:*","matchCriteriaId":"5677B7E2-FA07-4536-96A9-2C64BEFD3751"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p3:*:*:*:*:*:*","matchCriteriaId":"2DCD1522-6E27-474F-9FC6-413409D6AD55"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p4:*:*:*:*:*:*","matchCriteriaId":"B7968FCA-CCFD-4222-8FB8-E6E21107944F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p5:*:*:*:*:*:*","matchCriteriaId":"8C175A1F-7814-4C51-A7B7-AD5140F0688F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p6:*:*:*:*:*:*","matchCriteriaId":"E66CBFB3-40C3-474A-A3A3-12135F610814"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p7:*:*:*:*:*:*","matchCriteriaId":"F51DFA17-1875-41A9-B141-D89BB6238B3F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p8:*:*:*:*:*:*","matchCriteriaId":"5A4D10EF-9137-4DF5-A5DD-97907E8B4C02"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p9:*:*:*:*:*:*","matchCriteriaId":"5CD0DC76-7181-4954-A59E-AB7BB47D0576"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*","matchCriteriaId":"1C90C433-6655-4038-9AB3-0304C1AFF360"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p1:*:*:*:*:*:*","matchCriteriaId":"374E7EDD-512A-4633-A136-01A656935334"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*","matchCriteriaId":"89BAB227-03E6-4776-ADE4-9D9CB666EFD9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p11:*:*:*:*:*:*","matchCriteriaId":"0E5ACABA-D6D6-4F29-A9DD-5A04A44ABE64"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p12:*:*:*:*:*:*","matchCriteriaId":"FA80AFCE-2663-46C0-AEC0-C16C8E675E6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p13:*:*:*:*:*:*","matchCriteriaId":"EB9955CA-7E7B-40D3-A85D-58BB0D9AC897"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p14:*:*:*:*:*:*","matchCriteriaId":"5D0A17AC-D433-47C2-A1AC-88291DCCECCD"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p15:*:*:*:*:*:*","matchCriteriaId":"7E0FD85B-E851-436D-A789-852DD26A3B56"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p16:*:*:*:*:*:*","matchCriteriaId":"435DFE49-8BCF-4F74-856C-141037F8666B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p2:*:*:*:*:*:*","matchCriteriaId":"0E9D364A-C858-4160-8B8B-33ECF94796D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p3:*:*:*:*:*:*","matchCriteriaId":"61559E50-581E-40FF-9FD4-10192ECFCD04"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p4:*:*:*:*:*:*","matchCriteriaId":"DE3BFB41-5633-4167-B1EA-9E958BCE9DC2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p5:*:*:*:*:*:*","matchCriteriaId":"F2C525D2-837D-486A-8B38-5634AE2ECE2B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p6:*:*:*:*:*:*","matchCriteriaId":"6F220229-F2DF-4C9D-90A6-8B09F8BE3391"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p7:*:*:*:*:*:*","matchCriteriaId":"63AB9506-3F8E-4C2E-A859-2380431C15A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p8:*:*:*:*:*:*","matchCriteriaId":"51B76658-EA6B-4AC9-9D9C-374C5308D069"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*","matchCriteriaId":"6E94B136-7A2C-47F0-BCE4-6BB8E776A305"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*","matchCriteriaId":"15C638A8-EFE0-47DB-B1F9-34093AF0FC17"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*","matchCriteriaId":"CB863404-A9D7-4692-AB43-08945E669928"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*","matchCriteriaId":"D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*","matchCriteriaId":"A21F608C-C356-47B8-8FBB-DB28BABFC4C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p4:*:*:*:*:*:*","matchCriteriaId":"E14195F1-5016-46BE-A614-6FB4E312FC93"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p5:*:*:*:*:*:*","matchCriteriaId":"9C360EA8-B18F-4327-90EF-7EED2892BE4F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p6:*:*:*:*:*:*","matchCriteriaId":"500E3A54-D7C7-4887-9EA6-7DF85389A831"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p7:*:*:*:*:*:*","matchCriteriaId":"ED6FFC1D-E921-4FF7-9928-015630613FE1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p8:*:*:*:*:*:*","matchCriteriaId":"FB8CAC6E-DA06-4C82-B148-38234D4EB910"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p9:*:*:*:*:*:*","matchCriteriaId":"CEC04530-DA8F-4411-8C55-9291F5CBBC8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:-:*:*:*:*:*:*","matchCriteriaId":"D855D141-7876-4F5A-91BE-6350DD379879"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p1:*:*:*:*:*:*","matchCriteriaId":"79CBDF59-EB84-44D3-81CF-5CBF943B411E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p2:*:*:*:*:*:*","matchCriteriaId":"2117B163-D88E-4EB4-AEA7-F27FB732BD48"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p3:*:*:*:*:*:*","matchCriteriaId":"33E56E15-320F-4517-85C1-832A5942944C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p4:*:*:*:*:*:*","matchCriteriaId":"F50271FB-D419-4F63-A4CE-ED94C202AE8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.3:beta1:*:*:*:*:*:*","matchCriteriaId":"6A4BB895-9ECD-4026-9AC0-345F9AB817E1"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*","versionEndExcluding":"2.4.6","matchCriteriaId":"371EC52C-661F-45E9-B010-7E92E829684B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*","matchCriteriaId":"789BD987-9DAD-4EAE-93DE-0E267D54F124"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*","matchCriteriaId":"A3F113C0-00C5-4BC2-B42B-8AE3756252F2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p10:*:*:open_source:*:*:*","matchCriteriaId":"AE842CC8-7795-4238-B727-0BA2FFFBF62C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p11:*:*:open_source:*:*:*","matchCriteriaId":"AE724531-422D-4ABB-98F5-2C0B1BBEF031"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p12:*:*:open_source:*:*:*","matchCriteriaId":"BB499397-0E40-45B0-A7E9-BEFCC909DD07"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p13:*:*:open_source:*:*:*","matchCriteriaId":"0F972E57-B08E-46DF-88F1-A3002F001E83"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p14:*:*:open_source:*:*:*","matchCriteriaId":"F2DB3C10-65DF-4642-B581-8BE75FA2FAFA"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*","matchCriteriaId":"02592D65-2D2C-460A-A970-8A18F9B156ED"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*","matchCriteriaId":"457B89CF-C75E-4ED6-8603-9C52BA462A9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*","matchCriteriaId":"A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*","matchCriteriaId":"2A2DD9C6-BAF5-4DF5-9C14-3478923B2019"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*","matchCriteriaId":"BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*","matchCriteriaId":"2AA0B806-ABB8-4C18-9F9C-8291BE208F52"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*","matchCriteriaId":"AA9D4DAB-7567-48D7-BE60-2A10B35CFF27"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p9:*:*:open_source:*:*:*","matchCriteriaId":"A91E797D-63F6-4DE8-869C-AF0133DC6C03"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*","matchCriteriaId":"0E06FE04-8844-4409-92D9-4972B47C921B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*","matchCriteriaId":"99C620F3-40ED-4D7F-B6A1-205E948FD6F5"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*","matchCriteriaId":"FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:beta3:*:*:open_source:*:*:*","matchCriteriaId":"7EB4B9C5-513C-4039-8087-5E8880894318"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*","matchCriteriaId":"9C77154A-DBFE-48C3-A274-03075A0DB040"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*","matchCriteriaId":"F5AAC414-623C-444F-9BD5-EE0ACE2B2246"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*","matchCriteriaId":"8292888D-B0B0-4DF3-8719-EA4CDCAB39D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p4:*:*:open_source:*:*:*","matchCriteriaId":"9830E074-FDCF-41E9-98C7-10C20424EF4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p5:*:*:open_source:*:*:*","matchCriteriaId":"9D0C8648-B39E-47C7-AA5C-3AFED22F8D40"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p6:*:*:open_source:*:*:*","matchCriteriaId":"082F8B60-ECC5-4C55-BBFE-A0C8A3E95590"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p7:*:*:open_source:*:*:*","matchCriteriaId":"A7B83AD4-3134-414A-80E3-106C3C0F975A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p8:*:*:open_source:*:*:*","matchCriteriaId":"FAA14D5B-ACF2-497B-ACE7-33C42682D2DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p9:*:*:open_source:*:*:*","matchCriteriaId":"FCD04DB8-77E6-47FA-957C-F41530DC45E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:-:*:*:open_source:*:*:*","matchCriteriaId":"00E8284F-10CD-449C-AEF1-688B8287292F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*","matchCriteriaId":"59C10C74-FDB1-46EC-8F41-F3AC24AEFB7D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:beta2:*:*:open_source:*:*:*","matchCriteriaId":"2957B390-52C5-48D7-A6D7-709BC76B9C69"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p1:*:*:open_source:*:*:*","matchCriteriaId":"524F64B6-F7F7-4926-884F-E9448636007C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p2:*:*:open_source:*:*:*","matchCriteriaId":"9F56F919-69B6-4A77-B8CE-F13409542F14"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p3:*:*:open_source:*:*:*","matchCriteriaId":"F81D46F6-AEA3-4A83-A6F5-2231FD4CEC46"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p4:*:*:open_source:*:*:*","matchCriteriaId":"10A2F717-827A-424E-8DBA-CABED7C70A08"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.9:beta1:*:*:open_source:*:*:*","matchCriteriaId":"ED72E42E-7F55-4FEE-B936-B5EE688BF4E0"}]}]}],"references":[{"url":"https://helpx.adobe.com/security/products/magento/apsb26-49.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-34651","sourceIdentifier":"psirt@adobe.com","published":"2026-05-12T20:16:36.150","lastModified":"2026-05-20T17:13:06.870","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction."}],"metrics":{"cvssMetricV31":[{"source":"psirt@adobe.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"psirt@adobe.com","type":"Primary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.4","matchCriteriaId":"76AAB57F-7723-44E0-B91A-9F120C849AC4"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*","matchCriteriaId":"D258D9EF-94FB-41F0-A7A5-7F66FA7A0055"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*","matchCriteriaId":"4E5CF6F0-2388-4D3F-8FE1-43B8AF148564"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*","matchCriteriaId":"1C3D7164-1C5F-40BC-9EEC-B0E00CD45808"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*","matchCriteriaId":"68AAE162-5957-42AF-BE20-40F341837FAC"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p12:*:*:*:*:*:*","matchCriteriaId":"D9D01159-3309-4F6B-93B0-2D89DDD33DEE"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p13:*:*:*:*:*:*","matchCriteriaId":"91736E79-D8E7-4AF2-8E01-A7B4EB8AD6F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p14:*:*:*:*:*:*","matchCriteriaId":"8412C043-64E7-4DFF-A303-13A6FE113BFB"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p15:*:*:*:*:*:*","matchCriteriaId":"BBDA2BCF-E784-4CF3-B30D-6FF5BEE2055F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p16:*:*:*:*:*:*","matchCriteriaId":"00909C10-6C93-4735-94ED-18DCBD608A28"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p17:*:*:*:*:*:*","matchCriteriaId":"C6F35FE6-853D-4EC6-8A4F-07F4ABD6301A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*","matchCriteriaId":"D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*","matchCriteriaId":"CFEBDDF2-6443-4482-83B2-3CD272CF599F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*","matchCriteriaId":"6661093F-8D22-450F-BC6C-A8894A52E6A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*","matchCriteriaId":"2515DA6D-2E74-4A05-BD29-FEEF3322BCB6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*","matchCriteriaId":"69A1F1F7-E53C-40F3-B3D9-DC011FC353BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*","matchCriteriaId":"6A56E96C-6CE5-442C-AA88-F0059B02B5E7"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*","matchCriteriaId":"8867F510-201C-4199-8554-53DE156CE669"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*","matchCriteriaId":"23988132-DD4E-4968-B6B8-954122F76081"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*","matchCriteriaId":"9B07F7B2-E915-4EFF-8FFC-91143CEF082E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*","matchCriteriaId":"7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*","matchCriteriaId":"5764CC97-C866-415D-A3A1-5B5B9E1C06A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p11:*:*:*:*:*:*","matchCriteriaId":"E82D10D8-2894-4E5B-B47B-F00964DD5CDE"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p12:*:*:*:*:*:*","matchCriteriaId":"B044F2D9-E888-4852-8A40-DCE688860ED3"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p13:*:*:*:*:*:*","matchCriteriaId":"6423C754-36F9-4680-9211-60940ED63E79"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p14:*:*:*:*:*:*","matchCriteriaId":"3472064A-8C79-436B-965A-96834AE8D346"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p15:*:*:*:*:*:*","matchCriteriaId":"CDA8ABEB-F955-4D34-8219-C518B49F5543"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p16:*:*:*:*:*:*","matchCriteriaId":"55D6A6BD-9E63-448A-A286-437EA1580CEF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*","matchCriteriaId":"8605E4E6-0F7D-42C8-B35B-2349A0BEFC69"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*","matchCriteriaId":"B6318F97-E59A-4425-8DC7-045C78A644F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*","matchCriteriaId":"324A573E-DBC8-42A0-8CB8-EDD8FBAB7115"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*","matchCriteriaId":"54151A00-CFB8-4E6A-8E74-497CB67BF7E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*","matchCriteriaId":"6DF0E74D-9293-4209-97D1-A3BA13C3DDE9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*","matchCriteriaId":"8922D646-1A97-47ED-91C6-5A426781C98A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*","matchCriteriaId":"952787C6-9BF1-49FB-9824-1236678E1902"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*","matchCriteriaId":"898A8679-3C46-4718-9EDF-583ADDFCF2EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*","matchCriteriaId":"7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*","matchCriteriaId":"D6086841-C175-46A1-8414-71C6163A0E7A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p10:*:*:*:*:*:*","matchCriteriaId":"E57889CC-3E90-46AF-9CD6-3328DD501AD1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p11:*:*:*:*:*:*","matchCriteriaId":"47A86566-DE38-4032-947D-B6181F0BC120"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p12:*:*:*:*:*:*","matchCriteriaId":"B7D1D684-CE7E-4D6D-95B5-1F86A8DB6C66"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p13:*:*:*:*:*:*","matchCriteriaId":"CABF5BD0-1D06-483D-91D3-A773D99EF217"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p14:*:*:*:*:*:*","matchCriteriaId":"33512239-B316-4FE7-94F0-ABD30900238B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*","matchCriteriaId":"D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*","matchCriteriaId":"A576B1B5-73A2-431E-998F-7E5458B51D6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*","matchCriteriaId":"0E05F4AC-2A28-47E3-96DE-0E31AF73CD43"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*","matchCriteriaId":"3A9A62EE-1649-4815-8EC9-7AEF7949EB2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*","matchCriteriaId":"E58690F9-FA9C-42A0-B4CD-91FD1197A53E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*","matchCriteriaId":"77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*","matchCriteriaId":"8B83729E-80AF-47CE-A70C-32BF83024A40"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p9:*:*:*:*:*:*","matchCriteriaId":"73D22D42-646D-4955-A6F9-9B7BA63DC0A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*","matchCriteriaId":"B5D04853-0C2F-47DD-A939-3A8F6E22CB7D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*","matchCriteriaId":"6EBB0608-034B-4F07-A59B-9E6A989BA260"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*","matchCriteriaId":"B3BF9B08-84E3-4974-9DEB-F4285995D796"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:beta3:*:*:*:*:*:*","matchCriteriaId":"7771BEDB-05E2-430E-B2A2-E2F7574B7114"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*","matchCriteriaId":"2E05341A-C70C-4B3D-AF30-9520D6B97D30"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*","matchCriteriaId":"4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*","matchCriteriaId":"95026AA9-A28B-4D94-BD77-7628429EBA30"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p4:*:*:*:*:*:*","matchCriteriaId":"83FD1220-7D46-42B2-8110-30A934144572"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p5:*:*:*:*:*:*","matchCriteriaId":"3F1439CE-8A3B-414A-B974-559209FF480C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p6:*:*:*:*:*:*","matchCriteriaId":"13726DEE-FFCB-447B-9FFF-136F132F2C4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p7:*:*:*:*:*:*","matchCriteriaId":"1A9443CE-AE1F-4D66-9C88-5E2E3FD28EE6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p8:*:*:*:*:*:*","matchCriteriaId":"B5E29EF8-2569-4258-A66F-E1E5F621E0D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p9:*:*:*:*:*:*","matchCriteriaId":"141DC3FF-68ED-429D-B10F-3C61B1399513"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:-:*:*:*:*:*:*","matchCriteriaId":"1EE12F4B-5607-4790-A29B-EE23383BCC1A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*","matchCriteriaId":"6D05A958-9749-486A-A149-C21647CDCADF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:beta2:*:*:*:*:*:*","matchCriteriaId":"C9E12B43-AD3E-48A2-9042-5586186CA3BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p1:*:*:*:*:*:*","matchCriteriaId":"C267AF14-7BA8-4D1F-BCD9-BE3ED0DA3D25"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p2:*:*:*:*:*:*","matchCriteriaId":"B4947C63-CFD9-437B-A09E-A197DCE40095"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p3:*:*:*:*:*:*","matchCriteriaId":"7FB6D020-2E5C-4789-A063-2C907F3CF3FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p4:*:*:*:*:*:*","matchCriteriaId":"A607D50D-B385-41F3-B1A9-3B21F52F2386"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.9:beta1:*:*:*:*:*:*","matchCriteriaId":"E4800556-D9A9-41AA-84A8-610BDAE2DE24"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*","versionEndExcluding":"1.3.3","matchCriteriaId":"28120C2E-10AD-4476-B6C3-BE3A43946068"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*","matchCriteriaId":"C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p1:*:*:*:*:*:*","matchCriteriaId":"E396FB4F-B20A-4BF9-8FBD-014A0F197F08"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*","matchCriteriaId":"2ADE32D1-2845-4030-BE1F-ECE28189D0F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*","matchCriteriaId":"F2E771C9-86C4-455C-98D4-6F4FE7A9A822"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:*:*:*:*:*:*","matchCriteriaId":"491AB715-F62A-46DB-A56E-055CF7CB7BEF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p13:*:*:*:*:*:*","matchCriteriaId":"6FE364A8-4780-426F-9E8A-284A31FE2623"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p14:*:*:*:*:*:*","matchCriteriaId":"F9258027-8A6A-4C6A-BC6F-349B6E03D828"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p15:*:*:*:*:*:*","matchCriteriaId":"934C52C7-8751-481E-BAA7-F631C4E31F32"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p16:*:*:*:*:*:*","matchCriteriaId":"D3C5847F-57AA-4ADA-8997-5D4F5FDFF50E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p17:*:*:*:*:*:*","matchCriteriaId":"12F8A820-8F52-4214-9EB3-DFEA5C89D738"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p2:*:*:*:*:*:*","matchCriteriaId":"5677B7E2-FA07-4536-96A9-2C64BEFD3751"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p3:*:*:*:*:*:*","matchCriteriaId":"2DCD1522-6E27-474F-9FC6-413409D6AD55"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p4:*:*:*:*:*:*","matchCriteriaId":"B7968FCA-CCFD-4222-8FB8-E6E21107944F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p5:*:*:*:*:*:*","matchCriteriaId":"8C175A1F-7814-4C51-A7B7-AD5140F0688F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p6:*:*:*:*:*:*","matchCriteriaId":"E66CBFB3-40C3-474A-A3A3-12135F610814"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p7:*:*:*:*:*:*","matchCriteriaId":"F51DFA17-1875-41A9-B141-D89BB6238B3F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p8:*:*:*:*:*:*","matchCriteriaId":"5A4D10EF-9137-4DF5-A5DD-97907E8B4C02"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p9:*:*:*:*:*:*","matchCriteriaId":"5CD0DC76-7181-4954-A59E-AB7BB47D0576"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*","matchCriteriaId":"1C90C433-6655-4038-9AB3-0304C1AFF360"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p1:*:*:*:*:*:*","matchCriteriaId":"374E7EDD-512A-4633-A136-01A656935334"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*","matchCriteriaId":"89BAB227-03E6-4776-ADE4-9D9CB666EFD9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p11:*:*:*:*:*:*","matchCriteriaId":"0E5ACABA-D6D6-4F29-A9DD-5A04A44ABE64"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p12:*:*:*:*:*:*","matchCriteriaId":"FA80AFCE-2663-46C0-AEC0-C16C8E675E6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p13:*:*:*:*:*:*","matchCriteriaId":"EB9955CA-7E7B-40D3-A85D-58BB0D9AC897"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p14:*:*:*:*:*:*","matchCriteriaId":"5D0A17AC-D433-47C2-A1AC-88291DCCECCD"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p15:*:*:*:*:*:*","matchCriteriaId":"7E0FD85B-E851-436D-A789-852DD26A3B56"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p16:*:*:*:*:*:*","matchCriteriaId":"435DFE49-8BCF-4F74-856C-141037F8666B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p2:*:*:*:*:*:*","matchCriteriaId":"0E9D364A-C858-4160-8B8B-33ECF94796D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p3:*:*:*:*:*:*","matchCriteriaId":"61559E50-581E-40FF-9FD4-10192ECFCD04"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p4:*:*:*:*:*:*","matchCriteriaId":"DE3BFB41-5633-4167-B1EA-9E958BCE9DC2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p5:*:*:*:*:*:*","matchCriteriaId":"F2C525D2-837D-486A-8B38-5634AE2ECE2B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p6:*:*:*:*:*:*","matchCriteriaId":"6F220229-F2DF-4C9D-90A6-8B09F8BE3391"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p7:*:*:*:*:*:*","matchCriteriaId":"63AB9506-3F8E-4C2E-A859-2380431C15A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p8:*:*:*:*:*:*","matchCriteriaId":"51B76658-EA6B-4AC9-9D9C-374C5308D069"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*","matchCriteriaId":"6E94B136-7A2C-47F0-BCE4-6BB8E776A305"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*","matchCriteriaId":"15C638A8-EFE0-47DB-B1F9-34093AF0FC17"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*","matchCriteriaId":"CB863404-A9D7-4692-AB43-08945E669928"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*","matchCriteriaId":"D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*","matchCriteriaId":"A21F608C-C356-47B8-8FBB-DB28BABFC4C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p4:*:*:*:*:*:*","matchCriteriaId":"E14195F1-5016-46BE-A614-6FB4E312FC93"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p5:*:*:*:*:*:*","matchCriteriaId":"9C360EA8-B18F-4327-90EF-7EED2892BE4F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p6:*:*:*:*:*:*","matchCriteriaId":"500E3A54-D7C7-4887-9EA6-7DF85389A831"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p7:*:*:*:*:*:*","matchCriteriaId":"ED6FFC1D-E921-4FF7-9928-015630613FE1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p8:*:*:*:*:*:*","matchCriteriaId":"FB8CAC6E-DA06-4C82-B148-38234D4EB910"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p9:*:*:*:*:*:*","matchCriteriaId":"CEC04530-DA8F-4411-8C55-9291F5CBBC8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:-:*:*:*:*:*:*","matchCriteriaId":"D855D141-7876-4F5A-91BE-6350DD379879"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p1:*:*:*:*:*:*","matchCriteriaId":"79CBDF59-EB84-44D3-81CF-5CBF943B411E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p2:*:*:*:*:*:*","matchCriteriaId":"2117B163-D88E-4EB4-AEA7-F27FB732BD48"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p3:*:*:*:*:*:*","matchCriteriaId":"33E56E15-320F-4517-85C1-832A5942944C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p4:*:*:*:*:*:*","matchCriteriaId":"F50271FB-D419-4F63-A4CE-ED94C202AE8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.3:beta1:*:*:*:*:*:*","matchCriteriaId":"6A4BB895-9ECD-4026-9AC0-345F9AB817E1"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*","versionEndExcluding":"2.4.6","matchCriteriaId":"371EC52C-661F-45E9-B010-7E92E829684B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*","matchCriteriaId":"789BD987-9DAD-4EAE-93DE-0E267D54F124"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*","matchCriteriaId":"A3F113C0-00C5-4BC2-B42B-8AE3756252F2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p10:*:*:open_source:*:*:*","matchCriteriaId":"AE842CC8-7795-4238-B727-0BA2FFFBF62C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p11:*:*:open_source:*:*:*","matchCriteriaId":"AE724531-422D-4ABB-98F5-2C0B1BBEF031"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p12:*:*:open_source:*:*:*","matchCriteriaId":"BB499397-0E40-45B0-A7E9-BEFCC909DD07"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p13:*:*:open_source:*:*:*","matchCriteriaId":"0F972E57-B08E-46DF-88F1-A3002F001E83"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p14:*:*:open_source:*:*:*","matchCriteriaId":"F2DB3C10-65DF-4642-B581-8BE75FA2FAFA"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*","matchCriteriaId":"02592D65-2D2C-460A-A970-8A18F9B156ED"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*","matchCriteriaId":"457B89CF-C75E-4ED6-8603-9C52BA462A9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*","matchCriteriaId":"A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*","matchCriteriaId":"2A2DD9C6-BAF5-4DF5-9C14-3478923B2019"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*","matchCriteriaId":"BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*","matchCriteriaId":"2AA0B806-ABB8-4C18-9F9C-8291BE208F52"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*","matchCriteriaId":"AA9D4DAB-7567-48D7-BE60-2A10B35CFF27"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p9:*:*:open_source:*:*:*","matchCriteriaId":"A91E797D-63F6-4DE8-869C-AF0133DC6C03"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*","matchCriteriaId":"0E06FE04-8844-4409-92D9-4972B47C921B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*","matchCriteriaId":"99C620F3-40ED-4D7F-B6A1-205E948FD6F5"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*","matchCriteriaId":"FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:beta3:*:*:open_source:*:*:*","matchCriteriaId":"7EB4B9C5-513C-4039-8087-5E8880894318"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*","matchCriteriaId":"9C77154A-DBFE-48C3-A274-03075A0DB040"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*","matchCriteriaId":"F5AAC414-623C-444F-9BD5-EE0ACE2B2246"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*","matchCriteriaId":"8292888D-B0B0-4DF3-8719-EA4CDCAB39D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p4:*:*:open_source:*:*:*","matchCriteriaId":"9830E074-FDCF-41E9-98C7-10C20424EF4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p5:*:*:open_source:*:*:*","matchCriteriaId":"9D0C8648-B39E-47C7-AA5C-3AFED22F8D40"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p6:*:*:open_source:*:*:*","matchCriteriaId":"082F8B60-ECC5-4C55-BBFE-A0C8A3E95590"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p7:*:*:open_source:*:*:*","matchCriteriaId":"A7B83AD4-3134-414A-80E3-106C3C0F975A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p8:*:*:open_source:*:*:*","matchCriteriaId":"FAA14D5B-ACF2-497B-ACE7-33C42682D2DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p9:*:*:open_source:*:*:*","matchCriteriaId":"FCD04DB8-77E6-47FA-957C-F41530DC45E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:-:*:*:open_source:*:*:*","matchCriteriaId":"00E8284F-10CD-449C-AEF1-688B8287292F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*","matchCriteriaId":"59C10C74-FDB1-46EC-8F41-F3AC24AEFB7D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:beta2:*:*:open_source:*:*:*","matchCriteriaId":"2957B390-52C5-48D7-A6D7-709BC76B9C69"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p1:*:*:open_source:*:*:*","matchCriteriaId":"524F64B6-F7F7-4926-884F-E9448636007C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p2:*:*:open_source:*:*:*","matchCriteriaId":"9F56F919-69B6-4A77-B8CE-F13409542F14"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p3:*:*:open_source:*:*:*","matchCriteriaId":"F81D46F6-AEA3-4A83-A6F5-2231FD4CEC46"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p4:*:*:open_source:*:*:*","matchCriteriaId":"10A2F717-827A-424E-8DBA-CABED7C70A08"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.9:beta1:*:*:open_source:*:*:*","matchCriteriaId":"ED72E42E-7F55-4FEE-B936-B5EE688BF4E0"}]}]}],"references":[{"url":"https://helpx.adobe.com/security/products/magento/apsb26-49.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-34652","sourceIdentifier":"psirt@adobe.com","published":"2026-05-12T20:16:36.273","lastModified":"2026-05-20T17:12:21.953","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction."}],"metrics":{"cvssMetricV31":[{"source":"psirt@adobe.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.4","matchCriteriaId":"76AAB57F-7723-44E0-B91A-9F120C849AC4"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*","matchCriteriaId":"D258D9EF-94FB-41F0-A7A5-7F66FA7A0055"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*","matchCriteriaId":"4E5CF6F0-2388-4D3F-8FE1-43B8AF148564"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*","matchCriteriaId":"1C3D7164-1C5F-40BC-9EEC-B0E00CD45808"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*","matchCriteriaId":"68AAE162-5957-42AF-BE20-40F341837FAC"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p12:*:*:*:*:*:*","matchCriteriaId":"D9D01159-3309-4F6B-93B0-2D89DDD33DEE"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p13:*:*:*:*:*:*","matchCriteriaId":"91736E79-D8E7-4AF2-8E01-A7B4EB8AD6F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p14:*:*:*:*:*:*","matchCriteriaId":"8412C043-64E7-4DFF-A303-13A6FE113BFB"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p15:*:*:*:*:*:*","matchCriteriaId":"BBDA2BCF-E784-4CF3-B30D-6FF5BEE2055F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p16:*:*:*:*:*:*","matchCriteriaId":"00909C10-6C93-4735-94ED-18DCBD608A28"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p17:*:*:*:*:*:*","matchCriteriaId":"C6F35FE6-853D-4EC6-8A4F-07F4ABD6301A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*","matchCriteriaId":"D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*","matchCriteriaId":"CFEBDDF2-6443-4482-83B2-3CD272CF599F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*","matchCriteriaId":"6661093F-8D22-450F-BC6C-A8894A52E6A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*","matchCriteriaId":"2515DA6D-2E74-4A05-BD29-FEEF3322BCB6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*","matchCriteriaId":"69A1F1F7-E53C-40F3-B3D9-DC011FC353BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*","matchCriteriaId":"6A56E96C-6CE5-442C-AA88-F0059B02B5E7"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*","matchCriteriaId":"8867F510-201C-4199-8554-53DE156CE669"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*","matchCriteriaId":"23988132-DD4E-4968-B6B8-954122F76081"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*","matchCriteriaId":"9B07F7B2-E915-4EFF-8FFC-91143CEF082E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*","matchCriteriaId":"7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*","matchCriteriaId":"5764CC97-C866-415D-A3A1-5B5B9E1C06A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p11:*:*:*:*:*:*","matchCriteriaId":"E82D10D8-2894-4E5B-B47B-F00964DD5CDE"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p12:*:*:*:*:*:*","matchCriteriaId":"B044F2D9-E888-4852-8A40-DCE688860ED3"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p13:*:*:*:*:*:*","matchCriteriaId":"6423C754-36F9-4680-9211-60940ED63E79"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p14:*:*:*:*:*:*","matchCriteriaId":"3472064A-8C79-436B-965A-96834AE8D346"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p15:*:*:*:*:*:*","matchCriteriaId":"CDA8ABEB-F955-4D34-8219-C518B49F5543"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p16:*:*:*:*:*:*","matchCriteriaId":"55D6A6BD-9E63-448A-A286-437EA1580CEF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*","matchCriteriaId":"8605E4E6-0F7D-42C8-B35B-2349A0BEFC69"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*","matchCriteriaId":"B6318F97-E59A-4425-8DC7-045C78A644F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*","matchCriteriaId":"324A573E-DBC8-42A0-8CB8-EDD8FBAB7115"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*","matchCriteriaId":"54151A00-CFB8-4E6A-8E74-497CB67BF7E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*","matchCriteriaId":"6DF0E74D-9293-4209-97D1-A3BA13C3DDE9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*","matchCriteriaId":"8922D646-1A97-47ED-91C6-5A426781C98A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*","matchCriteriaId":"952787C6-9BF1-49FB-9824-1236678E1902"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*","matchCriteriaId":"898A8679-3C46-4718-9EDF-583ADDFCF2EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*","matchCriteriaId":"7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*","matchCriteriaId":"D6086841-C175-46A1-8414-71C6163A0E7A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p10:*:*:*:*:*:*","matchCriteriaId":"E57889CC-3E90-46AF-9CD6-3328DD501AD1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p11:*:*:*:*:*:*","matchCriteriaId":"47A86566-DE38-4032-947D-B6181F0BC120"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p12:*:*:*:*:*:*","matchCriteriaId":"B7D1D684-CE7E-4D6D-95B5-1F86A8DB6C66"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p13:*:*:*:*:*:*","matchCriteriaId":"CABF5BD0-1D06-483D-91D3-A773D99EF217"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p14:*:*:*:*:*:*","matchCriteriaId":"33512239-B316-4FE7-94F0-ABD30900238B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*","matchCriteriaId":"D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*","matchCriteriaId":"A576B1B5-73A2-431E-998F-7E5458B51D6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*","matchCriteriaId":"0E05F4AC-2A28-47E3-96DE-0E31AF73CD43"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*","matchCriteriaId":"3A9A62EE-1649-4815-8EC9-7AEF7949EB2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*","matchCriteriaId":"E58690F9-FA9C-42A0-B4CD-91FD1197A53E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*","matchCriteriaId":"77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*","matchCriteriaId":"8B83729E-80AF-47CE-A70C-32BF83024A40"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p9:*:*:*:*:*:*","matchCriteriaId":"73D22D42-646D-4955-A6F9-9B7BA63DC0A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*","matchCriteriaId":"B5D04853-0C2F-47DD-A939-3A8F6E22CB7D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*","matchCriteriaId":"6EBB0608-034B-4F07-A59B-9E6A989BA260"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*","matchCriteriaId":"B3BF9B08-84E3-4974-9DEB-F4285995D796"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:beta3:*:*:*:*:*:*","matchCriteriaId":"7771BEDB-05E2-430E-B2A2-E2F7574B7114"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*","matchCriteriaId":"2E05341A-C70C-4B3D-AF30-9520D6B97D30"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*","matchCriteriaId":"4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*","matchCriteriaId":"95026AA9-A28B-4D94-BD77-7628429EBA30"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p4:*:*:*:*:*:*","matchCriteriaId":"83FD1220-7D46-42B2-8110-30A934144572"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p5:*:*:*:*:*:*","matchCriteriaId":"3F1439CE-8A3B-414A-B974-559209FF480C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p6:*:*:*:*:*:*","matchCriteriaId":"13726DEE-FFCB-447B-9FFF-136F132F2C4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p7:*:*:*:*:*:*","matchCriteriaId":"1A9443CE-AE1F-4D66-9C88-5E2E3FD28EE6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p8:*:*:*:*:*:*","matchCriteriaId":"B5E29EF8-2569-4258-A66F-E1E5F621E0D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p9:*:*:*:*:*:*","matchCriteriaId":"141DC3FF-68ED-429D-B10F-3C61B1399513"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:-:*:*:*:*:*:*","matchCriteriaId":"1EE12F4B-5607-4790-A29B-EE23383BCC1A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*","matchCriteriaId":"6D05A958-9749-486A-A149-C21647CDCADF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:beta2:*:*:*:*:*:*","matchCriteriaId":"C9E12B43-AD3E-48A2-9042-5586186CA3BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p1:*:*:*:*:*:*","matchCriteriaId":"C267AF14-7BA8-4D1F-BCD9-BE3ED0DA3D25"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p2:*:*:*:*:*:*","matchCriteriaId":"B4947C63-CFD9-437B-A09E-A197DCE40095"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p3:*:*:*:*:*:*","matchCriteriaId":"7FB6D020-2E5C-4789-A063-2C907F3CF3FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p4:*:*:*:*:*:*","matchCriteriaId":"A607D50D-B385-41F3-B1A9-3B21F52F2386"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.9:beta1:*:*:*:*:*:*","matchCriteriaId":"E4800556-D9A9-41AA-84A8-610BDAE2DE24"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*","versionEndExcluding":"1.3.3","matchCriteriaId":"28120C2E-10AD-4476-B6C3-BE3A43946068"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*","matchCriteriaId":"C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p1:*:*:*:*:*:*","matchCriteriaId":"E396FB4F-B20A-4BF9-8FBD-014A0F197F08"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*","matchCriteriaId":"2ADE32D1-2845-4030-BE1F-ECE28189D0F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*","matchCriteriaId":"F2E771C9-86C4-455C-98D4-6F4FE7A9A822"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:*:*:*:*:*:*","matchCriteriaId":"491AB715-F62A-46DB-A56E-055CF7CB7BEF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p13:*:*:*:*:*:*","matchCriteriaId":"6FE364A8-4780-426F-9E8A-284A31FE2623"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p14:*:*:*:*:*:*","matchCriteriaId":"F9258027-8A6A-4C6A-BC6F-349B6E03D828"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p15:*:*:*:*:*:*","matchCriteriaId":"934C52C7-8751-481E-BAA7-F631C4E31F32"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p16:*:*:*:*:*:*","matchCriteriaId":"D3C5847F-57AA-4ADA-8997-5D4F5FDFF50E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p17:*:*:*:*:*:*","matchCriteriaId":"12F8A820-8F52-4214-9EB3-DFEA5C89D738"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p2:*:*:*:*:*:*","matchCriteriaId":"5677B7E2-FA07-4536-96A9-2C64BEFD3751"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p3:*:*:*:*:*:*","matchCriteriaId":"2DCD1522-6E27-474F-9FC6-413409D6AD55"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p4:*:*:*:*:*:*","matchCriteriaId":"B7968FCA-CCFD-4222-8FB8-E6E21107944F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p5:*:*:*:*:*:*","matchCriteriaId":"8C175A1F-7814-4C51-A7B7-AD5140F0688F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p6:*:*:*:*:*:*","matchCriteriaId":"E66CBFB3-40C3-474A-A3A3-12135F610814"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p7:*:*:*:*:*:*","matchCriteriaId":"F51DFA17-1875-41A9-B141-D89BB6238B3F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p8:*:*:*:*:*:*","matchCriteriaId":"5A4D10EF-9137-4DF5-A5DD-97907E8B4C02"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p9:*:*:*:*:*:*","matchCriteriaId":"5CD0DC76-7181-4954-A59E-AB7BB47D0576"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*","matchCriteriaId":"1C90C433-6655-4038-9AB3-0304C1AFF360"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p1:*:*:*:*:*:*","matchCriteriaId":"374E7EDD-512A-4633-A136-01A656935334"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*","matchCriteriaId":"89BAB227-03E6-4776-ADE4-9D9CB666EFD9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p11:*:*:*:*:*:*","matchCriteriaId":"0E5ACABA-D6D6-4F29-A9DD-5A04A44ABE64"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p12:*:*:*:*:*:*","matchCriteriaId":"FA80AFCE-2663-46C0-AEC0-C16C8E675E6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p13:*:*:*:*:*:*","matchCriteriaId":"EB9955CA-7E7B-40D3-A85D-58BB0D9AC897"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p14:*:*:*:*:*:*","matchCriteriaId":"5D0A17AC-D433-47C2-A1AC-88291DCCECCD"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p15:*:*:*:*:*:*","matchCriteriaId":"7E0FD85B-E851-436D-A789-852DD26A3B56"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p16:*:*:*:*:*:*","matchCriteriaId":"435DFE49-8BCF-4F74-856C-141037F8666B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p2:*:*:*:*:*:*","matchCriteriaId":"0E9D364A-C858-4160-8B8B-33ECF94796D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p3:*:*:*:*:*:*","matchCriteriaId":"61559E50-581E-40FF-9FD4-10192ECFCD04"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p4:*:*:*:*:*:*","matchCriteriaId":"DE3BFB41-5633-4167-B1EA-9E958BCE9DC2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p5:*:*:*:*:*:*","matchCriteriaId":"F2C525D2-837D-486A-8B38-5634AE2ECE2B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p6:*:*:*:*:*:*","matchCriteriaId":"6F220229-F2DF-4C9D-90A6-8B09F8BE3391"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p7:*:*:*:*:*:*","matchCriteriaId":"63AB9506-3F8E-4C2E-A859-2380431C15A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p8:*:*:*:*:*:*","matchCriteriaId":"51B76658-EA6B-4AC9-9D9C-374C5308D069"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*","matchCriteriaId":"6E94B136-7A2C-47F0-BCE4-6BB8E776A305"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*","matchCriteriaId":"15C638A8-EFE0-47DB-B1F9-34093AF0FC17"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*","matchCriteriaId":"CB863404-A9D7-4692-AB43-08945E669928"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*","matchCriteriaId":"D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*","matchCriteriaId":"A21F608C-C356-47B8-8FBB-DB28BABFC4C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p4:*:*:*:*:*:*","matchCriteriaId":"E14195F1-5016-46BE-A614-6FB4E312FC93"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p5:*:*:*:*:*:*","matchCriteriaId":"9C360EA8-B18F-4327-90EF-7EED2892BE4F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p6:*:*:*:*:*:*","matchCriteriaId":"500E3A54-D7C7-4887-9EA6-7DF85389A831"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p7:*:*:*:*:*:*","matchCriteriaId":"ED6FFC1D-E921-4FF7-9928-015630613FE1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p8:*:*:*:*:*:*","matchCriteriaId":"FB8CAC6E-DA06-4C82-B148-38234D4EB910"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p9:*:*:*:*:*:*","matchCriteriaId":"CEC04530-DA8F-4411-8C55-9291F5CBBC8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:-:*:*:*:*:*:*","matchCriteriaId":"D855D141-7876-4F5A-91BE-6350DD379879"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p1:*:*:*:*:*:*","matchCriteriaId":"79CBDF59-EB84-44D3-81CF-5CBF943B411E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p2:*:*:*:*:*:*","matchCriteriaId":"2117B163-D88E-4EB4-AEA7-F27FB732BD48"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p3:*:*:*:*:*:*","matchCriteriaId":"33E56E15-320F-4517-85C1-832A5942944C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p4:*:*:*:*:*:*","matchCriteriaId":"F50271FB-D419-4F63-A4CE-ED94C202AE8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.3:beta1:*:*:*:*:*:*","matchCriteriaId":"6A4BB895-9ECD-4026-9AC0-345F9AB817E1"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*","versionEndExcluding":"2.4.6","matchCriteriaId":"371EC52C-661F-45E9-B010-7E92E829684B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*","matchCriteriaId":"789BD987-9DAD-4EAE-93DE-0E267D54F124"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*","matchCriteriaId":"A3F113C0-00C5-4BC2-B42B-8AE3756252F2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p10:*:*:open_source:*:*:*","matchCriteriaId":"AE842CC8-7795-4238-B727-0BA2FFFBF62C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p11:*:*:open_source:*:*:*","matchCriteriaId":"AE724531-422D-4ABB-98F5-2C0B1BBEF031"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p12:*:*:open_source:*:*:*","matchCriteriaId":"BB499397-0E40-45B0-A7E9-BEFCC909DD07"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p13:*:*:open_source:*:*:*","matchCriteriaId":"0F972E57-B08E-46DF-88F1-A3002F001E83"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p14:*:*:open_source:*:*:*","matchCriteriaId":"F2DB3C10-65DF-4642-B581-8BE75FA2FAFA"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*","matchCriteriaId":"02592D65-2D2C-460A-A970-8A18F9B156ED"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*","matchCriteriaId":"457B89CF-C75E-4ED6-8603-9C52BA462A9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*","matchCriteriaId":"A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*","matchCriteriaId":"2A2DD9C6-BAF5-4DF5-9C14-3478923B2019"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*","matchCriteriaId":"BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*","matchCriteriaId":"2AA0B806-ABB8-4C18-9F9C-8291BE208F52"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*","matchCriteriaId":"AA9D4DAB-7567-48D7-BE60-2A10B35CFF27"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p9:*:*:open_source:*:*:*","matchCriteriaId":"A91E797D-63F6-4DE8-869C-AF0133DC6C03"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*","matchCriteriaId":"0E06FE04-8844-4409-92D9-4972B47C921B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*","matchCriteriaId":"99C620F3-40ED-4D7F-B6A1-205E948FD6F5"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*","matchCriteriaId":"FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:beta3:*:*:open_source:*:*:*","matchCriteriaId":"7EB4B9C5-513C-4039-8087-5E8880894318"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*","matchCriteriaId":"9C77154A-DBFE-48C3-A274-03075A0DB040"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*","matchCriteriaId":"F5AAC414-623C-444F-9BD5-EE0ACE2B2246"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*","matchCriteriaId":"8292888D-B0B0-4DF3-8719-EA4CDCAB39D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p4:*:*:open_source:*:*:*","matchCriteriaId":"9830E074-FDCF-41E9-98C7-10C20424EF4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p5:*:*:open_source:*:*:*","matchCriteriaId":"9D0C8648-B39E-47C7-AA5C-3AFED22F8D40"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p6:*:*:open_source:*:*:*","matchCriteriaId":"082F8B60-ECC5-4C55-BBFE-A0C8A3E95590"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p7:*:*:open_source:*:*:*","matchCriteriaId":"A7B83AD4-3134-414A-80E3-106C3C0F975A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p8:*:*:open_source:*:*:*","matchCriteriaId":"FAA14D5B-ACF2-497B-ACE7-33C42682D2DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p9:*:*:open_source:*:*:*","matchCriteriaId":"FCD04DB8-77E6-47FA-957C-F41530DC45E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:-:*:*:open_source:*:*:*","matchCriteriaId":"00E8284F-10CD-449C-AEF1-688B8287292F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*","matchCriteriaId":"59C10C74-FDB1-46EC-8F41-F3AC24AEFB7D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:beta2:*:*:open_source:*:*:*","matchCriteriaId":"2957B390-52C5-48D7-A6D7-709BC76B9C69"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p1:*:*:open_source:*:*:*","matchCriteriaId":"524F64B6-F7F7-4926-884F-E9448636007C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p2:*:*:open_source:*:*:*","matchCriteriaId":"9F56F919-69B6-4A77-B8CE-F13409542F14"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p3:*:*:open_source:*:*:*","matchCriteriaId":"F81D46F6-AEA3-4A83-A6F5-2231FD4CEC46"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p4:*:*:open_source:*:*:*","matchCriteriaId":"10A2F717-827A-424E-8DBA-CABED7C70A08"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.9:beta1:*:*:open_source:*:*:*","matchCriteriaId":"ED72E42E-7F55-4FEE-B936-B5EE688BF4E0"}]}]}],"references":[{"url":"https://helpx.adobe.com/security/products/magento/apsb26-49.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-34653","sourceIdentifier":"psirt@adobe.com","published":"2026-05-12T20:16:36.387","lastModified":"2026-05-20T16:02:39.460","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary file system read and write. An authenticated attacker with administrative privileges could exploit this vulnerability to read or write files outside the restricted directory. Exploitation of this issue does not require user interaction. Scope is changed."}],"metrics":{"cvssMetricV31":[{"source":"psirt@adobe.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":5.8}]},"weaknesses":[{"source":"psirt@adobe.com","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.4","matchCriteriaId":"76AAB57F-7723-44E0-B91A-9F120C849AC4"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*","matchCriteriaId":"D258D9EF-94FB-41F0-A7A5-7F66FA7A0055"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*","matchCriteriaId":"4E5CF6F0-2388-4D3F-8FE1-43B8AF148564"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*","matchCriteriaId":"1C3D7164-1C5F-40BC-9EEC-B0E00CD45808"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*","matchCriteriaId":"68AAE162-5957-42AF-BE20-40F341837FAC"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p12:*:*:*:*:*:*","matchCriteriaId":"D9D01159-3309-4F6B-93B0-2D89DDD33DEE"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p13:*:*:*:*:*:*","matchCriteriaId":"91736E79-D8E7-4AF2-8E01-A7B4EB8AD6F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p14:*:*:*:*:*:*","matchCriteriaId":"8412C043-64E7-4DFF-A303-13A6FE113BFB"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p15:*:*:*:*:*:*","matchCriteriaId":"BBDA2BCF-E784-4CF3-B30D-6FF5BEE2055F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p16:*:*:*:*:*:*","matchCriteriaId":"00909C10-6C93-4735-94ED-18DCBD608A28"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p17:*:*:*:*:*:*","matchCriteriaId":"C6F35FE6-853D-4EC6-8A4F-07F4ABD6301A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*","matchCriteriaId":"D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*","matchCriteriaId":"CFEBDDF2-6443-4482-83B2-3CD272CF599F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*","matchCriteriaId":"6661093F-8D22-450F-BC6C-A8894A52E6A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*","matchCriteriaId":"2515DA6D-2E74-4A05-BD29-FEEF3322BCB6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*","matchCriteriaId":"69A1F1F7-E53C-40F3-B3D9-DC011FC353BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*","matchCriteriaId":"6A56E96C-6CE5-442C-AA88-F0059B02B5E7"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*","matchCriteriaId":"8867F510-201C-4199-8554-53DE156CE669"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*","matchCriteriaId":"23988132-DD4E-4968-B6B8-954122F76081"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*","matchCriteriaId":"9B07F7B2-E915-4EFF-8FFC-91143CEF082E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*","matchCriteriaId":"7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*","matchCriteriaId":"5764CC97-C866-415D-A3A1-5B5B9E1C06A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p11:*:*:*:*:*:*","matchCriteriaId":"E82D10D8-2894-4E5B-B47B-F00964DD5CDE"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p12:*:*:*:*:*:*","matchCriteriaId":"B044F2D9-E888-4852-8A40-DCE688860ED3"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p13:*:*:*:*:*:*","matchCriteriaId":"6423C754-36F9-4680-9211-60940ED63E79"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p14:*:*:*:*:*:*","matchCriteriaId":"3472064A-8C79-436B-965A-96834AE8D346"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p15:*:*:*:*:*:*","matchCriteriaId":"CDA8ABEB-F955-4D34-8219-C518B49F5543"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p16:*:*:*:*:*:*","matchCriteriaId":"55D6A6BD-9E63-448A-A286-437EA1580CEF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*","matchCriteriaId":"8605E4E6-0F7D-42C8-B35B-2349A0BEFC69"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*","matchCriteriaId":"B6318F97-E59A-4425-8DC7-045C78A644F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*","matchCriteriaId":"324A573E-DBC8-42A0-8CB8-EDD8FBAB7115"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*","matchCriteriaId":"54151A00-CFB8-4E6A-8E74-497CB67BF7E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*","matchCriteriaId":"6DF0E74D-9293-4209-97D1-A3BA13C3DDE9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*","matchCriteriaId":"8922D646-1A97-47ED-91C6-5A426781C98A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*","matchCriteriaId":"952787C6-9BF1-49FB-9824-1236678E1902"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*","matchCriteriaId":"898A8679-3C46-4718-9EDF-583ADDFCF2EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*","matchCriteriaId":"7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*","matchCriteriaId":"D6086841-C175-46A1-8414-71C6163A0E7A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p10:*:*:*:*:*:*","matchCriteriaId":"E57889CC-3E90-46AF-9CD6-3328DD501AD1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p11:*:*:*:*:*:*","matchCriteriaId":"47A86566-DE38-4032-947D-B6181F0BC120"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p12:*:*:*:*:*:*","matchCriteriaId":"B7D1D684-CE7E-4D6D-95B5-1F86A8DB6C66"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p13:*:*:*:*:*:*","matchCriteriaId":"CABF5BD0-1D06-483D-91D3-A773D99EF217"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p14:*:*:*:*:*:*","matchCriteriaId":"33512239-B316-4FE7-94F0-ABD30900238B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*","matchCriteriaId":"D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*","matchCriteriaId":"A576B1B5-73A2-431E-998F-7E5458B51D6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*","matchCriteriaId":"0E05F4AC-2A28-47E3-96DE-0E31AF73CD43"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*","matchCriteriaId":"3A9A62EE-1649-4815-8EC9-7AEF7949EB2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*","matchCriteriaId":"E58690F9-FA9C-42A0-B4CD-91FD1197A53E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*","matchCriteriaId":"77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*","matchCriteriaId":"8B83729E-80AF-47CE-A70C-32BF83024A40"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p9:*:*:*:*:*:*","matchCriteriaId":"73D22D42-646D-4955-A6F9-9B7BA63DC0A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*","matchCriteriaId":"B5D04853-0C2F-47DD-A939-3A8F6E22CB7D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*","matchCriteriaId":"6EBB0608-034B-4F07-A59B-9E6A989BA260"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*","matchCriteriaId":"B3BF9B08-84E3-4974-9DEB-F4285995D796"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:beta3:*:*:*:*:*:*","matchCriteriaId":"7771BEDB-05E2-430E-B2A2-E2F7574B7114"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*","matchCriteriaId":"2E05341A-C70C-4B3D-AF30-9520D6B97D30"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*","matchCriteriaId":"4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*","matchCriteriaId":"95026AA9-A28B-4D94-BD77-7628429EBA30"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p4:*:*:*:*:*:*","matchCriteriaId":"83FD1220-7D46-42B2-8110-30A934144572"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p5:*:*:*:*:*:*","matchCriteriaId":"3F1439CE-8A3B-414A-B974-559209FF480C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p6:*:*:*:*:*:*","matchCriteriaId":"13726DEE-FFCB-447B-9FFF-136F132F2C4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p7:*:*:*:*:*:*","matchCriteriaId":"1A9443CE-AE1F-4D66-9C88-5E2E3FD28EE6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p8:*:*:*:*:*:*","matchCriteriaId":"B5E29EF8-2569-4258-A66F-E1E5F621E0D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p9:*:*:*:*:*:*","matchCriteriaId":"141DC3FF-68ED-429D-B10F-3C61B1399513"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:-:*:*:*:*:*:*","matchCriteriaId":"1EE12F4B-5607-4790-A29B-EE23383BCC1A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*","matchCriteriaId":"6D05A958-9749-486A-A149-C21647CDCADF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:beta2:*:*:*:*:*:*","matchCriteriaId":"C9E12B43-AD3E-48A2-9042-5586186CA3BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p1:*:*:*:*:*:*","matchCriteriaId":"C267AF14-7BA8-4D1F-BCD9-BE3ED0DA3D25"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p2:*:*:*:*:*:*","matchCriteriaId":"B4947C63-CFD9-437B-A09E-A197DCE40095"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p3:*:*:*:*:*:*","matchCriteriaId":"7FB6D020-2E5C-4789-A063-2C907F3CF3FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p4:*:*:*:*:*:*","matchCriteriaId":"A607D50D-B385-41F3-B1A9-3B21F52F2386"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.9:beta1:*:*:*:*:*:*","matchCriteriaId":"E4800556-D9A9-41AA-84A8-610BDAE2DE24"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*","versionEndExcluding":"1.3.3","matchCriteriaId":"28120C2E-10AD-4476-B6C3-BE3A43946068"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*","matchCriteriaId":"C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p1:*:*:*:*:*:*","matchCriteriaId":"E396FB4F-B20A-4BF9-8FBD-014A0F197F08"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*","matchCriteriaId":"2ADE32D1-2845-4030-BE1F-ECE28189D0F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*","matchCriteriaId":"F2E771C9-86C4-455C-98D4-6F4FE7A9A822"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:*:*:*:*:*:*","matchCriteriaId":"491AB715-F62A-46DB-A56E-055CF7CB7BEF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p13:*:*:*:*:*:*","matchCriteriaId":"6FE364A8-4780-426F-9E8A-284A31FE2623"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p14:*:*:*:*:*:*","matchCriteriaId":"F9258027-8A6A-4C6A-BC6F-349B6E03D828"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p15:*:*:*:*:*:*","matchCriteriaId":"934C52C7-8751-481E-BAA7-F631C4E31F32"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p16:*:*:*:*:*:*","matchCriteriaId":"D3C5847F-57AA-4ADA-8997-5D4F5FDFF50E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p17:*:*:*:*:*:*","matchCriteriaId":"12F8A820-8F52-4214-9EB3-DFEA5C89D738"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p2:*:*:*:*:*:*","matchCriteriaId":"5677B7E2-FA07-4536-96A9-2C64BEFD3751"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p3:*:*:*:*:*:*","matchCriteriaId":"2DCD1522-6E27-474F-9FC6-413409D6AD55"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p4:*:*:*:*:*:*","matchCriteriaId":"B7968FCA-CCFD-4222-8FB8-E6E21107944F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p5:*:*:*:*:*:*","matchCriteriaId":"8C175A1F-7814-4C51-A7B7-AD5140F0688F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p6:*:*:*:*:*:*","matchCriteriaId":"E66CBFB3-40C3-474A-A3A3-12135F610814"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p7:*:*:*:*:*:*","matchCriteriaId":"F51DFA17-1875-41A9-B141-D89BB6238B3F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p8:*:*:*:*:*:*","matchCriteriaId":"5A4D10EF-9137-4DF5-A5DD-97907E8B4C02"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p9:*:*:*:*:*:*","matchCriteriaId":"5CD0DC76-7181-4954-A59E-AB7BB47D0576"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*","matchCriteriaId":"1C90C433-6655-4038-9AB3-0304C1AFF360"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p1:*:*:*:*:*:*","matchCriteriaId":"374E7EDD-512A-4633-A136-01A656935334"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*","matchCriteriaId":"89BAB227-03E6-4776-ADE4-9D9CB666EFD9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p11:*:*:*:*:*:*","matchCriteriaId":"0E5ACABA-D6D6-4F29-A9DD-5A04A44ABE64"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p12:*:*:*:*:*:*","matchCriteriaId":"FA80AFCE-2663-46C0-AEC0-C16C8E675E6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p13:*:*:*:*:*:*","matchCriteriaId":"EB9955CA-7E7B-40D3-A85D-58BB0D9AC897"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p14:*:*:*:*:*:*","matchCriteriaId":"5D0A17AC-D433-47C2-A1AC-88291DCCECCD"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p15:*:*:*:*:*:*","matchCriteriaId":"7E0FD85B-E851-436D-A789-852DD26A3B56"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p16:*:*:*:*:*:*","matchCriteriaId":"435DFE49-8BCF-4F74-856C-141037F8666B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p2:*:*:*:*:*:*","matchCriteriaId":"0E9D364A-C858-4160-8B8B-33ECF94796D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p3:*:*:*:*:*:*","matchCriteriaId":"61559E50-581E-40FF-9FD4-10192ECFCD04"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p4:*:*:*:*:*:*","matchCriteriaId":"DE3BFB41-5633-4167-B1EA-9E958BCE9DC2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p5:*:*:*:*:*:*","matchCriteriaId":"F2C525D2-837D-486A-8B38-5634AE2ECE2B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p6:*:*:*:*:*:*","matchCriteriaId":"6F220229-F2DF-4C9D-90A6-8B09F8BE3391"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p7:*:*:*:*:*:*","matchCriteriaId":"63AB9506-3F8E-4C2E-A859-2380431C15A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p8:*:*:*:*:*:*","matchCriteriaId":"51B76658-EA6B-4AC9-9D9C-374C5308D069"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*","matchCriteriaId":"6E94B136-7A2C-47F0-BCE4-6BB8E776A305"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*","matchCriteriaId":"15C638A8-EFE0-47DB-B1F9-34093AF0FC17"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*","matchCriteriaId":"CB863404-A9D7-4692-AB43-08945E669928"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*","matchCriteriaId":"D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*","matchCriteriaId":"A21F608C-C356-47B8-8FBB-DB28BABFC4C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p4:*:*:*:*:*:*","matchCriteriaId":"E14195F1-5016-46BE-A614-6FB4E312FC93"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p5:*:*:*:*:*:*","matchCriteriaId":"9C360EA8-B18F-4327-90EF-7EED2892BE4F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p6:*:*:*:*:*:*","matchCriteriaId":"500E3A54-D7C7-4887-9EA6-7DF85389A831"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p7:*:*:*:*:*:*","matchCriteriaId":"ED6FFC1D-E921-4FF7-9928-015630613FE1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p8:*:*:*:*:*:*","matchCriteriaId":"FB8CAC6E-DA06-4C82-B148-38234D4EB910"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p9:*:*:*:*:*:*","matchCriteriaId":"CEC04530-DA8F-4411-8C55-9291F5CBBC8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:-:*:*:*:*:*:*","matchCriteriaId":"D855D141-7876-4F5A-91BE-6350DD379879"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p1:*:*:*:*:*:*","matchCriteriaId":"79CBDF59-EB84-44D3-81CF-5CBF943B411E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p2:*:*:*:*:*:*","matchCriteriaId":"2117B163-D88E-4EB4-AEA7-F27FB732BD48"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p3:*:*:*:*:*:*","matchCriteriaId":"33E56E15-320F-4517-85C1-832A5942944C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p4:*:*:*:*:*:*","matchCriteriaId":"F50271FB-D419-4F63-A4CE-ED94C202AE8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.3:beta1:*:*:*:*:*:*","matchCriteriaId":"6A4BB895-9ECD-4026-9AC0-345F9AB817E1"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*","versionEndExcluding":"2.4.6","matchCriteriaId":"371EC52C-661F-45E9-B010-7E92E829684B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*","matchCriteriaId":"789BD987-9DAD-4EAE-93DE-0E267D54F124"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*","matchCriteriaId":"A3F113C0-00C5-4BC2-B42B-8AE3756252F2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p10:*:*:open_source:*:*:*","matchCriteriaId":"AE842CC8-7795-4238-B727-0BA2FFFBF62C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p11:*:*:open_source:*:*:*","matchCriteriaId":"AE724531-422D-4ABB-98F5-2C0B1BBEF031"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p12:*:*:open_source:*:*:*","matchCriteriaId":"BB499397-0E40-45B0-A7E9-BEFCC909DD07"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p13:*:*:open_source:*:*:*","matchCriteriaId":"0F972E57-B08E-46DF-88F1-A3002F001E83"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p14:*:*:open_source:*:*:*","matchCriteriaId":"F2DB3C10-65DF-4642-B581-8BE75FA2FAFA"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*","matchCriteriaId":"02592D65-2D2C-460A-A970-8A18F9B156ED"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*","matchCriteriaId":"457B89CF-C75E-4ED6-8603-9C52BA462A9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*","matchCriteriaId":"A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*","matchCriteriaId":"2A2DD9C6-BAF5-4DF5-9C14-3478923B2019"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*","matchCriteriaId":"BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*","matchCriteriaId":"2AA0B806-ABB8-4C18-9F9C-8291BE208F52"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*","matchCriteriaId":"AA9D4DAB-7567-48D7-BE60-2A10B35CFF27"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p9:*:*:open_source:*:*:*","matchCriteriaId":"A91E797D-63F6-4DE8-869C-AF0133DC6C03"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*","matchCriteriaId":"0E06FE04-8844-4409-92D9-4972B47C921B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*","matchCriteriaId":"99C620F3-40ED-4D7F-B6A1-205E948FD6F5"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*","matchCriteriaId":"FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:beta3:*:*:open_source:*:*:*","matchCriteriaId":"7EB4B9C5-513C-4039-8087-5E8880894318"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*","matchCriteriaId":"9C77154A-DBFE-48C3-A274-03075A0DB040"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*","matchCriteriaId":"F5AAC414-623C-444F-9BD5-EE0ACE2B2246"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*","matchCriteriaId":"8292888D-B0B0-4DF3-8719-EA4CDCAB39D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p4:*:*:open_source:*:*:*","matchCriteriaId":"9830E074-FDCF-41E9-98C7-10C20424EF4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p5:*:*:open_source:*:*:*","matchCriteriaId":"9D0C8648-B39E-47C7-AA5C-3AFED22F8D40"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p6:*:*:open_source:*:*:*","matchCriteriaId":"082F8B60-ECC5-4C55-BBFE-A0C8A3E95590"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p7:*:*:open_source:*:*:*","matchCriteriaId":"A7B83AD4-3134-414A-80E3-106C3C0F975A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p8:*:*:open_source:*:*:*","matchCriteriaId":"FAA14D5B-ACF2-497B-ACE7-33C42682D2DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p9:*:*:open_source:*:*:*","matchCriteriaId":"FCD04DB8-77E6-47FA-957C-F41530DC45E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:-:*:*:open_source:*:*:*","matchCriteriaId":"00E8284F-10CD-449C-AEF1-688B8287292F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*","matchCriteriaId":"59C10C74-FDB1-46EC-8F41-F3AC24AEFB7D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:beta2:*:*:open_source:*:*:*","matchCriteriaId":"2957B390-52C5-48D7-A6D7-709BC76B9C69"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p1:*:*:open_source:*:*:*","matchCriteriaId":"524F64B6-F7F7-4926-884F-E9448636007C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p2:*:*:open_source:*:*:*","matchCriteriaId":"9F56F919-69B6-4A77-B8CE-F13409542F14"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p3:*:*:open_source:*:*:*","matchCriteriaId":"F81D46F6-AEA3-4A83-A6F5-2231FD4CEC46"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p4:*:*:open_source:*:*:*","matchCriteriaId":"10A2F717-827A-424E-8DBA-CABED7C70A08"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.9:beta1:*:*:open_source:*:*:*","matchCriteriaId":"ED72E42E-7F55-4FEE-B936-B5EE688BF4E0"}]}]}],"references":[{"url":"https://helpx.adobe.com/security/products/magento/apsb26-49.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-34654","sourceIdentifier":"psirt@adobe.com","published":"2026-05-12T20:16:36.500","lastModified":"2026-05-20T16:02:13.963","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction."}],"metrics":{"cvssMetricV31":[{"source":"psirt@adobe.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.4","matchCriteriaId":"76AAB57F-7723-44E0-B91A-9F120C849AC4"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*","matchCriteriaId":"D258D9EF-94FB-41F0-A7A5-7F66FA7A0055"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*","matchCriteriaId":"4E5CF6F0-2388-4D3F-8FE1-43B8AF148564"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*","matchCriteriaId":"1C3D7164-1C5F-40BC-9EEC-B0E00CD45808"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*","matchCriteriaId":"68AAE162-5957-42AF-BE20-40F341837FAC"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p12:*:*:*:*:*:*","matchCriteriaId":"D9D01159-3309-4F6B-93B0-2D89DDD33DEE"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p13:*:*:*:*:*:*","matchCriteriaId":"91736E79-D8E7-4AF2-8E01-A7B4EB8AD6F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p14:*:*:*:*:*:*","matchCriteriaId":"8412C043-64E7-4DFF-A303-13A6FE113BFB"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p15:*:*:*:*:*:*","matchCriteriaId":"BBDA2BCF-E784-4CF3-B30D-6FF5BEE2055F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p16:*:*:*:*:*:*","matchCriteriaId":"00909C10-6C93-4735-94ED-18DCBD608A28"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p17:*:*:*:*:*:*","matchCriteriaId":"C6F35FE6-853D-4EC6-8A4F-07F4ABD6301A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*","matchCriteriaId":"D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*","matchCriteriaId":"CFEBDDF2-6443-4482-83B2-3CD272CF599F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*","matchCriteriaId":"6661093F-8D22-450F-BC6C-A8894A52E6A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*","matchCriteriaId":"2515DA6D-2E74-4A05-BD29-FEEF3322BCB6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*","matchCriteriaId":"69A1F1F7-E53C-40F3-B3D9-DC011FC353BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*","matchCriteriaId":"6A56E96C-6CE5-442C-AA88-F0059B02B5E7"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*","matchCriteriaId":"8867F510-201C-4199-8554-53DE156CE669"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*","matchCriteriaId":"23988132-DD4E-4968-B6B8-954122F76081"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*","matchCriteriaId":"9B07F7B2-E915-4EFF-8FFC-91143CEF082E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*","matchCriteriaId":"7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*","matchCriteriaId":"5764CC97-C866-415D-A3A1-5B5B9E1C06A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p11:*:*:*:*:*:*","matchCriteriaId":"E82D10D8-2894-4E5B-B47B-F00964DD5CDE"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p12:*:*:*:*:*:*","matchCriteriaId":"B044F2D9-E888-4852-8A40-DCE688860ED3"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p13:*:*:*:*:*:*","matchCriteriaId":"6423C754-36F9-4680-9211-60940ED63E79"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p14:*:*:*:*:*:*","matchCriteriaId":"3472064A-8C79-436B-965A-96834AE8D346"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p15:*:*:*:*:*:*","matchCriteriaId":"CDA8ABEB-F955-4D34-8219-C518B49F5543"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p16:*:*:*:*:*:*","matchCriteriaId":"55D6A6BD-9E63-448A-A286-437EA1580CEF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*","matchCriteriaId":"8605E4E6-0F7D-42C8-B35B-2349A0BEFC69"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*","matchCriteriaId":"B6318F97-E59A-4425-8DC7-045C78A644F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*","matchCriteriaId":"324A573E-DBC8-42A0-8CB8-EDD8FBAB7115"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*","matchCriteriaId":"54151A00-CFB8-4E6A-8E74-497CB67BF7E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*","matchCriteriaId":"6DF0E74D-9293-4209-97D1-A3BA13C3DDE9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*","matchCriteriaId":"8922D646-1A97-47ED-91C6-5A426781C98A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*","matchCriteriaId":"952787C6-9BF1-49FB-9824-1236678E1902"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*","matchCriteriaId":"898A8679-3C46-4718-9EDF-583ADDFCF2EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*","matchCriteriaId":"7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*","matchCriteriaId":"D6086841-C175-46A1-8414-71C6163A0E7A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p10:*:*:*:*:*:*","matchCriteriaId":"E57889CC-3E90-46AF-9CD6-3328DD501AD1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p11:*:*:*:*:*:*","matchCriteriaId":"47A86566-DE38-4032-947D-B6181F0BC120"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p12:*:*:*:*:*:*","matchCriteriaId":"B7D1D684-CE7E-4D6D-95B5-1F86A8DB6C66"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p13:*:*:*:*:*:*","matchCriteriaId":"CABF5BD0-1D06-483D-91D3-A773D99EF217"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p14:*:*:*:*:*:*","matchCriteriaId":"33512239-B316-4FE7-94F0-ABD30900238B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*","matchCriteriaId":"D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*","matchCriteriaId":"A576B1B5-73A2-431E-998F-7E5458B51D6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*","matchCriteriaId":"0E05F4AC-2A28-47E3-96DE-0E31AF73CD43"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*","matchCriteriaId":"3A9A62EE-1649-4815-8EC9-7AEF7949EB2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*","matchCriteriaId":"E58690F9-FA9C-42A0-B4CD-91FD1197A53E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*","matchCriteriaId":"77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*","matchCriteriaId":"8B83729E-80AF-47CE-A70C-32BF83024A40"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p9:*:*:*:*:*:*","matchCriteriaId":"73D22D42-646D-4955-A6F9-9B7BA63DC0A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*","matchCriteriaId":"B5D04853-0C2F-47DD-A939-3A8F6E22CB7D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*","matchCriteriaId":"6EBB0608-034B-4F07-A59B-9E6A989BA260"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*","matchCriteriaId":"B3BF9B08-84E3-4974-9DEB-F4285995D796"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:beta3:*:*:*:*:*:*","matchCriteriaId":"7771BEDB-05E2-430E-B2A2-E2F7574B7114"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*","matchCriteriaId":"2E05341A-C70C-4B3D-AF30-9520D6B97D30"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*","matchCriteriaId":"4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*","matchCriteriaId":"95026AA9-A28B-4D94-BD77-7628429EBA30"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p4:*:*:*:*:*:*","matchCriteriaId":"83FD1220-7D46-42B2-8110-30A934144572"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p5:*:*:*:*:*:*","matchCriteriaId":"3F1439CE-8A3B-414A-B974-559209FF480C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p6:*:*:*:*:*:*","matchCriteriaId":"13726DEE-FFCB-447B-9FFF-136F132F2C4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p7:*:*:*:*:*:*","matchCriteriaId":"1A9443CE-AE1F-4D66-9C88-5E2E3FD28EE6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p8:*:*:*:*:*:*","matchCriteriaId":"B5E29EF8-2569-4258-A66F-E1E5F621E0D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p9:*:*:*:*:*:*","matchCriteriaId":"141DC3FF-68ED-429D-B10F-3C61B1399513"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:-:*:*:*:*:*:*","matchCriteriaId":"1EE12F4B-5607-4790-A29B-EE23383BCC1A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*","matchCriteriaId":"6D05A958-9749-486A-A149-C21647CDCADF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:beta2:*:*:*:*:*:*","matchCriteriaId":"C9E12B43-AD3E-48A2-9042-5586186CA3BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p1:*:*:*:*:*:*","matchCriteriaId":"C267AF14-7BA8-4D1F-BCD9-BE3ED0DA3D25"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p2:*:*:*:*:*:*","matchCriteriaId":"B4947C63-CFD9-437B-A09E-A197DCE40095"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p3:*:*:*:*:*:*","matchCriteriaId":"7FB6D020-2E5C-4789-A063-2C907F3CF3FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p4:*:*:*:*:*:*","matchCriteriaId":"A607D50D-B385-41F3-B1A9-3B21F52F2386"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.9:beta1:*:*:*:*:*:*","matchCriteriaId":"E4800556-D9A9-41AA-84A8-610BDAE2DE24"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*","versionEndExcluding":"1.3.3","matchCriteriaId":"28120C2E-10AD-4476-B6C3-BE3A43946068"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*","matchCriteriaId":"C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p1:*:*:*:*:*:*","matchCriteriaId":"E396FB4F-B20A-4BF9-8FBD-014A0F197F08"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*","matchCriteriaId":"2ADE32D1-2845-4030-BE1F-ECE28189D0F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*","matchCriteriaId":"F2E771C9-86C4-455C-98D4-6F4FE7A9A822"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:*:*:*:*:*:*","matchCriteriaId":"491AB715-F62A-46DB-A56E-055CF7CB7BEF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p13:*:*:*:*:*:*","matchCriteriaId":"6FE364A8-4780-426F-9E8A-284A31FE2623"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p14:*:*:*:*:*:*","matchCriteriaId":"F9258027-8A6A-4C6A-BC6F-349B6E03D828"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p15:*:*:*:*:*:*","matchCriteriaId":"934C52C7-8751-481E-BAA7-F631C4E31F32"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p16:*:*:*:*:*:*","matchCriteriaId":"D3C5847F-57AA-4ADA-8997-5D4F5FDFF50E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p17:*:*:*:*:*:*","matchCriteriaId":"12F8A820-8F52-4214-9EB3-DFEA5C89D738"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p2:*:*:*:*:*:*","matchCriteriaId":"5677B7E2-FA07-4536-96A9-2C64BEFD3751"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p3:*:*:*:*:*:*","matchCriteriaId":"2DCD1522-6E27-474F-9FC6-413409D6AD55"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p4:*:*:*:*:*:*","matchCriteriaId":"B7968FCA-CCFD-4222-8FB8-E6E21107944F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p5:*:*:*:*:*:*","matchCriteriaId":"8C175A1F-7814-4C51-A7B7-AD5140F0688F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p6:*:*:*:*:*:*","matchCriteriaId":"E66CBFB3-40C3-474A-A3A3-12135F610814"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p7:*:*:*:*:*:*","matchCriteriaId":"F51DFA17-1875-41A9-B141-D89BB6238B3F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p8:*:*:*:*:*:*","matchCriteriaId":"5A4D10EF-9137-4DF5-A5DD-97907E8B4C02"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p9:*:*:*:*:*:*","matchCriteriaId":"5CD0DC76-7181-4954-A59E-AB7BB47D0576"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*","matchCriteriaId":"1C90C433-6655-4038-9AB3-0304C1AFF360"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p1:*:*:*:*:*:*","matchCriteriaId":"374E7EDD-512A-4633-A136-01A656935334"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*","matchCriteriaId":"89BAB227-03E6-4776-ADE4-9D9CB666EFD9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p11:*:*:*:*:*:*","matchCriteriaId":"0E5ACABA-D6D6-4F29-A9DD-5A04A44ABE64"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p12:*:*:*:*:*:*","matchCriteriaId":"FA80AFCE-2663-46C0-AEC0-C16C8E675E6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p13:*:*:*:*:*:*","matchCriteriaId":"EB9955CA-7E7B-40D3-A85D-58BB0D9AC897"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p14:*:*:*:*:*:*","matchCriteriaId":"5D0A17AC-D433-47C2-A1AC-88291DCCECCD"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p15:*:*:*:*:*:*","matchCriteriaId":"7E0FD85B-E851-436D-A789-852DD26A3B56"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p16:*:*:*:*:*:*","matchCriteriaId":"435DFE49-8BCF-4F74-856C-141037F8666B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p2:*:*:*:*:*:*","matchCriteriaId":"0E9D364A-C858-4160-8B8B-33ECF94796D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p3:*:*:*:*:*:*","matchCriteriaId":"61559E50-581E-40FF-9FD4-10192ECFCD04"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p4:*:*:*:*:*:*","matchCriteriaId":"DE3BFB41-5633-4167-B1EA-9E958BCE9DC2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p5:*:*:*:*:*:*","matchCriteriaId":"F2C525D2-837D-486A-8B38-5634AE2ECE2B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p6:*:*:*:*:*:*","matchCriteriaId":"6F220229-F2DF-4C9D-90A6-8B09F8BE3391"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p7:*:*:*:*:*:*","matchCriteriaId":"63AB9506-3F8E-4C2E-A859-2380431C15A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p8:*:*:*:*:*:*","matchCriteriaId":"51B76658-EA6B-4AC9-9D9C-374C5308D069"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*","matchCriteriaId":"6E94B136-7A2C-47F0-BCE4-6BB8E776A305"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*","matchCriteriaId":"15C638A8-EFE0-47DB-B1F9-34093AF0FC17"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*","matchCriteriaId":"CB863404-A9D7-4692-AB43-08945E669928"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*","matchCriteriaId":"D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*","matchCriteriaId":"A21F608C-C356-47B8-8FBB-DB28BABFC4C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p4:*:*:*:*:*:*","matchCriteriaId":"E14195F1-5016-46BE-A614-6FB4E312FC93"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p5:*:*:*:*:*:*","matchCriteriaId":"9C360EA8-B18F-4327-90EF-7EED2892BE4F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p6:*:*:*:*:*:*","matchCriteriaId":"500E3A54-D7C7-4887-9EA6-7DF85389A831"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p7:*:*:*:*:*:*","matchCriteriaId":"ED6FFC1D-E921-4FF7-9928-015630613FE1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p8:*:*:*:*:*:*","matchCriteriaId":"FB8CAC6E-DA06-4C82-B148-38234D4EB910"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p9:*:*:*:*:*:*","matchCriteriaId":"CEC04530-DA8F-4411-8C55-9291F5CBBC8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:-:*:*:*:*:*:*","matchCriteriaId":"D855D141-7876-4F5A-91BE-6350DD379879"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p1:*:*:*:*:*:*","matchCriteriaId":"79CBDF59-EB84-44D3-81CF-5CBF943B411E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p2:*:*:*:*:*:*","matchCriteriaId":"2117B163-D88E-4EB4-AEA7-F27FB732BD48"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p3:*:*:*:*:*:*","matchCriteriaId":"33E56E15-320F-4517-85C1-832A5942944C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p4:*:*:*:*:*:*","matchCriteriaId":"F50271FB-D419-4F63-A4CE-ED94C202AE8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.3:beta1:*:*:*:*:*:*","matchCriteriaId":"6A4BB895-9ECD-4026-9AC0-345F9AB817E1"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*","versionEndExcluding":"2.4.6","matchCriteriaId":"371EC52C-661F-45E9-B010-7E92E829684B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*","matchCriteriaId":"789BD987-9DAD-4EAE-93DE-0E267D54F124"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*","matchCriteriaId":"A3F113C0-00C5-4BC2-B42B-8AE3756252F2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p10:*:*:open_source:*:*:*","matchCriteriaId":"AE842CC8-7795-4238-B727-0BA2FFFBF62C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p11:*:*:open_source:*:*:*","matchCriteriaId":"AE724531-422D-4ABB-98F5-2C0B1BBEF031"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p12:*:*:open_source:*:*:*","matchCriteriaId":"BB499397-0E40-45B0-A7E9-BEFCC909DD07"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p13:*:*:open_source:*:*:*","matchCriteriaId":"0F972E57-B08E-46DF-88F1-A3002F001E83"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p14:*:*:open_source:*:*:*","matchCriteriaId":"F2DB3C10-65DF-4642-B581-8BE75FA2FAFA"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*","matchCriteriaId":"02592D65-2D2C-460A-A970-8A18F9B156ED"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*","matchCriteriaId":"457B89CF-C75E-4ED6-8603-9C52BA462A9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*","matchCriteriaId":"A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*","matchCriteriaId":"2A2DD9C6-BAF5-4DF5-9C14-3478923B2019"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*","matchCriteriaId":"BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*","matchCriteriaId":"2AA0B806-ABB8-4C18-9F9C-8291BE208F52"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*","matchCriteriaId":"AA9D4DAB-7567-48D7-BE60-2A10B35CFF27"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p9:*:*:open_source:*:*:*","matchCriteriaId":"A91E797D-63F6-4DE8-869C-AF0133DC6C03"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*","matchCriteriaId":"0E06FE04-8844-4409-92D9-4972B47C921B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*","matchCriteriaId":"99C620F3-40ED-4D7F-B6A1-205E948FD6F5"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*","matchCriteriaId":"FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:beta3:*:*:open_source:*:*:*","matchCriteriaId":"7EB4B9C5-513C-4039-8087-5E8880894318"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*","matchCriteriaId":"9C77154A-DBFE-48C3-A274-03075A0DB040"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*","matchCriteriaId":"F5AAC414-623C-444F-9BD5-EE0ACE2B2246"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*","matchCriteriaId":"8292888D-B0B0-4DF3-8719-EA4CDCAB39D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p4:*:*:open_source:*:*:*","matchCriteriaId":"9830E074-FDCF-41E9-98C7-10C20424EF4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p5:*:*:open_source:*:*:*","matchCriteriaId":"9D0C8648-B39E-47C7-AA5C-3AFED22F8D40"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p6:*:*:open_source:*:*:*","matchCriteriaId":"082F8B60-ECC5-4C55-BBFE-A0C8A3E95590"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p7:*:*:open_source:*:*:*","matchCriteriaId":"A7B83AD4-3134-414A-80E3-106C3C0F975A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p8:*:*:open_source:*:*:*","matchCriteriaId":"FAA14D5B-ACF2-497B-ACE7-33C42682D2DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p9:*:*:open_source:*:*:*","matchCriteriaId":"FCD04DB8-77E6-47FA-957C-F41530DC45E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:-:*:*:open_source:*:*:*","matchCriteriaId":"00E8284F-10CD-449C-AEF1-688B8287292F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*","matchCriteriaId":"59C10C74-FDB1-46EC-8F41-F3AC24AEFB7D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:beta2:*:*:open_source:*:*:*","matchCriteriaId":"2957B390-52C5-48D7-A6D7-709BC76B9C69"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p1:*:*:open_source:*:*:*","matchCriteriaId":"524F64B6-F7F7-4926-884F-E9448636007C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p2:*:*:open_source:*:*:*","matchCriteriaId":"9F56F919-69B6-4A77-B8CE-F13409542F14"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p3:*:*:open_source:*:*:*","matchCriteriaId":"F81D46F6-AEA3-4A83-A6F5-2231FD4CEC46"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p4:*:*:open_source:*:*:*","matchCriteriaId":"10A2F717-827A-424E-8DBA-CABED7C70A08"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.9:beta1:*:*:open_source:*:*:*","matchCriteriaId":"ED72E42E-7F55-4FEE-B936-B5EE688BF4E0"}]}]}],"references":[{"url":"https://helpx.adobe.com/security/products/magento/apsb26-49.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-34655","sourceIdentifier":"psirt@adobe.com","published":"2026-05-12T20:16:36.607","lastModified":"2026-05-20T15:59:10.687","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed."}],"metrics":{"cvssMetricV31":[{"source":"psirt@adobe.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7}]},"weaknesses":[{"source":"psirt@adobe.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.4","matchCriteriaId":"76AAB57F-7723-44E0-B91A-9F120C849AC4"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*","matchCriteriaId":"D258D9EF-94FB-41F0-A7A5-7F66FA7A0055"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*","matchCriteriaId":"4E5CF6F0-2388-4D3F-8FE1-43B8AF148564"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*","matchCriteriaId":"1C3D7164-1C5F-40BC-9EEC-B0E00CD45808"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*","matchCriteriaId":"68AAE162-5957-42AF-BE20-40F341837FAC"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p12:*:*:*:*:*:*","matchCriteriaId":"D9D01159-3309-4F6B-93B0-2D89DDD33DEE"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p13:*:*:*:*:*:*","matchCriteriaId":"91736E79-D8E7-4AF2-8E01-A7B4EB8AD6F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p14:*:*:*:*:*:*","matchCriteriaId":"8412C043-64E7-4DFF-A303-13A6FE113BFB"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p15:*:*:*:*:*:*","matchCriteriaId":"BBDA2BCF-E784-4CF3-B30D-6FF5BEE2055F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p16:*:*:*:*:*:*","matchCriteriaId":"00909C10-6C93-4735-94ED-18DCBD608A28"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p17:*:*:*:*:*:*","matchCriteriaId":"C6F35FE6-853D-4EC6-8A4F-07F4ABD6301A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*","matchCriteriaId":"D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*","matchCriteriaId":"CFEBDDF2-6443-4482-83B2-3CD272CF599F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*","matchCriteriaId":"6661093F-8D22-450F-BC6C-A8894A52E6A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*","matchCriteriaId":"2515DA6D-2E74-4A05-BD29-FEEF3322BCB6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*","matchCriteriaId":"69A1F1F7-E53C-40F3-B3D9-DC011FC353BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*","matchCriteriaId":"6A56E96C-6CE5-442C-AA88-F0059B02B5E7"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*","matchCriteriaId":"8867F510-201C-4199-8554-53DE156CE669"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*","matchCriteriaId":"23988132-DD4E-4968-B6B8-954122F76081"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*","matchCriteriaId":"9B07F7B2-E915-4EFF-8FFC-91143CEF082E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*","matchCriteriaId":"7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*","matchCriteriaId":"5764CC97-C866-415D-A3A1-5B5B9E1C06A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p11:*:*:*:*:*:*","matchCriteriaId":"E82D10D8-2894-4E5B-B47B-F00964DD5CDE"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p12:*:*:*:*:*:*","matchCriteriaId":"B044F2D9-E888-4852-8A40-DCE688860ED3"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p13:*:*:*:*:*:*","matchCriteriaId":"6423C754-36F9-4680-9211-60940ED63E79"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p14:*:*:*:*:*:*","matchCriteriaId":"3472064A-8C79-436B-965A-96834AE8D346"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p15:*:*:*:*:*:*","matchCriteriaId":"CDA8ABEB-F955-4D34-8219-C518B49F5543"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p16:*:*:*:*:*:*","matchCriteriaId":"55D6A6BD-9E63-448A-A286-437EA1580CEF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*","matchCriteriaId":"8605E4E6-0F7D-42C8-B35B-2349A0BEFC69"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*","matchCriteriaId":"B6318F97-E59A-4425-8DC7-045C78A644F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*","matchCriteriaId":"324A573E-DBC8-42A0-8CB8-EDD8FBAB7115"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*","matchCriteriaId":"54151A00-CFB8-4E6A-8E74-497CB67BF7E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*","matchCriteriaId":"6DF0E74D-9293-4209-97D1-A3BA13C3DDE9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*","matchCriteriaId":"8922D646-1A97-47ED-91C6-5A426781C98A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*","matchCriteriaId":"952787C6-9BF1-49FB-9824-1236678E1902"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*","matchCriteriaId":"898A8679-3C46-4718-9EDF-583ADDFCF2EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*","matchCriteriaId":"7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*","matchCriteriaId":"D6086841-C175-46A1-8414-71C6163A0E7A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p10:*:*:*:*:*:*","matchCriteriaId":"E57889CC-3E90-46AF-9CD6-3328DD501AD1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p11:*:*:*:*:*:*","matchCriteriaId":"47A86566-DE38-4032-947D-B6181F0BC120"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p12:*:*:*:*:*:*","matchCriteriaId":"B7D1D684-CE7E-4D6D-95B5-1F86A8DB6C66"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p13:*:*:*:*:*:*","matchCriteriaId":"CABF5BD0-1D06-483D-91D3-A773D99EF217"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p14:*:*:*:*:*:*","matchCriteriaId":"33512239-B316-4FE7-94F0-ABD30900238B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*","matchCriteriaId":"D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*","matchCriteriaId":"A576B1B5-73A2-431E-998F-7E5458B51D6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*","matchCriteriaId":"0E05F4AC-2A28-47E3-96DE-0E31AF73CD43"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*","matchCriteriaId":"3A9A62EE-1649-4815-8EC9-7AEF7949EB2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*","matchCriteriaId":"E58690F9-FA9C-42A0-B4CD-91FD1197A53E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*","matchCriteriaId":"77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*","matchCriteriaId":"8B83729E-80AF-47CE-A70C-32BF83024A40"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p9:*:*:*:*:*:*","matchCriteriaId":"73D22D42-646D-4955-A6F9-9B7BA63DC0A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*","matchCriteriaId":"B5D04853-0C2F-47DD-A939-3A8F6E22CB7D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*","matchCriteriaId":"6EBB0608-034B-4F07-A59B-9E6A989BA260"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*","matchCriteriaId":"B3BF9B08-84E3-4974-9DEB-F4285995D796"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:beta3:*:*:*:*:*:*","matchCriteriaId":"7771BEDB-05E2-430E-B2A2-E2F7574B7114"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*","matchCriteriaId":"2E05341A-C70C-4B3D-AF30-9520D6B97D30"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*","matchCriteriaId":"4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*","matchCriteriaId":"95026AA9-A28B-4D94-BD77-7628429EBA30"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p4:*:*:*:*:*:*","matchCriteriaId":"83FD1220-7D46-42B2-8110-30A934144572"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p5:*:*:*:*:*:*","matchCriteriaId":"3F1439CE-8A3B-414A-B974-559209FF480C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p6:*:*:*:*:*:*","matchCriteriaId":"13726DEE-FFCB-447B-9FFF-136F132F2C4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p7:*:*:*:*:*:*","matchCriteriaId":"1A9443CE-AE1F-4D66-9C88-5E2E3FD28EE6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p8:*:*:*:*:*:*","matchCriteriaId":"B5E29EF8-2569-4258-A66F-E1E5F621E0D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p9:*:*:*:*:*:*","matchCriteriaId":"141DC3FF-68ED-429D-B10F-3C61B1399513"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:-:*:*:*:*:*:*","matchCriteriaId":"1EE12F4B-5607-4790-A29B-EE23383BCC1A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*","matchCriteriaId":"6D05A958-9749-486A-A149-C21647CDCADF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:beta2:*:*:*:*:*:*","matchCriteriaId":"C9E12B43-AD3E-48A2-9042-5586186CA3BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p1:*:*:*:*:*:*","matchCriteriaId":"C267AF14-7BA8-4D1F-BCD9-BE3ED0DA3D25"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p2:*:*:*:*:*:*","matchCriteriaId":"B4947C63-CFD9-437B-A09E-A197DCE40095"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p3:*:*:*:*:*:*","matchCriteriaId":"7FB6D020-2E5C-4789-A063-2C907F3CF3FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p4:*:*:*:*:*:*","matchCriteriaId":"A607D50D-B385-41F3-B1A9-3B21F52F2386"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.9:beta1:*:*:*:*:*:*","matchCriteriaId":"E4800556-D9A9-41AA-84A8-610BDAE2DE24"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*","versionEndExcluding":"1.3.3","matchCriteriaId":"28120C2E-10AD-4476-B6C3-BE3A43946068"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*","matchCriteriaId":"C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p1:*:*:*:*:*:*","matchCriteriaId":"E396FB4F-B20A-4BF9-8FBD-014A0F197F08"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*","matchCriteriaId":"2ADE32D1-2845-4030-BE1F-ECE28189D0F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*","matchCriteriaId":"F2E771C9-86C4-455C-98D4-6F4FE7A9A822"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:*:*:*:*:*:*","matchCriteriaId":"491AB715-F62A-46DB-A56E-055CF7CB7BEF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p13:*:*:*:*:*:*","matchCriteriaId":"6FE364A8-4780-426F-9E8A-284A31FE2623"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p14:*:*:*:*:*:*","matchCriteriaId":"F9258027-8A6A-4C6A-BC6F-349B6E03D828"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p15:*:*:*:*:*:*","matchCriteriaId":"934C52C7-8751-481E-BAA7-F631C4E31F32"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p16:*:*:*:*:*:*","matchCriteriaId":"D3C5847F-57AA-4ADA-8997-5D4F5FDFF50E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p17:*:*:*:*:*:*","matchCriteriaId":"12F8A820-8F52-4214-9EB3-DFEA5C89D738"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p2:*:*:*:*:*:*","matchCriteriaId":"5677B7E2-FA07-4536-96A9-2C64BEFD3751"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p3:*:*:*:*:*:*","matchCriteriaId":"2DCD1522-6E27-474F-9FC6-413409D6AD55"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p4:*:*:*:*:*:*","matchCriteriaId":"B7968FCA-CCFD-4222-8FB8-E6E21107944F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p5:*:*:*:*:*:*","matchCriteriaId":"8C175A1F-7814-4C51-A7B7-AD5140F0688F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p6:*:*:*:*:*:*","matchCriteriaId":"E66CBFB3-40C3-474A-A3A3-12135F610814"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p7:*:*:*:*:*:*","matchCriteriaId":"F51DFA17-1875-41A9-B141-D89BB6238B3F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p8:*:*:*:*:*:*","matchCriteriaId":"5A4D10EF-9137-4DF5-A5DD-97907E8B4C02"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p9:*:*:*:*:*:*","matchCriteriaId":"5CD0DC76-7181-4954-A59E-AB7BB47D0576"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*","matchCriteriaId":"1C90C433-6655-4038-9AB3-0304C1AFF360"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p1:*:*:*:*:*:*","matchCriteriaId":"374E7EDD-512A-4633-A136-01A656935334"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*","matchCriteriaId":"89BAB227-03E6-4776-ADE4-9D9CB666EFD9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p11:*:*:*:*:*:*","matchCriteriaId":"0E5ACABA-D6D6-4F29-A9DD-5A04A44ABE64"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p12:*:*:*:*:*:*","matchCriteriaId":"FA80AFCE-2663-46C0-AEC0-C16C8E675E6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p13:*:*:*:*:*:*","matchCriteriaId":"EB9955CA-7E7B-40D3-A85D-58BB0D9AC897"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p14:*:*:*:*:*:*","matchCriteriaId":"5D0A17AC-D433-47C2-A1AC-88291DCCECCD"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p15:*:*:*:*:*:*","matchCriteriaId":"7E0FD85B-E851-436D-A789-852DD26A3B56"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p16:*:*:*:*:*:*","matchCriteriaId":"435DFE49-8BCF-4F74-856C-141037F8666B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p2:*:*:*:*:*:*","matchCriteriaId":"0E9D364A-C858-4160-8B8B-33ECF94796D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p3:*:*:*:*:*:*","matchCriteriaId":"61559E50-581E-40FF-9FD4-10192ECFCD04"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p4:*:*:*:*:*:*","matchCriteriaId":"DE3BFB41-5633-4167-B1EA-9E958BCE9DC2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p5:*:*:*:*:*:*","matchCriteriaId":"F2C525D2-837D-486A-8B38-5634AE2ECE2B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p6:*:*:*:*:*:*","matchCriteriaId":"6F220229-F2DF-4C9D-90A6-8B09F8BE3391"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p7:*:*:*:*:*:*","matchCriteriaId":"63AB9506-3F8E-4C2E-A859-2380431C15A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p8:*:*:*:*:*:*","matchCriteriaId":"51B76658-EA6B-4AC9-9D9C-374C5308D069"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*","matchCriteriaId":"6E94B136-7A2C-47F0-BCE4-6BB8E776A305"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*","matchCriteriaId":"15C638A8-EFE0-47DB-B1F9-34093AF0FC17"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*","matchCriteriaId":"CB863404-A9D7-4692-AB43-08945E669928"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*","matchCriteriaId":"D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*","matchCriteriaId":"A21F608C-C356-47B8-8FBB-DB28BABFC4C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p4:*:*:*:*:*:*","matchCriteriaId":"E14195F1-5016-46BE-A614-6FB4E312FC93"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p5:*:*:*:*:*:*","matchCriteriaId":"9C360EA8-B18F-4327-90EF-7EED2892BE4F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p6:*:*:*:*:*:*","matchCriteriaId":"500E3A54-D7C7-4887-9EA6-7DF85389A831"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p7:*:*:*:*:*:*","matchCriteriaId":"ED6FFC1D-E921-4FF7-9928-015630613FE1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p8:*:*:*:*:*:*","matchCriteriaId":"FB8CAC6E-DA06-4C82-B148-38234D4EB910"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p9:*:*:*:*:*:*","matchCriteriaId":"CEC04530-DA8F-4411-8C55-9291F5CBBC8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:-:*:*:*:*:*:*","matchCriteriaId":"D855D141-7876-4F5A-91BE-6350DD379879"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p1:*:*:*:*:*:*","matchCriteriaId":"79CBDF59-EB84-44D3-81CF-5CBF943B411E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p2:*:*:*:*:*:*","matchCriteriaId":"2117B163-D88E-4EB4-AEA7-F27FB732BD48"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p3:*:*:*:*:*:*","matchCriteriaId":"33E56E15-320F-4517-85C1-832A5942944C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p4:*:*:*:*:*:*","matchCriteriaId":"F50271FB-D419-4F63-A4CE-ED94C202AE8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.3:beta1:*:*:*:*:*:*","matchCriteriaId":"6A4BB895-9ECD-4026-9AC0-345F9AB817E1"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*","versionEndExcluding":"2.4.6","matchCriteriaId":"371EC52C-661F-45E9-B010-7E92E829684B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*","matchCriteriaId":"789BD987-9DAD-4EAE-93DE-0E267D54F124"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*","matchCriteriaId":"A3F113C0-00C5-4BC2-B42B-8AE3756252F2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p10:*:*:open_source:*:*:*","matchCriteriaId":"AE842CC8-7795-4238-B727-0BA2FFFBF62C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p11:*:*:open_source:*:*:*","matchCriteriaId":"AE724531-422D-4ABB-98F5-2C0B1BBEF031"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p12:*:*:open_source:*:*:*","matchCriteriaId":"BB499397-0E40-45B0-A7E9-BEFCC909DD07"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p13:*:*:open_source:*:*:*","matchCriteriaId":"0F972E57-B08E-46DF-88F1-A3002F001E83"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p14:*:*:open_source:*:*:*","matchCriteriaId":"F2DB3C10-65DF-4642-B581-8BE75FA2FAFA"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*","matchCriteriaId":"02592D65-2D2C-460A-A970-8A18F9B156ED"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*","matchCriteriaId":"457B89CF-C75E-4ED6-8603-9C52BA462A9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*","matchCriteriaId":"A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*","matchCriteriaId":"2A2DD9C6-BAF5-4DF5-9C14-3478923B2019"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*","matchCriteriaId":"BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*","matchCriteriaId":"2AA0B806-ABB8-4C18-9F9C-8291BE208F52"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*","matchCriteriaId":"AA9D4DAB-7567-48D7-BE60-2A10B35CFF27"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p9:*:*:open_source:*:*:*","matchCriteriaId":"A91E797D-63F6-4DE8-869C-AF0133DC6C03"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*","matchCriteriaId":"0E06FE04-8844-4409-92D9-4972B47C921B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*","matchCriteriaId":"99C620F3-40ED-4D7F-B6A1-205E948FD6F5"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*","matchCriteriaId":"FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:beta3:*:*:open_source:*:*:*","matchCriteriaId":"7EB4B9C5-513C-4039-8087-5E8880894318"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*","matchCriteriaId":"9C77154A-DBFE-48C3-A274-03075A0DB040"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*","matchCriteriaId":"F5AAC414-623C-444F-9BD5-EE0ACE2B2246"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*","matchCriteriaId":"8292888D-B0B0-4DF3-8719-EA4CDCAB39D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p4:*:*:open_source:*:*:*","matchCriteriaId":"9830E074-FDCF-41E9-98C7-10C20424EF4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p5:*:*:open_source:*:*:*","matchCriteriaId":"9D0C8648-B39E-47C7-AA5C-3AFED22F8D40"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p6:*:*:open_source:*:*:*","matchCriteriaId":"082F8B60-ECC5-4C55-BBFE-A0C8A3E95590"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p7:*:*:open_source:*:*:*","matchCriteriaId":"A7B83AD4-3134-414A-80E3-106C3C0F975A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p8:*:*:open_source:*:*:*","matchCriteriaId":"FAA14D5B-ACF2-497B-ACE7-33C42682D2DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p9:*:*:open_source:*:*:*","matchCriteriaId":"FCD04DB8-77E6-47FA-957C-F41530DC45E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:-:*:*:open_source:*:*:*","matchCriteriaId":"00E8284F-10CD-449C-AEF1-688B8287292F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*","matchCriteriaId":"59C10C74-FDB1-46EC-8F41-F3AC24AEFB7D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:beta2:*:*:open_source:*:*:*","matchCriteriaId":"2957B390-52C5-48D7-A6D7-709BC76B9C69"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p1:*:*:open_source:*:*:*","matchCriteriaId":"524F64B6-F7F7-4926-884F-E9448636007C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p2:*:*:open_source:*:*:*","matchCriteriaId":"9F56F919-69B6-4A77-B8CE-F13409542F14"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p3:*:*:open_source:*:*:*","matchCriteriaId":"F81D46F6-AEA3-4A83-A6F5-2231FD4CEC46"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p4:*:*:open_source:*:*:*","matchCriteriaId":"10A2F717-827A-424E-8DBA-CABED7C70A08"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.9:beta1:*:*:open_source:*:*:*","matchCriteriaId":"ED72E42E-7F55-4FEE-B936-B5EE688BF4E0"}]}]}],"references":[{"url":"https://helpx.adobe.com/security/products/magento/apsb26-49.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-34656","sourceIdentifier":"psirt@adobe.com","published":"2026-05-12T20:16:36.720","lastModified":"2026-05-20T15:58:41.500","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page."}],"metrics":{"cvssMetricV31":[{"source":"psirt@adobe.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"psirt@adobe.com","type":"Primary","description":[{"lang":"en","value":"CWE-285"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.4","matchCriteriaId":"76AAB57F-7723-44E0-B91A-9F120C849AC4"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*","matchCriteriaId":"D258D9EF-94FB-41F0-A7A5-7F66FA7A0055"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*","matchCriteriaId":"4E5CF6F0-2388-4D3F-8FE1-43B8AF148564"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*","matchCriteriaId":"1C3D7164-1C5F-40BC-9EEC-B0E00CD45808"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*","matchCriteriaId":"68AAE162-5957-42AF-BE20-40F341837FAC"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p12:*:*:*:*:*:*","matchCriteriaId":"D9D01159-3309-4F6B-93B0-2D89DDD33DEE"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p13:*:*:*:*:*:*","matchCriteriaId":"91736E79-D8E7-4AF2-8E01-A7B4EB8AD6F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p14:*:*:*:*:*:*","matchCriteriaId":"8412C043-64E7-4DFF-A303-13A6FE113BFB"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p15:*:*:*:*:*:*","matchCriteriaId":"BBDA2BCF-E784-4CF3-B30D-6FF5BEE2055F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p16:*:*:*:*:*:*","matchCriteriaId":"00909C10-6C93-4735-94ED-18DCBD608A28"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p17:*:*:*:*:*:*","matchCriteriaId":"C6F35FE6-853D-4EC6-8A4F-07F4ABD6301A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*","matchCriteriaId":"D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*","matchCriteriaId":"CFEBDDF2-6443-4482-83B2-3CD272CF599F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*","matchCriteriaId":"6661093F-8D22-450F-BC6C-A8894A52E6A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*","matchCriteriaId":"2515DA6D-2E74-4A05-BD29-FEEF3322BCB6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*","matchCriteriaId":"69A1F1F7-E53C-40F3-B3D9-DC011FC353BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*","matchCriteriaId":"6A56E96C-6CE5-442C-AA88-F0059B02B5E7"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*","matchCriteriaId":"8867F510-201C-4199-8554-53DE156CE669"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*","matchCriteriaId":"23988132-DD4E-4968-B6B8-954122F76081"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*","matchCriteriaId":"9B07F7B2-E915-4EFF-8FFC-91143CEF082E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*","matchCriteriaId":"7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*","matchCriteriaId":"5764CC97-C866-415D-A3A1-5B5B9E1C06A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p11:*:*:*:*:*:*","matchCriteriaId":"E82D10D8-2894-4E5B-B47B-F00964DD5CDE"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p12:*:*:*:*:*:*","matchCriteriaId":"B044F2D9-E888-4852-8A40-DCE688860ED3"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p13:*:*:*:*:*:*","matchCriteriaId":"6423C754-36F9-4680-9211-60940ED63E79"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p14:*:*:*:*:*:*","matchCriteriaId":"3472064A-8C79-436B-965A-96834AE8D346"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p15:*:*:*:*:*:*","matchCriteriaId":"CDA8ABEB-F955-4D34-8219-C518B49F5543"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p16:*:*:*:*:*:*","matchCriteriaId":"55D6A6BD-9E63-448A-A286-437EA1580CEF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*","matchCriteriaId":"8605E4E6-0F7D-42C8-B35B-2349A0BEFC69"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*","matchCriteriaId":"B6318F97-E59A-4425-8DC7-045C78A644F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*","matchCriteriaId":"324A573E-DBC8-42A0-8CB8-EDD8FBAB7115"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*","matchCriteriaId":"54151A00-CFB8-4E6A-8E74-497CB67BF7E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*","matchCriteriaId":"6DF0E74D-9293-4209-97D1-A3BA13C3DDE9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*","matchCriteriaId":"8922D646-1A97-47ED-91C6-5A426781C98A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*","matchCriteriaId":"952787C6-9BF1-49FB-9824-1236678E1902"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*","matchCriteriaId":"898A8679-3C46-4718-9EDF-583ADDFCF2EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*","matchCriteriaId":"7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*","matchCriteriaId":"D6086841-C175-46A1-8414-71C6163A0E7A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p10:*:*:*:*:*:*","matchCriteriaId":"E57889CC-3E90-46AF-9CD6-3328DD501AD1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p11:*:*:*:*:*:*","matchCriteriaId":"47A86566-DE38-4032-947D-B6181F0BC120"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p12:*:*:*:*:*:*","matchCriteriaId":"B7D1D684-CE7E-4D6D-95B5-1F86A8DB6C66"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p13:*:*:*:*:*:*","matchCriteriaId":"CABF5BD0-1D06-483D-91D3-A773D99EF217"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p14:*:*:*:*:*:*","matchCriteriaId":"33512239-B316-4FE7-94F0-ABD30900238B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*","matchCriteriaId":"D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*","matchCriteriaId":"A576B1B5-73A2-431E-998F-7E5458B51D6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*","matchCriteriaId":"0E05F4AC-2A28-47E3-96DE-0E31AF73CD43"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*","matchCriteriaId":"3A9A62EE-1649-4815-8EC9-7AEF7949EB2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*","matchCriteriaId":"E58690F9-FA9C-42A0-B4CD-91FD1197A53E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*","matchCriteriaId":"77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*","matchCriteriaId":"8B83729E-80AF-47CE-A70C-32BF83024A40"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p9:*:*:*:*:*:*","matchCriteriaId":"73D22D42-646D-4955-A6F9-9B7BA63DC0A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*","matchCriteriaId":"B5D04853-0C2F-47DD-A939-3A8F6E22CB7D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*","matchCriteriaId":"6EBB0608-034B-4F07-A59B-9E6A989BA260"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*","matchCriteriaId":"B3BF9B08-84E3-4974-9DEB-F4285995D796"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:beta3:*:*:*:*:*:*","matchCriteriaId":"7771BEDB-05E2-430E-B2A2-E2F7574B7114"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*","matchCriteriaId":"2E05341A-C70C-4B3D-AF30-9520D6B97D30"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*","matchCriteriaId":"4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*","matchCriteriaId":"95026AA9-A28B-4D94-BD77-7628429EBA30"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p4:*:*:*:*:*:*","matchCriteriaId":"83FD1220-7D46-42B2-8110-30A934144572"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p5:*:*:*:*:*:*","matchCriteriaId":"3F1439CE-8A3B-414A-B974-559209FF480C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p6:*:*:*:*:*:*","matchCriteriaId":"13726DEE-FFCB-447B-9FFF-136F132F2C4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p7:*:*:*:*:*:*","matchCriteriaId":"1A9443CE-AE1F-4D66-9C88-5E2E3FD28EE6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p8:*:*:*:*:*:*","matchCriteriaId":"B5E29EF8-2569-4258-A66F-E1E5F621E0D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p9:*:*:*:*:*:*","matchCriteriaId":"141DC3FF-68ED-429D-B10F-3C61B1399513"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:-:*:*:*:*:*:*","matchCriteriaId":"1EE12F4B-5607-4790-A29B-EE23383BCC1A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*","matchCriteriaId":"6D05A958-9749-486A-A149-C21647CDCADF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:beta2:*:*:*:*:*:*","matchCriteriaId":"C9E12B43-AD3E-48A2-9042-5586186CA3BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p1:*:*:*:*:*:*","matchCriteriaId":"C267AF14-7BA8-4D1F-BCD9-BE3ED0DA3D25"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p2:*:*:*:*:*:*","matchCriteriaId":"B4947C63-CFD9-437B-A09E-A197DCE40095"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p3:*:*:*:*:*:*","matchCriteriaId":"7FB6D020-2E5C-4789-A063-2C907F3CF3FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p4:*:*:*:*:*:*","matchCriteriaId":"A607D50D-B385-41F3-B1A9-3B21F52F2386"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.9:beta1:*:*:*:*:*:*","matchCriteriaId":"E4800556-D9A9-41AA-84A8-610BDAE2DE24"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*","versionEndExcluding":"1.3.3","matchCriteriaId":"28120C2E-10AD-4476-B6C3-BE3A43946068"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*","matchCriteriaId":"C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p1:*:*:*:*:*:*","matchCriteriaId":"E396FB4F-B20A-4BF9-8FBD-014A0F197F08"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*","matchCriteriaId":"2ADE32D1-2845-4030-BE1F-ECE28189D0F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*","matchCriteriaId":"F2E771C9-86C4-455C-98D4-6F4FE7A9A822"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:*:*:*:*:*:*","matchCriteriaId":"491AB715-F62A-46DB-A56E-055CF7CB7BEF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p13:*:*:*:*:*:*","matchCriteriaId":"6FE364A8-4780-426F-9E8A-284A31FE2623"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p14:*:*:*:*:*:*","matchCriteriaId":"F9258027-8A6A-4C6A-BC6F-349B6E03D828"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p15:*:*:*:*:*:*","matchCriteriaId":"934C52C7-8751-481E-BAA7-F631C4E31F32"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p16:*:*:*:*:*:*","matchCriteriaId":"D3C5847F-57AA-4ADA-8997-5D4F5FDFF50E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p17:*:*:*:*:*:*","matchCriteriaId":"12F8A820-8F52-4214-9EB3-DFEA5C89D738"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p2:*:*:*:*:*:*","matchCriteriaId":"5677B7E2-FA07-4536-96A9-2C64BEFD3751"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p3:*:*:*:*:*:*","matchCriteriaId":"2DCD1522-6E27-474F-9FC6-413409D6AD55"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p4:*:*:*:*:*:*","matchCriteriaId":"B7968FCA-CCFD-4222-8FB8-E6E21107944F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p5:*:*:*:*:*:*","matchCriteriaId":"8C175A1F-7814-4C51-A7B7-AD5140F0688F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p6:*:*:*:*:*:*","matchCriteriaId":"E66CBFB3-40C3-474A-A3A3-12135F610814"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p7:*:*:*:*:*:*","matchCriteriaId":"F51DFA17-1875-41A9-B141-D89BB6238B3F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p8:*:*:*:*:*:*","matchCriteriaId":"5A4D10EF-9137-4DF5-A5DD-97907E8B4C02"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p9:*:*:*:*:*:*","matchCriteriaId":"5CD0DC76-7181-4954-A59E-AB7BB47D0576"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*","matchCriteriaId":"1C90C433-6655-4038-9AB3-0304C1AFF360"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p1:*:*:*:*:*:*","matchCriteriaId":"374E7EDD-512A-4633-A136-01A656935334"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*","matchCriteriaId":"89BAB227-03E6-4776-ADE4-9D9CB666EFD9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p11:*:*:*:*:*:*","matchCriteriaId":"0E5ACABA-D6D6-4F29-A9DD-5A04A44ABE64"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p12:*:*:*:*:*:*","matchCriteriaId":"FA80AFCE-2663-46C0-AEC0-C16C8E675E6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p13:*:*:*:*:*:*","matchCriteriaId":"EB9955CA-7E7B-40D3-A85D-58BB0D9AC897"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p14:*:*:*:*:*:*","matchCriteriaId":"5D0A17AC-D433-47C2-A1AC-88291DCCECCD"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p15:*:*:*:*:*:*","matchCriteriaId":"7E0FD85B-E851-436D-A789-852DD26A3B56"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p16:*:*:*:*:*:*","matchCriteriaId":"435DFE49-8BCF-4F74-856C-141037F8666B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p2:*:*:*:*:*:*","matchCriteriaId":"0E9D364A-C858-4160-8B8B-33ECF94796D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p3:*:*:*:*:*:*","matchCriteriaId":"61559E50-581E-40FF-9FD4-10192ECFCD04"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p4:*:*:*:*:*:*","matchCriteriaId":"DE3BFB41-5633-4167-B1EA-9E958BCE9DC2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p5:*:*:*:*:*:*","matchCriteriaId":"F2C525D2-837D-486A-8B38-5634AE2ECE2B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p6:*:*:*:*:*:*","matchCriteriaId":"6F220229-F2DF-4C9D-90A6-8B09F8BE3391"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p7:*:*:*:*:*:*","matchCriteriaId":"63AB9506-3F8E-4C2E-A859-2380431C15A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p8:*:*:*:*:*:*","matchCriteriaId":"51B76658-EA6B-4AC9-9D9C-374C5308D069"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*","matchCriteriaId":"6E94B136-7A2C-47F0-BCE4-6BB8E776A305"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*","matchCriteriaId":"15C638A8-EFE0-47DB-B1F9-34093AF0FC17"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*","matchCriteriaId":"CB863404-A9D7-4692-AB43-08945E669928"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*","matchCriteriaId":"D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*","matchCriteriaId":"A21F608C-C356-47B8-8FBB-DB28BABFC4C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p4:*:*:*:*:*:*","matchCriteriaId":"E14195F1-5016-46BE-A614-6FB4E312FC93"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p5:*:*:*:*:*:*","matchCriteriaId":"9C360EA8-B18F-4327-90EF-7EED2892BE4F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p6:*:*:*:*:*:*","matchCriteriaId":"500E3A54-D7C7-4887-9EA6-7DF85389A831"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p7:*:*:*:*:*:*","matchCriteriaId":"ED6FFC1D-E921-4FF7-9928-015630613FE1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p8:*:*:*:*:*:*","matchCriteriaId":"FB8CAC6E-DA06-4C82-B148-38234D4EB910"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p9:*:*:*:*:*:*","matchCriteriaId":"CEC04530-DA8F-4411-8C55-9291F5CBBC8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:-:*:*:*:*:*:*","matchCriteriaId":"D855D141-7876-4F5A-91BE-6350DD379879"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p1:*:*:*:*:*:*","matchCriteriaId":"79CBDF59-EB84-44D3-81CF-5CBF943B411E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p2:*:*:*:*:*:*","matchCriteriaId":"2117B163-D88E-4EB4-AEA7-F27FB732BD48"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p3:*:*:*:*:*:*","matchCriteriaId":"33E56E15-320F-4517-85C1-832A5942944C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p4:*:*:*:*:*:*","matchCriteriaId":"F50271FB-D419-4F63-A4CE-ED94C202AE8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.3:beta1:*:*:*:*:*:*","matchCriteriaId":"6A4BB895-9ECD-4026-9AC0-345F9AB817E1"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*","versionEndExcluding":"2.4.6","matchCriteriaId":"371EC52C-661F-45E9-B010-7E92E829684B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*","matchCriteriaId":"789BD987-9DAD-4EAE-93DE-0E267D54F124"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*","matchCriteriaId":"A3F113C0-00C5-4BC2-B42B-8AE3756252F2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p10:*:*:open_source:*:*:*","matchCriteriaId":"AE842CC8-7795-4238-B727-0BA2FFFBF62C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p11:*:*:open_source:*:*:*","matchCriteriaId":"AE724531-422D-4ABB-98F5-2C0B1BBEF031"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p12:*:*:open_source:*:*:*","matchCriteriaId":"BB499397-0E40-45B0-A7E9-BEFCC909DD07"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p13:*:*:open_source:*:*:*","matchCriteriaId":"0F972E57-B08E-46DF-88F1-A3002F001E83"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p14:*:*:open_source:*:*:*","matchCriteriaId":"F2DB3C10-65DF-4642-B581-8BE75FA2FAFA"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*","matchCriteriaId":"02592D65-2D2C-460A-A970-8A18F9B156ED"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*","matchCriteriaId":"457B89CF-C75E-4ED6-8603-9C52BA462A9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*","matchCriteriaId":"A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*","matchCriteriaId":"2A2DD9C6-BAF5-4DF5-9C14-3478923B2019"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*","matchCriteriaId":"BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*","matchCriteriaId":"2AA0B806-ABB8-4C18-9F9C-8291BE208F52"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*","matchCriteriaId":"AA9D4DAB-7567-48D7-BE60-2A10B35CFF27"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p9:*:*:open_source:*:*:*","matchCriteriaId":"A91E797D-63F6-4DE8-869C-AF0133DC6C03"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*","matchCriteriaId":"0E06FE04-8844-4409-92D9-4972B47C921B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*","matchCriteriaId":"99C620F3-40ED-4D7F-B6A1-205E948FD6F5"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*","matchCriteriaId":"FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:beta3:*:*:open_source:*:*:*","matchCriteriaId":"7EB4B9C5-513C-4039-8087-5E8880894318"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*","matchCriteriaId":"9C77154A-DBFE-48C3-A274-03075A0DB040"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*","matchCriteriaId":"F5AAC414-623C-444F-9BD5-EE0ACE2B2246"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*","matchCriteriaId":"8292888D-B0B0-4DF3-8719-EA4CDCAB39D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p4:*:*:open_source:*:*:*","matchCriteriaId":"9830E074-FDCF-41E9-98C7-10C20424EF4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p5:*:*:open_source:*:*:*","matchCriteriaId":"9D0C8648-B39E-47C7-AA5C-3AFED22F8D40"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p6:*:*:open_source:*:*:*","matchCriteriaId":"082F8B60-ECC5-4C55-BBFE-A0C8A3E95590"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p7:*:*:open_source:*:*:*","matchCriteriaId":"A7B83AD4-3134-414A-80E3-106C3C0F975A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p8:*:*:open_source:*:*:*","matchCriteriaId":"FAA14D5B-ACF2-497B-ACE7-33C42682D2DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p9:*:*:open_source:*:*:*","matchCriteriaId":"FCD04DB8-77E6-47FA-957C-F41530DC45E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:-:*:*:open_source:*:*:*","matchCriteriaId":"00E8284F-10CD-449C-AEF1-688B8287292F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*","matchCriteriaId":"59C10C74-FDB1-46EC-8F41-F3AC24AEFB7D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:beta2:*:*:open_source:*:*:*","matchCriteriaId":"2957B390-52C5-48D7-A6D7-709BC76B9C69"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p1:*:*:open_source:*:*:*","matchCriteriaId":"524F64B6-F7F7-4926-884F-E9448636007C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p2:*:*:open_source:*:*:*","matchCriteriaId":"9F56F919-69B6-4A77-B8CE-F13409542F14"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p3:*:*:open_source:*:*:*","matchCriteriaId":"F81D46F6-AEA3-4A83-A6F5-2231FD4CEC46"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p4:*:*:open_source:*:*:*","matchCriteriaId":"10A2F717-827A-424E-8DBA-CABED7C70A08"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.9:beta1:*:*:open_source:*:*:*","matchCriteriaId":"ED72E42E-7F55-4FEE-B936-B5EE688BF4E0"}]}]}],"references":[{"url":"https://helpx.adobe.com/security/products/magento/apsb26-49.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-34658","sourceIdentifier":"psirt@adobe.com","published":"2026-05-12T20:16:36.833","lastModified":"2026-05-20T15:50:05.080","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed."}],"metrics":{"cvssMetricV31":[{"source":"psirt@adobe.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7}]},"weaknesses":[{"source":"psirt@adobe.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.4","matchCriteriaId":"76AAB57F-7723-44E0-B91A-9F120C849AC4"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*","matchCriteriaId":"D258D9EF-94FB-41F0-A7A5-7F66FA7A0055"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*","matchCriteriaId":"4E5CF6F0-2388-4D3F-8FE1-43B8AF148564"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*","matchCriteriaId":"1C3D7164-1C5F-40BC-9EEC-B0E00CD45808"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*","matchCriteriaId":"68AAE162-5957-42AF-BE20-40F341837FAC"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p12:*:*:*:*:*:*","matchCriteriaId":"D9D01159-3309-4F6B-93B0-2D89DDD33DEE"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p13:*:*:*:*:*:*","matchCriteriaId":"91736E79-D8E7-4AF2-8E01-A7B4EB8AD6F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p14:*:*:*:*:*:*","matchCriteriaId":"8412C043-64E7-4DFF-A303-13A6FE113BFB"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p15:*:*:*:*:*:*","matchCriteriaId":"BBDA2BCF-E784-4CF3-B30D-6FF5BEE2055F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p16:*:*:*:*:*:*","matchCriteriaId":"00909C10-6C93-4735-94ED-18DCBD608A28"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p17:*:*:*:*:*:*","matchCriteriaId":"C6F35FE6-853D-4EC6-8A4F-07F4ABD6301A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*","matchCriteriaId":"D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*","matchCriteriaId":"CFEBDDF2-6443-4482-83B2-3CD272CF599F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*","matchCriteriaId":"6661093F-8D22-450F-BC6C-A8894A52E6A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*","matchCriteriaId":"2515DA6D-2E74-4A05-BD29-FEEF3322BCB6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*","matchCriteriaId":"69A1F1F7-E53C-40F3-B3D9-DC011FC353BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*","matchCriteriaId":"6A56E96C-6CE5-442C-AA88-F0059B02B5E7"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*","matchCriteriaId":"8867F510-201C-4199-8554-53DE156CE669"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*","matchCriteriaId":"23988132-DD4E-4968-B6B8-954122F76081"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*","matchCriteriaId":"9B07F7B2-E915-4EFF-8FFC-91143CEF082E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*","matchCriteriaId":"7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*","matchCriteriaId":"5764CC97-C866-415D-A3A1-5B5B9E1C06A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p11:*:*:*:*:*:*","matchCriteriaId":"E82D10D8-2894-4E5B-B47B-F00964DD5CDE"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p12:*:*:*:*:*:*","matchCriteriaId":"B044F2D9-E888-4852-8A40-DCE688860ED3"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p13:*:*:*:*:*:*","matchCriteriaId":"6423C754-36F9-4680-9211-60940ED63E79"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p14:*:*:*:*:*:*","matchCriteriaId":"3472064A-8C79-436B-965A-96834AE8D346"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p15:*:*:*:*:*:*","matchCriteriaId":"CDA8ABEB-F955-4D34-8219-C518B49F5543"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p16:*:*:*:*:*:*","matchCriteriaId":"55D6A6BD-9E63-448A-A286-437EA1580CEF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*","matchCriteriaId":"8605E4E6-0F7D-42C8-B35B-2349A0BEFC69"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*","matchCriteriaId":"B6318F97-E59A-4425-8DC7-045C78A644F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*","matchCriteriaId":"324A573E-DBC8-42A0-8CB8-EDD8FBAB7115"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*","matchCriteriaId":"54151A00-CFB8-4E6A-8E74-497CB67BF7E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*","matchCriteriaId":"6DF0E74D-9293-4209-97D1-A3BA13C3DDE9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*","matchCriteriaId":"8922D646-1A97-47ED-91C6-5A426781C98A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*","matchCriteriaId":"952787C6-9BF1-49FB-9824-1236678E1902"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*","matchCriteriaId":"898A8679-3C46-4718-9EDF-583ADDFCF2EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*","matchCriteriaId":"7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*","matchCriteriaId":"D6086841-C175-46A1-8414-71C6163A0E7A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p10:*:*:*:*:*:*","matchCriteriaId":"E57889CC-3E90-46AF-9CD6-3328DD501AD1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p11:*:*:*:*:*:*","matchCriteriaId":"47A86566-DE38-4032-947D-B6181F0BC120"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p12:*:*:*:*:*:*","matchCriteriaId":"B7D1D684-CE7E-4D6D-95B5-1F86A8DB6C66"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p13:*:*:*:*:*:*","matchCriteriaId":"CABF5BD0-1D06-483D-91D3-A773D99EF217"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p14:*:*:*:*:*:*","matchCriteriaId":"33512239-B316-4FE7-94F0-ABD30900238B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*","matchCriteriaId":"D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*","matchCriteriaId":"A576B1B5-73A2-431E-998F-7E5458B51D6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*","matchCriteriaId":"0E05F4AC-2A28-47E3-96DE-0E31AF73CD43"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*","matchCriteriaId":"3A9A62EE-1649-4815-8EC9-7AEF7949EB2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*","matchCriteriaId":"E58690F9-FA9C-42A0-B4CD-91FD1197A53E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*","matchCriteriaId":"77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*","matchCriteriaId":"8B83729E-80AF-47CE-A70C-32BF83024A40"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p9:*:*:*:*:*:*","matchCriteriaId":"73D22D42-646D-4955-A6F9-9B7BA63DC0A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*","matchCriteriaId":"B5D04853-0C2F-47DD-A939-3A8F6E22CB7D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*","matchCriteriaId":"6EBB0608-034B-4F07-A59B-9E6A989BA260"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*","matchCriteriaId":"B3BF9B08-84E3-4974-9DEB-F4285995D796"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:beta3:*:*:*:*:*:*","matchCriteriaId":"7771BEDB-05E2-430E-B2A2-E2F7574B7114"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*","matchCriteriaId":"2E05341A-C70C-4B3D-AF30-9520D6B97D30"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*","matchCriteriaId":"4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*","matchCriteriaId":"95026AA9-A28B-4D94-BD77-7628429EBA30"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p4:*:*:*:*:*:*","matchCriteriaId":"83FD1220-7D46-42B2-8110-30A934144572"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p5:*:*:*:*:*:*","matchCriteriaId":"3F1439CE-8A3B-414A-B974-559209FF480C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p6:*:*:*:*:*:*","matchCriteriaId":"13726DEE-FFCB-447B-9FFF-136F132F2C4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p7:*:*:*:*:*:*","matchCriteriaId":"1A9443CE-AE1F-4D66-9C88-5E2E3FD28EE6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p8:*:*:*:*:*:*","matchCriteriaId":"B5E29EF8-2569-4258-A66F-E1E5F621E0D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p9:*:*:*:*:*:*","matchCriteriaId":"141DC3FF-68ED-429D-B10F-3C61B1399513"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:-:*:*:*:*:*:*","matchCriteriaId":"1EE12F4B-5607-4790-A29B-EE23383BCC1A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*","matchCriteriaId":"6D05A958-9749-486A-A149-C21647CDCADF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:beta2:*:*:*:*:*:*","matchCriteriaId":"C9E12B43-AD3E-48A2-9042-5586186CA3BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p1:*:*:*:*:*:*","matchCriteriaId":"C267AF14-7BA8-4D1F-BCD9-BE3ED0DA3D25"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p2:*:*:*:*:*:*","matchCriteriaId":"B4947C63-CFD9-437B-A09E-A197DCE40095"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p3:*:*:*:*:*:*","matchCriteriaId":"7FB6D020-2E5C-4789-A063-2C907F3CF3FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p4:*:*:*:*:*:*","matchCriteriaId":"A607D50D-B385-41F3-B1A9-3B21F52F2386"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.9:beta1:*:*:*:*:*:*","matchCriteriaId":"E4800556-D9A9-41AA-84A8-610BDAE2DE24"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*","versionEndExcluding":"1.3.3","matchCriteriaId":"28120C2E-10AD-4476-B6C3-BE3A43946068"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*","matchCriteriaId":"C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p1:*:*:*:*:*:*","matchCriteriaId":"E396FB4F-B20A-4BF9-8FBD-014A0F197F08"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*","matchCriteriaId":"2ADE32D1-2845-4030-BE1F-ECE28189D0F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*","matchCriteriaId":"F2E771C9-86C4-455C-98D4-6F4FE7A9A822"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:*:*:*:*:*:*","matchCriteriaId":"491AB715-F62A-46DB-A56E-055CF7CB7BEF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p13:*:*:*:*:*:*","matchCriteriaId":"6FE364A8-4780-426F-9E8A-284A31FE2623"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p14:*:*:*:*:*:*","matchCriteriaId":"F9258027-8A6A-4C6A-BC6F-349B6E03D828"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p15:*:*:*:*:*:*","matchCriteriaId":"934C52C7-8751-481E-BAA7-F631C4E31F32"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p16:*:*:*:*:*:*","matchCriteriaId":"D3C5847F-57AA-4ADA-8997-5D4F5FDFF50E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p17:*:*:*:*:*:*","matchCriteriaId":"12F8A820-8F52-4214-9EB3-DFEA5C89D738"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p2:*:*:*:*:*:*","matchCriteriaId":"5677B7E2-FA07-4536-96A9-2C64BEFD3751"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p3:*:*:*:*:*:*","matchCriteriaId":"2DCD1522-6E27-474F-9FC6-413409D6AD55"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p4:*:*:*:*:*:*","matchCriteriaId":"B7968FCA-CCFD-4222-8FB8-E6E21107944F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p5:*:*:*:*:*:*","matchCriteriaId":"8C175A1F-7814-4C51-A7B7-AD5140F0688F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p6:*:*:*:*:*:*","matchCriteriaId":"E66CBFB3-40C3-474A-A3A3-12135F610814"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p7:*:*:*:*:*:*","matchCriteriaId":"F51DFA17-1875-41A9-B141-D89BB6238B3F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p8:*:*:*:*:*:*","matchCriteriaId":"5A4D10EF-9137-4DF5-A5DD-97907E8B4C02"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p9:*:*:*:*:*:*","matchCriteriaId":"5CD0DC76-7181-4954-A59E-AB7BB47D0576"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*","matchCriteriaId":"1C90C433-6655-4038-9AB3-0304C1AFF360"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p1:*:*:*:*:*:*","matchCriteriaId":"374E7EDD-512A-4633-A136-01A656935334"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*","matchCriteriaId":"89BAB227-03E6-4776-ADE4-9D9CB666EFD9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p11:*:*:*:*:*:*","matchCriteriaId":"0E5ACABA-D6D6-4F29-A9DD-5A04A44ABE64"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p12:*:*:*:*:*:*","matchCriteriaId":"FA80AFCE-2663-46C0-AEC0-C16C8E675E6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p13:*:*:*:*:*:*","matchCriteriaId":"EB9955CA-7E7B-40D3-A85D-58BB0D9AC897"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p14:*:*:*:*:*:*","matchCriteriaId":"5D0A17AC-D433-47C2-A1AC-88291DCCECCD"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p15:*:*:*:*:*:*","matchCriteriaId":"7E0FD85B-E851-436D-A789-852DD26A3B56"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p16:*:*:*:*:*:*","matchCriteriaId":"435DFE49-8BCF-4F74-856C-141037F8666B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p2:*:*:*:*:*:*","matchCriteriaId":"0E9D364A-C858-4160-8B8B-33ECF94796D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p3:*:*:*:*:*:*","matchCriteriaId":"61559E50-581E-40FF-9FD4-10192ECFCD04"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p4:*:*:*:*:*:*","matchCriteriaId":"DE3BFB41-5633-4167-B1EA-9E958BCE9DC2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p5:*:*:*:*:*:*","matchCriteriaId":"F2C525D2-837D-486A-8B38-5634AE2ECE2B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p6:*:*:*:*:*:*","matchCriteriaId":"6F220229-F2DF-4C9D-90A6-8B09F8BE3391"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p7:*:*:*:*:*:*","matchCriteriaId":"63AB9506-3F8E-4C2E-A859-2380431C15A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p8:*:*:*:*:*:*","matchCriteriaId":"51B76658-EA6B-4AC9-9D9C-374C5308D069"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*","matchCriteriaId":"6E94B136-7A2C-47F0-BCE4-6BB8E776A305"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*","matchCriteriaId":"15C638A8-EFE0-47DB-B1F9-34093AF0FC17"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*","matchCriteriaId":"CB863404-A9D7-4692-AB43-08945E669928"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*","matchCriteriaId":"D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*","matchCriteriaId":"A21F608C-C356-47B8-8FBB-DB28BABFC4C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p4:*:*:*:*:*:*","matchCriteriaId":"E14195F1-5016-46BE-A614-6FB4E312FC93"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p5:*:*:*:*:*:*","matchCriteriaId":"9C360EA8-B18F-4327-90EF-7EED2892BE4F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p6:*:*:*:*:*:*","matchCriteriaId":"500E3A54-D7C7-4887-9EA6-7DF85389A831"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p7:*:*:*:*:*:*","matchCriteriaId":"ED6FFC1D-E921-4FF7-9928-015630613FE1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p8:*:*:*:*:*:*","matchCriteriaId":"FB8CAC6E-DA06-4C82-B148-38234D4EB910"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p9:*:*:*:*:*:*","matchCriteriaId":"CEC04530-DA8F-4411-8C55-9291F5CBBC8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:-:*:*:*:*:*:*","matchCriteriaId":"D855D141-7876-4F5A-91BE-6350DD379879"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p1:*:*:*:*:*:*","matchCriteriaId":"79CBDF59-EB84-44D3-81CF-5CBF943B411E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p2:*:*:*:*:*:*","matchCriteriaId":"2117B163-D88E-4EB4-AEA7-F27FB732BD48"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p3:*:*:*:*:*:*","matchCriteriaId":"33E56E15-320F-4517-85C1-832A5942944C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p4:*:*:*:*:*:*","matchCriteriaId":"F50271FB-D419-4F63-A4CE-ED94C202AE8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.3:beta1:*:*:*:*:*:*","matchCriteriaId":"6A4BB895-9ECD-4026-9AC0-345F9AB817E1"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*","versionEndExcluding":"2.4.6","matchCriteriaId":"371EC52C-661F-45E9-B010-7E92E829684B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*","matchCriteriaId":"789BD987-9DAD-4EAE-93DE-0E267D54F124"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*","matchCriteriaId":"A3F113C0-00C5-4BC2-B42B-8AE3756252F2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p10:*:*:open_source:*:*:*","matchCriteriaId":"AE842CC8-7795-4238-B727-0BA2FFFBF62C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p11:*:*:open_source:*:*:*","matchCriteriaId":"AE724531-422D-4ABB-98F5-2C0B1BBEF031"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p12:*:*:open_source:*:*:*","matchCriteriaId":"BB499397-0E40-45B0-A7E9-BEFCC909DD07"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p13:*:*:open_source:*:*:*","matchCriteriaId":"0F972E57-B08E-46DF-88F1-A3002F001E83"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p14:*:*:open_source:*:*:*","matchCriteriaId":"F2DB3C10-65DF-4642-B581-8BE75FA2FAFA"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*","matchCriteriaId":"02592D65-2D2C-460A-A970-8A18F9B156ED"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*","matchCriteriaId":"457B89CF-C75E-4ED6-8603-9C52BA462A9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*","matchCriteriaId":"A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*","matchCriteriaId":"2A2DD9C6-BAF5-4DF5-9C14-3478923B2019"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*","matchCriteriaId":"BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*","matchCriteriaId":"2AA0B806-ABB8-4C18-9F9C-8291BE208F52"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*","matchCriteriaId":"AA9D4DAB-7567-48D7-BE60-2A10B35CFF27"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p9:*:*:open_source:*:*:*","matchCriteriaId":"A91E797D-63F6-4DE8-869C-AF0133DC6C03"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*","matchCriteriaId":"0E06FE04-8844-4409-92D9-4972B47C921B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*","matchCriteriaId":"99C620F3-40ED-4D7F-B6A1-205E948FD6F5"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*","matchCriteriaId":"FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:beta3:*:*:open_source:*:*:*","matchCriteriaId":"7EB4B9C5-513C-4039-8087-5E8880894318"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*","matchCriteriaId":"9C77154A-DBFE-48C3-A274-03075A0DB040"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*","matchCriteriaId":"F5AAC414-623C-444F-9BD5-EE0ACE2B2246"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*","matchCriteriaId":"8292888D-B0B0-4DF3-8719-EA4CDCAB39D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p4:*:*:open_source:*:*:*","matchCriteriaId":"9830E074-FDCF-41E9-98C7-10C20424EF4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p5:*:*:open_source:*:*:*","matchCriteriaId":"9D0C8648-B39E-47C7-AA5C-3AFED22F8D40"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p6:*:*:open_source:*:*:*","matchCriteriaId":"082F8B60-ECC5-4C55-BBFE-A0C8A3E95590"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p7:*:*:open_source:*:*:*","matchCriteriaId":"A7B83AD4-3134-414A-80E3-106C3C0F975A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p8:*:*:open_source:*:*:*","matchCriteriaId":"FAA14D5B-ACF2-497B-ACE7-33C42682D2DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p9:*:*:open_source:*:*:*","matchCriteriaId":"FCD04DB8-77E6-47FA-957C-F41530DC45E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:-:*:*:open_source:*:*:*","matchCriteriaId":"00E8284F-10CD-449C-AEF1-688B8287292F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*","matchCriteriaId":"59C10C74-FDB1-46EC-8F41-F3AC24AEFB7D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:beta2:*:*:open_source:*:*:*","matchCriteriaId":"2957B390-52C5-48D7-A6D7-709BC76B9C69"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p1:*:*:open_source:*:*:*","matchCriteriaId":"524F64B6-F7F7-4926-884F-E9448636007C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p2:*:*:open_source:*:*:*","matchCriteriaId":"9F56F919-69B6-4A77-B8CE-F13409542F14"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p3:*:*:open_source:*:*:*","matchCriteriaId":"F81D46F6-AEA3-4A83-A6F5-2231FD4CEC46"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p4:*:*:open_source:*:*:*","matchCriteriaId":"10A2F717-827A-424E-8DBA-CABED7C70A08"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.9:beta1:*:*:open_source:*:*:*","matchCriteriaId":"ED72E42E-7F55-4FEE-B936-B5EE688BF4E0"}]}]}],"references":[{"url":"https://helpx.adobe.com/security/products/magento/apsb26-49.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-34685","sourceIdentifier":"psirt@adobe.com","published":"2026-05-12T20:16:38.480","lastModified":"2026-05-20T15:48:34.723","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier [NEEDS REVIEW: impact mismatch — ticket says 'Arbitrary file system write', CIA triad derives 'Security Feature Bypass'. Verify CVSS vector before publishing.] are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed."}],"metrics":{"cvssMetricV31":[{"source":"psirt@adobe.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N","baseScore":3.4,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":1.4}]},"weaknesses":[{"source":"psirt@adobe.com","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.4","matchCriteriaId":"76AAB57F-7723-44E0-B91A-9F120C849AC4"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*","matchCriteriaId":"D258D9EF-94FB-41F0-A7A5-7F66FA7A0055"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*","matchCriteriaId":"4E5CF6F0-2388-4D3F-8FE1-43B8AF148564"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*","matchCriteriaId":"1C3D7164-1C5F-40BC-9EEC-B0E00CD45808"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*","matchCriteriaId":"68AAE162-5957-42AF-BE20-40F341837FAC"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p12:*:*:*:*:*:*","matchCriteriaId":"D9D01159-3309-4F6B-93B0-2D89DDD33DEE"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p13:*:*:*:*:*:*","matchCriteriaId":"91736E79-D8E7-4AF2-8E01-A7B4EB8AD6F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p14:*:*:*:*:*:*","matchCriteriaId":"8412C043-64E7-4DFF-A303-13A6FE113BFB"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p15:*:*:*:*:*:*","matchCriteriaId":"BBDA2BCF-E784-4CF3-B30D-6FF5BEE2055F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p16:*:*:*:*:*:*","matchCriteriaId":"00909C10-6C93-4735-94ED-18DCBD608A28"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p17:*:*:*:*:*:*","matchCriteriaId":"C6F35FE6-853D-4EC6-8A4F-07F4ABD6301A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*","matchCriteriaId":"D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*","matchCriteriaId":"CFEBDDF2-6443-4482-83B2-3CD272CF599F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*","matchCriteriaId":"6661093F-8D22-450F-BC6C-A8894A52E6A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*","matchCriteriaId":"2515DA6D-2E74-4A05-BD29-FEEF3322BCB6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*","matchCriteriaId":"69A1F1F7-E53C-40F3-B3D9-DC011FC353BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*","matchCriteriaId":"6A56E96C-6CE5-442C-AA88-F0059B02B5E7"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*","matchCriteriaId":"8867F510-201C-4199-8554-53DE156CE669"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*","matchCriteriaId":"23988132-DD4E-4968-B6B8-954122F76081"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*","matchCriteriaId":"9B07F7B2-E915-4EFF-8FFC-91143CEF082E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*","matchCriteriaId":"7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*","matchCriteriaId":"5764CC97-C866-415D-A3A1-5B5B9E1C06A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p11:*:*:*:*:*:*","matchCriteriaId":"E82D10D8-2894-4E5B-B47B-F00964DD5CDE"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p12:*:*:*:*:*:*","matchCriteriaId":"B044F2D9-E888-4852-8A40-DCE688860ED3"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p13:*:*:*:*:*:*","matchCriteriaId":"6423C754-36F9-4680-9211-60940ED63E79"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p14:*:*:*:*:*:*","matchCriteriaId":"3472064A-8C79-436B-965A-96834AE8D346"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p15:*:*:*:*:*:*","matchCriteriaId":"CDA8ABEB-F955-4D34-8219-C518B49F5543"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p16:*:*:*:*:*:*","matchCriteriaId":"55D6A6BD-9E63-448A-A286-437EA1580CEF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*","matchCriteriaId":"8605E4E6-0F7D-42C8-B35B-2349A0BEFC69"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*","matchCriteriaId":"B6318F97-E59A-4425-8DC7-045C78A644F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*","matchCriteriaId":"324A573E-DBC8-42A0-8CB8-EDD8FBAB7115"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*","matchCriteriaId":"54151A00-CFB8-4E6A-8E74-497CB67BF7E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*","matchCriteriaId":"6DF0E74D-9293-4209-97D1-A3BA13C3DDE9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*","matchCriteriaId":"8922D646-1A97-47ED-91C6-5A426781C98A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*","matchCriteriaId":"952787C6-9BF1-49FB-9824-1236678E1902"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*","matchCriteriaId":"898A8679-3C46-4718-9EDF-583ADDFCF2EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*","matchCriteriaId":"7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*","matchCriteriaId":"D6086841-C175-46A1-8414-71C6163A0E7A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p10:*:*:*:*:*:*","matchCriteriaId":"E57889CC-3E90-46AF-9CD6-3328DD501AD1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p11:*:*:*:*:*:*","matchCriteriaId":"47A86566-DE38-4032-947D-B6181F0BC120"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p12:*:*:*:*:*:*","matchCriteriaId":"B7D1D684-CE7E-4D6D-95B5-1F86A8DB6C66"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p13:*:*:*:*:*:*","matchCriteriaId":"CABF5BD0-1D06-483D-91D3-A773D99EF217"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p14:*:*:*:*:*:*","matchCriteriaId":"33512239-B316-4FE7-94F0-ABD30900238B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*","matchCriteriaId":"D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*","matchCriteriaId":"A576B1B5-73A2-431E-998F-7E5458B51D6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*","matchCriteriaId":"0E05F4AC-2A28-47E3-96DE-0E31AF73CD43"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*","matchCriteriaId":"3A9A62EE-1649-4815-8EC9-7AEF7949EB2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*","matchCriteriaId":"E58690F9-FA9C-42A0-B4CD-91FD1197A53E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*","matchCriteriaId":"77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*","matchCriteriaId":"8B83729E-80AF-47CE-A70C-32BF83024A40"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.6:p9:*:*:*:*:*:*","matchCriteriaId":"73D22D42-646D-4955-A6F9-9B7BA63DC0A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*","matchCriteriaId":"B5D04853-0C2F-47DD-A939-3A8F6E22CB7D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*","matchCriteriaId":"6EBB0608-034B-4F07-A59B-9E6A989BA260"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*","matchCriteriaId":"B3BF9B08-84E3-4974-9DEB-F4285995D796"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:beta3:*:*:*:*:*:*","matchCriteriaId":"7771BEDB-05E2-430E-B2A2-E2F7574B7114"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*","matchCriteriaId":"2E05341A-C70C-4B3D-AF30-9520D6B97D30"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*","matchCriteriaId":"4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*","matchCriteriaId":"95026AA9-A28B-4D94-BD77-7628429EBA30"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p4:*:*:*:*:*:*","matchCriteriaId":"83FD1220-7D46-42B2-8110-30A934144572"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p5:*:*:*:*:*:*","matchCriteriaId":"3F1439CE-8A3B-414A-B974-559209FF480C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p6:*:*:*:*:*:*","matchCriteriaId":"13726DEE-FFCB-447B-9FFF-136F132F2C4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p7:*:*:*:*:*:*","matchCriteriaId":"1A9443CE-AE1F-4D66-9C88-5E2E3FD28EE6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p8:*:*:*:*:*:*","matchCriteriaId":"B5E29EF8-2569-4258-A66F-E1E5F621E0D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.7:p9:*:*:*:*:*:*","matchCriteriaId":"141DC3FF-68ED-429D-B10F-3C61B1399513"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:-:*:*:*:*:*:*","matchCriteriaId":"1EE12F4B-5607-4790-A29B-EE23383BCC1A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*","matchCriteriaId":"6D05A958-9749-486A-A149-C21647CDCADF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:beta2:*:*:*:*:*:*","matchCriteriaId":"C9E12B43-AD3E-48A2-9042-5586186CA3BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p1:*:*:*:*:*:*","matchCriteriaId":"C267AF14-7BA8-4D1F-BCD9-BE3ED0DA3D25"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p2:*:*:*:*:*:*","matchCriteriaId":"B4947C63-CFD9-437B-A09E-A197DCE40095"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p3:*:*:*:*:*:*","matchCriteriaId":"7FB6D020-2E5C-4789-A063-2C907F3CF3FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.8:p4:*:*:*:*:*:*","matchCriteriaId":"A607D50D-B385-41F3-B1A9-3B21F52F2386"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce:2.4.9:beta1:*:*:*:*:*:*","matchCriteriaId":"E4800556-D9A9-41AA-84A8-610BDAE2DE24"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*","versionEndExcluding":"1.3.3","matchCriteriaId":"28120C2E-10AD-4476-B6C3-BE3A43946068"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*","matchCriteriaId":"C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p1:*:*:*:*:*:*","matchCriteriaId":"E396FB4F-B20A-4BF9-8FBD-014A0F197F08"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*","matchCriteriaId":"2ADE32D1-2845-4030-BE1F-ECE28189D0F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*","matchCriteriaId":"F2E771C9-86C4-455C-98D4-6F4FE7A9A822"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:*:*:*:*:*:*","matchCriteriaId":"491AB715-F62A-46DB-A56E-055CF7CB7BEF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p13:*:*:*:*:*:*","matchCriteriaId":"6FE364A8-4780-426F-9E8A-284A31FE2623"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p14:*:*:*:*:*:*","matchCriteriaId":"F9258027-8A6A-4C6A-BC6F-349B6E03D828"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p15:*:*:*:*:*:*","matchCriteriaId":"934C52C7-8751-481E-BAA7-F631C4E31F32"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p16:*:*:*:*:*:*","matchCriteriaId":"D3C5847F-57AA-4ADA-8997-5D4F5FDFF50E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p17:*:*:*:*:*:*","matchCriteriaId":"12F8A820-8F52-4214-9EB3-DFEA5C89D738"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p2:*:*:*:*:*:*","matchCriteriaId":"5677B7E2-FA07-4536-96A9-2C64BEFD3751"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p3:*:*:*:*:*:*","matchCriteriaId":"2DCD1522-6E27-474F-9FC6-413409D6AD55"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p4:*:*:*:*:*:*","matchCriteriaId":"B7968FCA-CCFD-4222-8FB8-E6E21107944F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p5:*:*:*:*:*:*","matchCriteriaId":"8C175A1F-7814-4C51-A7B7-AD5140F0688F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p6:*:*:*:*:*:*","matchCriteriaId":"E66CBFB3-40C3-474A-A3A3-12135F610814"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p7:*:*:*:*:*:*","matchCriteriaId":"F51DFA17-1875-41A9-B141-D89BB6238B3F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p8:*:*:*:*:*:*","matchCriteriaId":"5A4D10EF-9137-4DF5-A5DD-97907E8B4C02"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p9:*:*:*:*:*:*","matchCriteriaId":"5CD0DC76-7181-4954-A59E-AB7BB47D0576"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*","matchCriteriaId":"1C90C433-6655-4038-9AB3-0304C1AFF360"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p1:*:*:*:*:*:*","matchCriteriaId":"374E7EDD-512A-4633-A136-01A656935334"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*","matchCriteriaId":"89BAB227-03E6-4776-ADE4-9D9CB666EFD9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p11:*:*:*:*:*:*","matchCriteriaId":"0E5ACABA-D6D6-4F29-A9DD-5A04A44ABE64"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p12:*:*:*:*:*:*","matchCriteriaId":"FA80AFCE-2663-46C0-AEC0-C16C8E675E6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p13:*:*:*:*:*:*","matchCriteriaId":"EB9955CA-7E7B-40D3-A85D-58BB0D9AC897"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p14:*:*:*:*:*:*","matchCriteriaId":"5D0A17AC-D433-47C2-A1AC-88291DCCECCD"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p15:*:*:*:*:*:*","matchCriteriaId":"7E0FD85B-E851-436D-A789-852DD26A3B56"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p16:*:*:*:*:*:*","matchCriteriaId":"435DFE49-8BCF-4F74-856C-141037F8666B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p2:*:*:*:*:*:*","matchCriteriaId":"0E9D364A-C858-4160-8B8B-33ECF94796D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p3:*:*:*:*:*:*","matchCriteriaId":"61559E50-581E-40FF-9FD4-10192ECFCD04"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p4:*:*:*:*:*:*","matchCriteriaId":"DE3BFB41-5633-4167-B1EA-9E958BCE9DC2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p5:*:*:*:*:*:*","matchCriteriaId":"F2C525D2-837D-486A-8B38-5634AE2ECE2B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p6:*:*:*:*:*:*","matchCriteriaId":"6F220229-F2DF-4C9D-90A6-8B09F8BE3391"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p7:*:*:*:*:*:*","matchCriteriaId":"63AB9506-3F8E-4C2E-A859-2380431C15A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p8:*:*:*:*:*:*","matchCriteriaId":"51B76658-EA6B-4AC9-9D9C-374C5308D069"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*","matchCriteriaId":"6E94B136-7A2C-47F0-BCE4-6BB8E776A305"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*","matchCriteriaId":"15C638A8-EFE0-47DB-B1F9-34093AF0FC17"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*","matchCriteriaId":"CB863404-A9D7-4692-AB43-08945E669928"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*","matchCriteriaId":"D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*","matchCriteriaId":"A21F608C-C356-47B8-8FBB-DB28BABFC4C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p4:*:*:*:*:*:*","matchCriteriaId":"E14195F1-5016-46BE-A614-6FB4E312FC93"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p5:*:*:*:*:*:*","matchCriteriaId":"9C360EA8-B18F-4327-90EF-7EED2892BE4F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p6:*:*:*:*:*:*","matchCriteriaId":"500E3A54-D7C7-4887-9EA6-7DF85389A831"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p7:*:*:*:*:*:*","matchCriteriaId":"ED6FFC1D-E921-4FF7-9928-015630613FE1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p8:*:*:*:*:*:*","matchCriteriaId":"FB8CAC6E-DA06-4C82-B148-38234D4EB910"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p9:*:*:*:*:*:*","matchCriteriaId":"CEC04530-DA8F-4411-8C55-9291F5CBBC8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:-:*:*:*:*:*:*","matchCriteriaId":"D855D141-7876-4F5A-91BE-6350DD379879"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p1:*:*:*:*:*:*","matchCriteriaId":"79CBDF59-EB84-44D3-81CF-5CBF943B411E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p2:*:*:*:*:*:*","matchCriteriaId":"2117B163-D88E-4EB4-AEA7-F27FB732BD48"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p3:*:*:*:*:*:*","matchCriteriaId":"33E56E15-320F-4517-85C1-832A5942944C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p4:*:*:*:*:*:*","matchCriteriaId":"F50271FB-D419-4F63-A4CE-ED94C202AE8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:commerce_b2b:1.5.3:beta1:*:*:*:*:*:*","matchCriteriaId":"6A4BB895-9ECD-4026-9AC0-345F9AB817E1"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*","versionEndExcluding":"2.4.6","matchCriteriaId":"371EC52C-661F-45E9-B010-7E92E829684B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*","matchCriteriaId":"789BD987-9DAD-4EAE-93DE-0E267D54F124"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*","matchCriteriaId":"A3F113C0-00C5-4BC2-B42B-8AE3756252F2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p10:*:*:open_source:*:*:*","matchCriteriaId":"AE842CC8-7795-4238-B727-0BA2FFFBF62C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p11:*:*:open_source:*:*:*","matchCriteriaId":"AE724531-422D-4ABB-98F5-2C0B1BBEF031"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p12:*:*:open_source:*:*:*","matchCriteriaId":"BB499397-0E40-45B0-A7E9-BEFCC909DD07"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p13:*:*:open_source:*:*:*","matchCriteriaId":"0F972E57-B08E-46DF-88F1-A3002F001E83"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p14:*:*:open_source:*:*:*","matchCriteriaId":"F2DB3C10-65DF-4642-B581-8BE75FA2FAFA"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*","matchCriteriaId":"02592D65-2D2C-460A-A970-8A18F9B156ED"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*","matchCriteriaId":"457B89CF-C75E-4ED6-8603-9C52BA462A9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*","matchCriteriaId":"A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*","matchCriteriaId":"2A2DD9C6-BAF5-4DF5-9C14-3478923B2019"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*","matchCriteriaId":"BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*","matchCriteriaId":"2AA0B806-ABB8-4C18-9F9C-8291BE208F52"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*","matchCriteriaId":"AA9D4DAB-7567-48D7-BE60-2A10B35CFF27"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.6:p9:*:*:open_source:*:*:*","matchCriteriaId":"A91E797D-63F6-4DE8-869C-AF0133DC6C03"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*","matchCriteriaId":"0E06FE04-8844-4409-92D9-4972B47C921B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*","matchCriteriaId":"99C620F3-40ED-4D7F-B6A1-205E948FD6F5"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*","matchCriteriaId":"FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:beta3:*:*:open_source:*:*:*","matchCriteriaId":"7EB4B9C5-513C-4039-8087-5E8880894318"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*","matchCriteriaId":"9C77154A-DBFE-48C3-A274-03075A0DB040"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*","matchCriteriaId":"F5AAC414-623C-444F-9BD5-EE0ACE2B2246"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*","matchCriteriaId":"8292888D-B0B0-4DF3-8719-EA4CDCAB39D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p4:*:*:open_source:*:*:*","matchCriteriaId":"9830E074-FDCF-41E9-98C7-10C20424EF4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p5:*:*:open_source:*:*:*","matchCriteriaId":"9D0C8648-B39E-47C7-AA5C-3AFED22F8D40"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p6:*:*:open_source:*:*:*","matchCriteriaId":"082F8B60-ECC5-4C55-BBFE-A0C8A3E95590"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p7:*:*:open_source:*:*:*","matchCriteriaId":"A7B83AD4-3134-414A-80E3-106C3C0F975A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p8:*:*:open_source:*:*:*","matchCriteriaId":"FAA14D5B-ACF2-497B-ACE7-33C42682D2DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.7:p9:*:*:open_source:*:*:*","matchCriteriaId":"FCD04DB8-77E6-47FA-957C-F41530DC45E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:-:*:*:open_source:*:*:*","matchCriteriaId":"00E8284F-10CD-449C-AEF1-688B8287292F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*","matchCriteriaId":"59C10C74-FDB1-46EC-8F41-F3AC24AEFB7D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:beta2:*:*:open_source:*:*:*","matchCriteriaId":"2957B390-52C5-48D7-A6D7-709BC76B9C69"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p1:*:*:open_source:*:*:*","matchCriteriaId":"524F64B6-F7F7-4926-884F-E9448636007C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p2:*:*:open_source:*:*:*","matchCriteriaId":"9F56F919-69B6-4A77-B8CE-F13409542F14"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p3:*:*:open_source:*:*:*","matchCriteriaId":"F81D46F6-AEA3-4A83-A6F5-2231FD4CEC46"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.8:p4:*:*:open_source:*:*:*","matchCriteriaId":"10A2F717-827A-424E-8DBA-CABED7C70A08"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento:2.4.9:beta1:*:*:open_source:*:*:*","matchCriteriaId":"ED72E42E-7F55-4FEE-B936-B5EE688BF4E0"}]}]}],"references":[{"url":"https://helpx.adobe.com/security/products/magento/apsb26-49.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-43476","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-13T16:16:50.680","lastModified":"2026-05-20T17:16:23.083","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\niio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas()\n\nsizeof(num) evaluates to sizeof(size_t) (8 bytes on 64-bit) instead\nof the intended __be32 element size (4 bytes). Use sizeof(*meas) to\ncorrectly match the buffer element type."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"references":[{"url":"https://git.kernel.org/stable/c/08881d82f94deaa51800360029908863e5c4c39d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/165f12b40901c6a7aca15796da239726ddcdc5ad","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/216345f98cae7fcc84f49728c67478ac00321c87","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/2a4d111a6a34afb8bb4f118009e7728ed2ec7e10","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/90e978ace598567e6e30de79805bddf37cf892ac","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/9aff2e9c2927ecd9652872a43a0725f101128104","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/dcdf1e92674efb6692f4ebe189e0aa9fde23a541","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-43481","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-13T16:16:51.287","lastModified":"2026-05-20T17:16:23.260","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet-shapers: don't free reply skb after genlmsg_reply()\n\ngenlmsg_reply() hands the reply skb to netlink, and\nnetlink_unicast() consumes it on all return paths, whether the\nskb is queued successfully or freed on an error path.\n\nnet_shaper_nl_get_doit() and net_shaper_nl_cap_get_doit()\ncurrently jump to free_msg after genlmsg_reply() fails and call\nnlmsg_free(msg), which can hit the same skb twice.\n\nReturn the genlmsg_reply() error directly and keep free_msg\nonly for pre-reply failures."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"references":[{"url":"https://git.kernel.org/stable/c/57885276cc16a2e2b76282c808a4e84cbecb3aae","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/83f7b54242d0abbfce35a55c01322f50962ed3ee","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/8738dcc844fff7d0157ee775230e95df3b1884d7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-44919","sourceIdentifier":"cve@mitre.org","published":"2026-05-14T02:17:21.773","lastModified":"2026-05-20T17:16:23.870","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-696"}]}],"references":[{"url":"https://bugs.launchpad.net/ironic/+bug/2150332","source":"cve@mitre.org"},{"url":"https://opendev.org/openstack/ironic/commit/a3f6d735ac3642ab95b49142c7305f072ae748d0","source":"cve@mitre.org"},{"url":"https://security.openstack.org/ossa/OSSA-2026-013.html","source":"cve@mitre.org"},{"url":"https://bugs.launchpad.net/ironic/+bug/2150332","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-43490","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-15T06:16:20.363","lastModified":"2026-05-20T17:16:23.387","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: validate inherited ACE SID length\n\nsmb_inherit_dacl() walks the parent directory DACL loaded from the\nsecurity descriptor xattr. It verifies that each ACE contains the fixed\nSID header before using it, but does not verify that the variable-length\nSID described by sid.num_subauth is fully contained in the ACE.\n\nA malformed inheritable ACE can advertise more subauthorities than are\npresent in the ACE. compare_sids() may then read past the ACE.\nsmb_set_ace() also clamps the copied destination SID, but used the\nunchecked source SID count to compute the inherited ACE size. That could\nadvance the temporary inherited ACE buffer pointer and nt_size accounting\npast the allocated buffer.\n\nFix this by validating the parent ACE SID count and SID length before\nusing the SID during inheritance. Compute the inherited ACE size from the\ncopied SID so the size matches the bounded destination SID. Reject the\ninherited DACL if size accumulation would overflow smb_acl.size or the\nsecurity descriptor allocation size."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"references":[{"url":"https://git.kernel.org/stable/c/1aa60fea7f637c071f529ad6784aecca2f2f0c5f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/47c6e37a77b10e74f70d845ba4ea5d3cafa00336","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/996454bc0da84d5a1dedb1a7861823087e01a7ae","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/c1d95c995d5bcb24b639200a899eda59cb1e6d64","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-45036","sourceIdentifier":"security-advisories@github.com","published":"2026-05-15T17:16:48.487","lastModified":"2026-05-20T17:16:24.467","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, Tabby before 1.0.233 automatically confirms ZMODEM protocol detection on all terminal session output without user interaction, enabling shell command execution when a user displays attacker-controlled content. The ZModemMiddleware in tabby-terminal consumes all session output through a Zmodem.Sentry, and when a ZMODEM ZRQINIT header is detected, unconditionally calls detection.confirm() and writes a fixed ZRINIT response ( **\\x18B0100000023be50\\r\\n\\x11) back into the active PTY as input. When the process that triggered the detection (e.g., cat) exits, the injected bytes are consumed by the user's shell as a command line. Under fish (default configuration), the ** prefix triggers recursive glob expansion against the current directory, allowing an attacker-placed executable at a matching nested path (e.g., d/xB0100000023be50) to be executed by relative pathname without relying on PATH. Under bash and zsh, a secondary xterm.js terminal color-query feedback (OSC 10) can be combined in the same file to inject a slash-containing command word that similarly bypasses PATH resolution. An attacker can exploit this by providing a crafted file (e.g., in a cloned Git repository) that a user displays with cat, achieving code execution with no interaction beyond viewing the file. This vulnerability is fixed in 1.0.233."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tabby:tabby:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.233","matchCriteriaId":"E98FEEBA-7742-4164-960E-EAE0E1004A75"}]}]}],"references":[{"url":"https://github.com/Eugeny/tabby/security/advisories/GHSA-qr3x-j8g9-xhf6","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-45038","sourceIdentifier":"security-advisories@github.com","published":"2026-05-15T17:16:48.760","lastModified":"2026-05-20T17:16:24.593","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, since Tabby does not escape control characters from file paths when dragging and dropping a file into it, code execution can be achieved. This vulnerability is fixed in 1.0.233."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-150"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tabby:tabby:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.233","matchCriteriaId":"E98FEEBA-7742-4164-960E-EAE0E1004A75"}]}]}],"references":[{"url":"https://github.com/Eugeny/tabby/security/advisories/GHSA-m937-jm93-pfp6","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8741","sourceIdentifier":"cna@vuldb.com","published":"2026-05-17T09:16:35.013","lastModified":"2026-05-20T23:02:12.283","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been found in EMQX up to 6.2.0. This affects an unknown function of the file apps/emqx/src/emqx_persistent_session_ds.erl of the component QoS 2 PUBLISH Packet Handler. Such manipulation leads to race condition. The attack may be performed from remote. A high complexity level is associated with this attack. The exploitability is reported as difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:S/C:N/I:N/A:P","baseScore":2.1,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-362"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:emqx:emqx:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0","versionEndIncluding":"6.2.0","matchCriteriaId":"E5174349-D7AF-4064-879C-B980604DB41C"}]}]}],"references":[{"url":"https://github.com/Pathfind-tama/Report_EMQX_MQTT","source":"cna@vuldb.com","tags":["Third Party Advisory"]},{"url":"https://github.com/Pathfind-tama/Report_EMQX_MQTT/blob/main/MQTT%20QoS%202%20Message%20Duplication%20in%20Persistent%20Sessions.md","source":"cna@vuldb.com","tags":["Third Party Advisory","Exploit","Mitigation"]},{"url":"https://vuldb.com/submit/809931","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/364329","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/364329/cti","source":"cna@vuldb.com","tags":["Permissions Required","VDB Entry"]}]}},{"cve":{"id":"CVE-2026-8766","sourceIdentifier":"cna@vuldb.com","published":"2026-05-17T23:17:02.640","lastModified":"2026-05-20T17:34:04.830","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw has been found in Kilo-Org kilocode up to 7.0.47. This issue affects the function Load of the file packages/opencode/src/config/config.ts of the component Environment Variable Handler. Executing a manipulation of the argument KILO_CONFIG_CONTENT can lead to information disclosure. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-284"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:kilo:kilo_code_cli:*:*:*:*:*:node.js:*:*","versionEndIncluding":"7.0.47","matchCriteriaId":"7FA8CC8A-DFED-48D2-9553-E1A7295A8767"}]}]}],"references":[{"url":"https://gist.github.com/YLChen-007/32b444e49ced1a46bde5a68933ccd09f","source":"cna@vuldb.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://vuldb.com/submit/811400","source":"cna@vuldb.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/364391","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/364391/cti","source":"cna@vuldb.com","tags":["Permissions Required","VDB Entry"]}]}},{"cve":{"id":"CVE-2026-26462","sourceIdentifier":"cve@mitre.org","published":"2026-05-18T15:16:25.230","lastModified":"2026-05-20T13:16:16.570","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Offline Hospital Management System 5.3.0 allows remote code execution due to an improper Electron renderer configuration. The application enables Node.js integration while disabling context isolation, allowing JavaScript executed in the renderer process to access Node.js APIs and execute arbitrary operating system commands."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-917"}]}],"references":[{"url":"https://medium.com/@husaainpalh/remote-code-execution-in-offline-hospital-management-system-cve-2026-26462-bc7ac54314c4","source":"cve@mitre.org"},{"url":"https://sourceforge.net/projects/hospital-management-system/files/","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-45434","sourceIdentifier":"security@apache.org","published":"2026-05-19T10:16:24.620","lastModified":"2026-05-20T17:16:24.717","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Authentication vulnerability in Apache OFBiz via Password-Change Logic Flaw Leading to Remote Code Execution\n\nThis issue affects Apache OFBiz: before 24.09.06.\n\nUsers are recommended to upgrade to version 24.09.06, which fixes the issue."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*","versionEndExcluding":"24.09.06","matchCriteriaId":"CEB63EC9-E307-4D7E-98E3-142E0225D178"}]}]}],"references":[{"url":"https://lists.apache.org/thread/yw4owrzl0yho1yx7oqxvr6xjkmln9tq8","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/19/29","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-46586","sourceIdentifier":"security@apache.org","published":"2026-05-19T10:16:24.733","lastModified":"2026-05-20T17:16:25.157","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') vulnerability in Apache OFBiz.\n\nThis issue affects Apache OFBiz: before 24.09.06.\n\nUsers are recommended to upgrade to version 24.09.06, which fixes the issue."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-94"},{"lang":"en","value":"CWE-95"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*","versionEndExcluding":"24.09.06","matchCriteriaId":"CEB63EC9-E307-4D7E-98E3-142E0225D178"}]}]}],"references":[{"url":"https://lists.apache.org/thread/7mgjl81nrpxqtfcg6h5qtrx7wztbl4js","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/19/30","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-37978","sourceIdentifier":"secalert@redhat.com","published":"2026-05-19T12:16:17.540","lastModified":"2026-05-20T17:16:21.650","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Keycloak. A low-privilege administrator with the 'view-clients' role can exploit this by invoking the 'evaluate-scopes' Admin API endpoints with an arbitrary user ID (userId) parameter. This vulnerability allows for cross-role personally identifiable information (PII) leakage, enabling unauthorized visibility into user identities and authorizations across the realm. Exploitation is possible remotely via network access to the Admin API."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:19596","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19597","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-37978","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455327","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-37979","sourceIdentifier":"secalert@redhat.com","published":"2026-05-19T12:16:18.330","lastModified":"2026-05-20T17:16:21.807","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Keycloak. This access control vulnerability in Keycloak's OpenID Connect (OIDC) token introspection endpoint allows a confidential client to bypass audience restrictions. An attacker-controlled client with valid credentials can retrieve sensitive token claims intended for other resource servers, compromising the confidentiality of lightweight access tokens. This issue can be exploited remotely by any confidential client in the realm with valid credentials."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:19596","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19597","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-37979","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455328","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-37981","sourceIdentifier":"secalert@redhat.com","published":"2026-05-19T12:16:18.463","lastModified":"2026-05-20T17:16:21.960","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Keycloak. A broken access control vulnerability in the Account Resources user lookup endpoint allows a remote authenticated user, who owns at least one User-Managed Access (UMA) resource, to enumerate and harvest personally identifiable information (PII) for all realm users. By sending crafted requests with arbitrary usernames or email values, the endpoint returns full profile objects for unrelated users. This leads to broad profile-level information disclosure."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1220"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:19596","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19597","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-37981","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455326","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-37982","sourceIdentifier":"secalert@redhat.com","published":"2026-05-19T12:16:18.610","lastModified":"2026-05-20T17:16:22.090","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay `ExecuteActionsActionToken` tokens within Keycloak's WebAuthn (Web Authentication) flow. By intercepting an execute-actions email link, an attacker can register their own authenticator to a victim's account. This leads to unauthorized enrollment of a hardware-backed credential, enabling persistent account takeover."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":5.2}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-294"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:19596","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19597","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-37982","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455329","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-43493","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-19T12:16:19.020","lastModified":"2026-05-20T17:16:23.517","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: pcrypt - Fix handling of MAY_BACKLOG requests\n\nMAY_BACKLOG requests can return EBUSY.  Handle them by checking\nfor that value and filtering out EINPROGRESS notifications."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"references":[{"url":"https://git.kernel.org/stable/c/46271895ddfb1ba41f89f7e0dffbe9c2bcf7380a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/77d55bc8675ee851ed639dc9be77325a8024cf67","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/915b692e6cb723aac658c25eb82c58fd81235110","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/9f1cbca178c03188e201ed175251372149bb25f2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/eb34e243df57e32f4c08fa191f3602ea19076276","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-4630","sourceIdentifier":"secalert@redhat.com","published":"2026-05-19T12:16:19.290","lastModified":"2026-05-20T17:16:27.240","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Keycloak. An authenticated client could exploit an Insecure Direct Object Reference (IDOR) vulnerability in the Authorization Services Protection API endpoint. By knowing or obtaining a resource's unique identifier (UUID) belonging to another Resource Server within the same realm, the client could bypass authorization checks. This allows the client to perform unauthorized GET, PUT, and DELETE operations on resources, leading to information disclosure and potential unauthorized modification or deletion of data."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":5.2}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:19596","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19597","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-4630","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450245","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-7307","sourceIdentifier":"secalert@redhat.com","published":"2026-05-19T12:16:19.423","lastModified":"2026-05-20T17:16:28.500","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the Security Assertion Markup Language (SAML) endpoint. This malicious input can cause high CPU usage and worker thread starvation, leading to a Denial of Service (DoS) where the server becomes unavailable."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1286"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:19594","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19595","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19596","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19597","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-7307","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2476526","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-7504","sourceIdentifier":"secalert@redhat.com","published":"2026-05-19T12:16:19.553","lastModified":"2026-05-20T17:16:28.723","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Keycloak's URL validation logic during redirect operations. By crafting a malicious request, an attacker could bypass validation to redirect users to unauthorized URLs, potentially leading to the exposure of sensitive information within the domain or facilitating further attacks. This vulnerability specifically affects Keycloak clients configured with a wildcard (*) in the \"Valid Redirect URIs\" field and requires user interaction to be successfully exploited.\n\nThe issue stems from a discrepancy in how Keycloak and the underlying Java URI implementation handle the user-info component of a URL. If a malicious redirect URL is constructed using multiple @ characters in the user-info section, Java's URI parser fails to extract the user-info, leaving only the raw authority field. Consequently, Keycloak's validation check fails to detect the malformed user-info, falls back to a wildcard comparison, and incorrectly permits the malicious redirect."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-601"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:19594","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19595","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19596","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19597","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-7504","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2464128","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-7507","sourceIdentifier":"secalert@redhat.com","published":"2026-05-19T12:16:19.687","lastModified":"2026-05-20T17:16:28.883","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A session fixation vulnerability was found in Keycloak's login-actions endpoints. An unauthenticated attacker could exploit this flaw by pre-creating an authentication session and tricking a victim into visiting a maliciously crafted link. By leveraging the /login-actions/restart endpoint—which processes session handles without adequate CSRF protection or cookie ownership validation—an attacker can reset the authentication flow state. This causes Single Sign-On (SSO) to authenticate the victim transparently upon clicking the link, allowing the attacker to hijack the required-action form without needing the victim's credentials. A successful exploit could lead to complete account takeover, including highly privileged administrative accounts."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-290"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:19594","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19595","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19596","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19597","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-7507","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2464145","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-7571","sourceIdentifier":"secalert@redhat.com","published":"2026-05-19T12:16:19.820","lastModified":"2026-05-20T17:16:29.030","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Keycloak. A low-privilege user, with knowledge of user credentials and client ID, can bypass a security control intended to disable the implicit flow in OpenID Connect (OIDC) clients. By manipulating client data during a session restart, an attacker can obtain an access token that should not be available. This vulnerability can also lead to the exposure of these access tokens in server logs, proxy logs, and HTTP Referrer headers, resulting in sensitive information disclosure."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-472"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:19596","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19597","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-7571","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2464263","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2025-40900","sourceIdentifier":"prodsec@nozominetworks.com","published":"2026-05-19T14:16:27.560","lastModified":"2026-05-20T17:35:46.070","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An Angular template injection vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing an Angular template payload, or a victim can be socially engineered to import a malicious report template. When the victim views or imports the report, the Angular template executes in their browser context, allowing the attacker to modify application data, or disrupt application availability. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration."}],"metrics":{"cvssMetricV40":[{"source":"prodsec@nozominetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"prodsec@nozominetworks.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.1,"impactScore":2.5}]},"weaknesses":[{"source":"prodsec@nozominetworks.com","type":"Primary","description":[{"lang":"en","value":"CWE-1336"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*","versionEndExcluding":"26.1.0","matchCriteriaId":"ADDB8845-2325-4017-82B0-96F27B254E0C"},{"vulnerable":true,"criteria":"cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*","versionEndExcluding":"26.1.0","matchCriteriaId":"643606B0-7E60-440E-9A83-A8EC6534F5CB"}]}]}],"references":[{"url":"https://security.nozominetworks.com/NN-2026:3-01","source":"prodsec@nozominetworks.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-47323","sourceIdentifier":"security@apache.org","published":"2026-05-19T14:16:48.653","lastModified":"2026-05-20T17:16:26.340","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Camel-CXF and Camel-Knative Message Header Injection via Missing Inbound Filtering\n\nThe CXF and Knative HeaderFilterStrategy implementations (CxfRsHeaderFilterStrategy in camel-cxf-rest, CxfHeaderFilterStrategy in camel-cxf-transport, and KnativeHttpHeaderFilterStrategy in camel-knative-http) only filter outbound Camel-internal headers via setOutFilterStartsWith, while not configuring inbound filtering via setInFilterStartsWith. As a result, an unauthenticated attacker can inject Camel-internal headers (e.g. CamelExecCommandExecutable, CamelFileName) via HTTP requests to CXF-RS or CXF-SOAP endpoints. When a route forwards messages from these endpoints to header-driven components such as camel-exec or camel-file, the injected headers override configured values, enabling remote code execution or arbitrary file writes. This is the same pattern that was previously addressed in camel-undertow (CVE-2025-30177), the broader incoming-header filter (CVE-2025-27636 and CVE-2025-29891), and non-HTTP strategies (CVE-2026-40453).\n\n\nThis issue affects Apache Camel: from 3.18.0 before 4.14.6, from 4.15.0 before 4.18.2.\n\nUsers are recommended to upgrade to version 4.19.0, which fixes the issue. If users are on the 4.18.x LTS releases stream, then they are suggested to upgrade to 4.18.2. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.6."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-178"}]}],"references":[{"url":"https://camel.apache.org/security/CVE-2026-47323.html","source":"security@apache.org"}]}},{"cve":{"id":"CVE-2026-8948","sourceIdentifier":"security@mozilla.org","published":"2026-05-19T14:16:51.027","lastModified":"2026-05-20T14:53:13.603","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Same-origin policy bypass in the DOM: Networking component. This vulnerability was fixed in Firefox 151 and Thunderbird 151."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-942"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"7C197B6D-C48E-4D7E-A1C0-52E081E97DF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"84A85BEB-6467-4CDB-A533-FA3AA67B1CAE"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2038803","source":"security@mozilla.org","tags":["Permissions Required"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-46/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-50/","source":"security@mozilla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8949","sourceIdentifier":"security@mozilla.org","published":"2026-05-19T14:16:51.140","lastModified":"2026-05-20T14:49:05.930","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Integer overflow in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*","versionEndExcluding":"140.11.0","matchCriteriaId":"51216802-B743-4D96-9262-A4B0ECB71A0E"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"7C197B6D-C48E-4D7E-A1C0-52E081E97DF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*","versionEndExcluding":"140.11","matchCriteriaId":"35057096-2597-4FB5-AACB-E68FBE0A11A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"84A85BEB-6467-4CDB-A533-FA3AA67B1CAE"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1355639","source":"security@mozilla.org","tags":["Permissions Required"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-46/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-48/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-50/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-51/","source":"security@mozilla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8950","sourceIdentifier":"security@mozilla.org","published":"2026-05-19T14:16:51.257","lastModified":"2026-05-20T15:00:29.693","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Same-origin policy bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.8}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-346"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*","versionEndExcluding":"140.11.0","matchCriteriaId":"51216802-B743-4D96-9262-A4B0ECB71A0E"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"7C197B6D-C48E-4D7E-A1C0-52E081E97DF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*","versionEndExcluding":"140.11","matchCriteriaId":"35057096-2597-4FB5-AACB-E68FBE0A11A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"F6DF6D4E-CB51-4F9E-89A0-6097B9DBDB5C"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1965430","source":"security@mozilla.org","tags":["Permissions Required"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-46/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-48/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-50/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-51/","source":"security@mozilla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8951","sourceIdentifier":"security@mozilla.org","published":"2026-05-19T14:16:51.370","lastModified":"2026-05-20T14:48:26.560","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Spoofing issue in the Toolbar component in Firefox for Android. This vulnerability was fixed in Firefox 151."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-290"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"7C197B6D-C48E-4D7E-A1C0-52E081E97DF0"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2018513","source":"security@mozilla.org","tags":["Permissions Required"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-46/","source":"security@mozilla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8952","sourceIdentifier":"security@mozilla.org","published":"2026-05-19T14:16:51.480","lastModified":"2026-05-20T17:16:29.823","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Privilege escalation in the Application Update component. This vulnerability was fixed in Firefox 151 and Thunderbird 151."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"7C197B6D-C48E-4D7E-A1C0-52E081E97DF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"84A85BEB-6467-4CDB-A533-FA3AA67B1CAE"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2021727","source":"security@mozilla.org","tags":["Permissions Required"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-46/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-50/","source":"security@mozilla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8955","sourceIdentifier":"security@mozilla.org","published":"2026-05-19T14:16:51.820","lastModified":"2026-05-20T17:16:29.980","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Privilege escalation in the DOM: Workers component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*","versionEndExcluding":"140.11.0","matchCriteriaId":"51216802-B743-4D96-9262-A4B0ECB71A0E"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"7C197B6D-C48E-4D7E-A1C0-52E081E97DF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*","versionEndExcluding":"140.11","matchCriteriaId":"35057096-2597-4FB5-AACB-E68FBE0A11A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"84A85BEB-6467-4CDB-A533-FA3AA67B1CAE"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2031064","source":"security@mozilla.org","tags":["Permissions Required"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-46/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-48/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-50/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-51/","source":"security@mozilla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8956","sourceIdentifier":"security@mozilla.org","published":"2026-05-19T14:16:51.943","lastModified":"2026-05-20T14:31:07.807","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Integer overflow in the Networking: JAR component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*","versionEndExcluding":"140.11.0","matchCriteriaId":"51216802-B743-4D96-9262-A4B0ECB71A0E"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"7C197B6D-C48E-4D7E-A1C0-52E081E97DF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*","versionEndExcluding":"140.11","matchCriteriaId":"35057096-2597-4FB5-AACB-E68FBE0A11A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"84A85BEB-6467-4CDB-A533-FA3AA67B1CAE"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2032427","source":"security@mozilla.org","tags":["Permissions Required"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-46/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-48/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-50/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-51/","source":"security@mozilla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8957","sourceIdentifier":"security@mozilla.org","published":"2026-05-19T14:16:52.057","lastModified":"2026-05-20T17:16:30.150","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Privilege escalation in the Enterprise Policies component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*","versionEndExcluding":"140.11.0","matchCriteriaId":"51216802-B743-4D96-9262-A4B0ECB71A0E"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"7C197B6D-C48E-4D7E-A1C0-52E081E97DF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*","versionEndExcluding":"140.11","matchCriteriaId":"35057096-2597-4FB5-AACB-E68FBE0A11A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"F6DF6D4E-CB51-4F9E-89A0-6097B9DBDB5C"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2033850","source":"security@mozilla.org","tags":["Permissions Required"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-46/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-48/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-50/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-51/","source":"security@mozilla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8958","sourceIdentifier":"security@mozilla.org","published":"2026-05-19T14:16:52.170","lastModified":"2026-05-20T15:01:41.923","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.0}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-668"},{"lang":"en","value":"CWE-693"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*","versionEndExcluding":"140.11.0","matchCriteriaId":"51216802-B743-4D96-9262-A4B0ECB71A0E"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"7C197B6D-C48E-4D7E-A1C0-52E081E97DF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*","versionEndExcluding":"140.11","matchCriteriaId":"35057096-2597-4FB5-AACB-E68FBE0A11A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"F6DF6D4E-CB51-4F9E-89A0-6097B9DBDB5C"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2034713","source":"security@mozilla.org","tags":["Permissions Required"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-46/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-48/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-50/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-51/","source":"security@mozilla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8959","sourceIdentifier":"security@mozilla.org","published":"2026-05-19T14:16:52.280","lastModified":"2026-05-20T14:28:29.307","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":6.0}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-119"},{"lang":"en","value":"CWE-693"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*","versionEndExcluding":"140.11.0","matchCriteriaId":"51216802-B743-4D96-9262-A4B0ECB71A0E"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"7C197B6D-C48E-4D7E-A1C0-52E081E97DF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*","versionEndExcluding":"140.11","matchCriteriaId":"35057096-2597-4FB5-AACB-E68FBE0A11A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"84A85BEB-6467-4CDB-A533-FA3AA67B1CAE"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2034754","source":"security@mozilla.org","tags":["Permissions Required"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-46/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-48/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-50/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-51/","source":"security@mozilla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8960","sourceIdentifier":"security@mozilla.org","published":"2026-05-19T14:16:52.383","lastModified":"2026-05-20T14:20:06.967","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Spoofing issue in WebExtensions. This vulnerability was fixed in Firefox 151 and Thunderbird 151."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-290"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"7C197B6D-C48E-4D7E-A1C0-52E081E97DF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"84A85BEB-6467-4CDB-A533-FA3AA67B1CAE"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1940116","source":"security@mozilla.org","tags":["Permissions Required"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-46/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-50/","source":"security@mozilla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8961","sourceIdentifier":"security@mozilla.org","published":"2026-05-19T14:16:52.490","lastModified":"2026-05-20T17:58:44.947","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Spoofing issue in the Form Autofill component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-290"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*","versionEndExcluding":"140.11.0","matchCriteriaId":"51216802-B743-4D96-9262-A4B0ECB71A0E"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"7C197B6D-C48E-4D7E-A1C0-52E081E97DF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*","versionEndExcluding":"140.11","matchCriteriaId":"35057096-2597-4FB5-AACB-E68FBE0A11A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"F6DF6D4E-CB51-4F9E-89A0-6097B9DBDB5C"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1962625","source":"security@mozilla.org","tags":["Permissions Required"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-46/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-48/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-50/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-51/","source":"security@mozilla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8962","sourceIdentifier":"security@mozilla.org","published":"2026-05-19T14:16:52.600","lastModified":"2026-05-20T17:56:52.173","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-693"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*","versionEndExcluding":"140.11.0","matchCriteriaId":"51216802-B743-4D96-9262-A4B0ECB71A0E"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"7C197B6D-C48E-4D7E-A1C0-52E081E97DF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*","versionEndExcluding":"140.11","matchCriteriaId":"35057096-2597-4FB5-AACB-E68FBE0A11A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"F6DF6D4E-CB51-4F9E-89A0-6097B9DBDB5C"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2004804","source":"security@mozilla.org","tags":["Permissions Required"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-46/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-48/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-50/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-51/","source":"security@mozilla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8963","sourceIdentifier":"security@mozilla.org","published":"2026-05-19T14:16:52.717","lastModified":"2026-05-20T14:57:19.880","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Spoofing issue in the Web Speech component. This vulnerability was fixed in Firefox 151 and Thunderbird 151."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-290"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"7C197B6D-C48E-4D7E-A1C0-52E081E97DF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"F6DF6D4E-CB51-4F9E-89A0-6097B9DBDB5C"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2021222","source":"security@mozilla.org","tags":["Permissions Required"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-46/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-50/","source":"security@mozilla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8964","sourceIdentifier":"security@mozilla.org","published":"2026-05-19T14:16:52.823","lastModified":"2026-05-20T14:57:04.170","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Spoofing issue in the Popup Blocker component. This vulnerability was fixed in Firefox 151 and Thunderbird 151."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-451"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"7C197B6D-C48E-4D7E-A1C0-52E081E97DF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"F6DF6D4E-CB51-4F9E-89A0-6097B9DBDB5C"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2025170","source":"security@mozilla.org","tags":["Permissions Required"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-46/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-50/","source":"security@mozilla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8965","sourceIdentifier":"security@mozilla.org","published":"2026-05-19T14:16:52.930","lastModified":"2026-05-20T17:51:46.440","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Information disclosure in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"7C197B6D-C48E-4D7E-A1C0-52E081E97DF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"F6DF6D4E-CB51-4F9E-89A0-6097B9DBDB5C"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2025740","source":"security@mozilla.org","tags":["Permissions Required"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-46/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-50/","source":"security@mozilla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8966","sourceIdentifier":"security@mozilla.org","published":"2026-05-19T14:16:53.043","lastModified":"2026-05-20T17:51:24.320","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 151 and Thunderbird 151."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"7C197B6D-C48E-4D7E-A1C0-52E081E97DF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"F6DF6D4E-CB51-4F9E-89A0-6097B9DBDB5C"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2025849","source":"security@mozilla.org","tags":["Permissions Required"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-46/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-50/","source":"security@mozilla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8967","sourceIdentifier":"security@mozilla.org","published":"2026-05-19T14:16:53.160","lastModified":"2026-05-20T17:57:45.130","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Information disclosure in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 151 and Thunderbird 151."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"7C197B6D-C48E-4D7E-A1C0-52E081E97DF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"F6DF6D4E-CB51-4F9E-89A0-6097B9DBDB5C"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2027173","source":"security@mozilla.org","tags":["Permissions Required"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-46/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-50/","source":"security@mozilla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8968","sourceIdentifier":"security@mozilla.org","published":"2026-05-19T14:16:53.277","lastModified":"2026-05-20T14:56:28.700","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*","versionEndExcluding":"140.11.0","matchCriteriaId":"51216802-B743-4D96-9262-A4B0ECB71A0E"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"7C197B6D-C48E-4D7E-A1C0-52E081E97DF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*","versionEndExcluding":"140.11","matchCriteriaId":"35057096-2597-4FB5-AACB-E68FBE0A11A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"F6DF6D4E-CB51-4F9E-89A0-6097B9DBDB5C"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2030467","source":"security@mozilla.org","tags":["Permissions Required"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-46/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-48/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-50/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-51/","source":"security@mozilla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8969","sourceIdentifier":"security@mozilla.org","published":"2026-05-19T14:16:53.390","lastModified":"2026-05-20T14:55:56.467","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-693"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"7C197B6D-C48E-4D7E-A1C0-52E081E97DF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"84A85BEB-6467-4CDB-A533-FA3AA67B1CAE"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2031123","source":"security@mozilla.org","tags":["Permissions Required"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-46/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-50/","source":"security@mozilla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8970","sourceIdentifier":"security@mozilla.org","published":"2026-05-19T14:16:53.500","lastModified":"2026-05-20T17:34:49.203","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Privilege escalation in the Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*","versionEndExcluding":"140.11.0","matchCriteriaId":"51216802-B743-4D96-9262-A4B0ECB71A0E"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"7C197B6D-C48E-4D7E-A1C0-52E081E97DF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*","versionEndExcluding":"140.11","matchCriteriaId":"35057096-2597-4FB5-AACB-E68FBE0A11A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"F6DF6D4E-CB51-4F9E-89A0-6097B9DBDB5C"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2032174","source":"security@mozilla.org","tags":["Permissions Required"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-46/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-48/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-50/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-51/","source":"security@mozilla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8971","sourceIdentifier":"security@mozilla.org","published":"2026-05-19T14:16:53.633","lastModified":"2026-05-20T14:41:14.490","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 151 and Thunderbird 151."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-346"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"7C197B6D-C48E-4D7E-A1C0-52E081E97DF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"84A85BEB-6467-4CDB-A533-FA3AA67B1CAE"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2032604","source":"security@mozilla.org","tags":["Permissions Required"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-46/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-50/","source":"security@mozilla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8972","sourceIdentifier":"security@mozilla.org","published":"2026-05-19T14:16:53.753","lastModified":"2026-05-20T17:16:31.407","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Privilege escalation in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 151 and Thunderbird 151."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"7C197B6D-C48E-4D7E-A1C0-52E081E97DF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"84A85BEB-6467-4CDB-A533-FA3AA67B1CAE"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2033275","source":"security@mozilla.org","tags":["Permissions Required"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-46/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-50/","source":"security@mozilla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8973","sourceIdentifier":"security@mozilla.org","published":"2026-05-19T14:16:53.860","lastModified":"2026-05-20T17:50:51.490","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Memory safety bugs present in Thunderbird 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151 and Thunderbird 151."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"7C197B6D-C48E-4D7E-A1C0-52E081E97DF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"F6DF6D4E-CB51-4F9E-89A0-6097B9DBDB5C"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1362365%2C1860538%2C1929005%2C1983353%2C1998526%2C2023271%2C2023943%2C2024244%2C2024260%2C2024443%2C2024665%2C2024774%2C2024916%2C2025346%2C2025357%2C2025406%2C2025434%2C2025488%2C2025496%2C2025942%2C2025947%2C2025968%2C2026279%2C2027159%2C2027239%2C2027276%2C2027308%2C2027310%2C2027324%2C2027329%2C2027363%2C2027381%2C2027382%2C2027383%2C2028274%2C2028884%2C2029060%2C2029065%2C2029068%2C2029281%2C2029293%2C2029297%2C2029303%2C2029439%2C2029448%2C2029703%2C2029720%2C2029721%2C2029723%2C2029770%2C2029771%2C2029782%2C2029818%2C2029885%2C2030100%2C2030379%2C2030385%2C2030979%2C2031119%2C2031122%2C2034119%2C2034791%2C2035209%2C2036666%2C2037986","source":"security@mozilla.org","tags":["Broken Link"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-46/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-50/","source":"security@mozilla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8974","sourceIdentifier":"security@mozilla.org","published":"2026-05-19T14:16:53.977","lastModified":"2026-05-20T18:13:14.840","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Memory safety bugs present in Thunderbird 140.10 and Thunderbird 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*","versionEndExcluding":"140.11.0","matchCriteriaId":"51216802-B743-4D96-9262-A4B0ECB71A0E"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"7C197B6D-C48E-4D7E-A1C0-52E081E97DF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*","versionEndExcluding":"140.11","matchCriteriaId":"35057096-2597-4FB5-AACB-E68FBE0A11A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"F6DF6D4E-CB51-4F9E-89A0-6097B9DBDB5C"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1784128%2C1883230%2C1983677%2C2022390%2C2023116%2C2023657%2C2024255%2C2024418%2C2024441%2C2024447%2C2024966%2C2025412%2C2025467%2C2025940%2C2025950%2C2025956%2C2026284%2C2027247%2C2027255%2C2027288%2C2027306%2C2027322%2C2027332%2C2027333%2C2028266%2C2028292%2C2028319%2C2028526%2C2028870%2C2028876%2C2028882%2C2029062%2C2029309%2C2029414%2C2029422%2C2029428%2C2029447%2C2029732%2C2029785%2C2029793%2C2029813%2C2029899%2C2031028%2C2031457%2C2032039%2C2033610%2C2033854%2C2034498%2C2034628%2C2034978%2C2035966%2C2036668%2C2036905%2C2036930","source":"security@mozilla.org","tags":["Broken Link"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-46/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-48/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-50/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-51/","source":"security@mozilla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8975","sourceIdentifier":"security@mozilla.org","published":"2026-05-19T14:16:54.090","lastModified":"2026-05-20T17:16:31.980","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Memory safety bugs present in Thunderbird 140.10 and Thunderbird 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*","versionEndExcluding":"115.36.0","matchCriteriaId":"E536CDC4-A298-44F5-B599-64CB64AD8F01"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"7C197B6D-C48E-4D7E-A1C0-52E081E97DF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*","versionStartIncluding":"140.0","versionEndExcluding":"140.11.0","matchCriteriaId":"59F64F78-F9C5-44CE-8A45-803C1A4E0688"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*","versionEndExcluding":"140.11","matchCriteriaId":"35057096-2597-4FB5-AACB-E68FBE0A11A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"F6DF6D4E-CB51-4F9E-89A0-6097B9DBDB5C"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1860195%2C2029325%2C2029429%2C2029910%2C2035915%2C2038678%2C2038669","source":"security@mozilla.org","tags":["Permissions Required"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-46/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-47/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-48/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-50/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-51/","source":"security@mozilla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-30117","sourceIdentifier":"cve@mitre.org","published":"2026-05-19T16:16:19.980","lastModified":"2026-05-20T14:16:39.693","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"scalar/astro v0.1.13 was discovered to contain an arbitrary file upload vulnerability in the the scalar_url query parameter of the Scalar Proxy endpoint. This vulnerability allows attackers to execute arbitrary code via uploading a crafted SVG file."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/prassan10/XSS-Open-Redirect-via-scalar_url","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-30118","sourceIdentifier":"cve@mitre.org","published":"2026-05-19T16:16:20.103","lastModified":"2026-05-20T14:16:39.930","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"scalar/astro v0.1.13 was discovered to contain a Server-Side Request Forgery (SSRF) in the scalar_url query parameter of the Scalar Proxy endpoint. This vulnerability allows unauthenticated attackers to force the backend server to send HTTP requests to attacker-controlled URLs, leading to authentication cookies and headers exposure and possible privilege escalation."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/prassan10/ssrf-zero-click-ato-scalar","source":"cve@mitre.org"},{"url":"https://github.com/prassan10/ssrf-zero-click-ato-scalar","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-31069","sourceIdentifier":"cve@mitre.org","published":"2026-05-19T16:16:20.230","lastModified":"2026-05-20T14:16:40.150","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"BillaBear (all versions prior to Jan 2026) contains a SQL Injection vulnerability in the EventRepository. User-controlled input from metric filter names and aggregation properties is directly interpolated into SQL queries using sprintf() without proper sanitization or identifier quoting. Although filter values are parameterized, the filter identifiers (keys) are not. An authenticated attacker with ROLE_ACCOUNT_MANAGER permissions can exploit this to execute arbitrary SQL commands."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://gist.github.com/nedlir/2377ba6e7fa2ad957210b52aa8e400d9","source":"cve@mitre.org"},{"url":"https://gist.github.com/nedlir/a50725b94650467f0593b8f4009ae19e","source":"cve@mitre.org"},{"url":"https://github.com/BillaBear/billabear","source":"cve@mitre.org"},{"url":"https://gist.github.com/nedlir/a50725b94650467f0593b8f4009ae19e","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-31070","sourceIdentifier":"cve@mitre.org","published":"2026-05-19T16:16:20.363","lastModified":"2026-05-20T14:16:40.350","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The LalanaChami Pharmacy Management System (commit 5c3d028) allows unauthenticated remote attackers to escalate privileges by self-assigning an administrative role during registration. The /api/user/signup endpoint fails to validate the role parameter in the request body"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"references":[{"url":"https://gist.github.com/nedlir/22bf6d1a3a07209be3e343744bc81d51","source":"cve@mitre.org"},{"url":"https://github.com/LalanaChami/Pharmacy-Mangment-System/blob/5c3d02888631166649856f71d542387114b3010b/backend/routes/user.js#L16","source":"cve@mitre.org"},{"url":"https://gist.github.com/nedlir/22bf6d1a3a07209be3e343744bc81d51","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-31071","sourceIdentifier":"cve@mitre.org","published":"2026-05-19T16:16:20.490","lastModified":"2026-05-20T14:16:40.560","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"API endpoints in LalanaChami Pharmacy Management System (commit 5c3d028) lack authentication middleware. Unauthenticated remote attackers can exploit this to dump all user records (including bcrypt password hashes) via /api/user/getUserData, modify drug inventory, and access private medical prescription data via /api/doctorOder."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://gist.github.com/nedlir/bc8ad4693c53256819280e8f5de49286","source":"cve@mitre.org"},{"url":"https://github.com/LalanaChami/Pharmacy-Mangment-System/tree/5c3d02888631166649856f71d542387114b3010b/backend/routes","source":"cve@mitre.org"},{"url":"https://gist.github.com/nedlir/bc8ad4693c53256819280e8f5de49286","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-31072","sourceIdentifier":"cve@mitre.org","published":"2026-05-19T16:16:20.610","lastModified":"2026-05-20T17:16:20.947","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The JSONSerializer and CBORSerializer in APScheduler (all versions including 3.10.x and 4.0.0a5) are vulnerable to Remote Code Execution (RCE) via Insecure Deserialization. The unmarshal_object function allows for arbitrary class instantiation and state injection by dynamically importing modules and calling __setstate__ on any class available in the Python environment. An attacker can exploit this by submitting a specially crafted JSON or CBOR payload to an application using these serializers"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://gist.github.com/nedlir/11fb77f35a59cbba73392a086b02a9c6","source":"cve@mitre.org"},{"url":"https://github.com/agronholm/apscheduler","source":"cve@mitre.org"},{"url":"https://gist.github.com/nedlir/11fb77f35a59cbba73392a086b02a9c6","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-37281","sourceIdentifier":"cve@mitre.org","published":"2026-05-19T16:16:21.420","lastModified":"2026-05-20T17:16:21.467","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An OS command injection vulnerability in the /stream-to-vlc Express route in hitarth-gg Zenshin before 2.7.0 allows remote attackers to execute arbitrary commands via the url parameter."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://gist.github.com/MitruStefan/cf016709252aabbec7f95b7a70e0cfba","source":"cve@mitre.org"},{"url":"https://github.com/hitarth-gg/zenshin","source":"cve@mitre.org"},{"url":"https://github.com/hitarth-gg/zenshin/commit/7d31c6edfbac978f0ad44c66d761bab9dcd2fa27","source":"cve@mitre.org"},{"url":"https://gist.github.com/MitruStefan/cf016709252aabbec7f95b7a70e0cfba","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-8706","sourceIdentifier":"security@mozilla.org","published":"2026-05-19T16:16:22.580","lastModified":"2026-05-20T14:23:35.800","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another application on the same device to request arbitrary URLs and receive the response rendered with the signed-in user's cookies. This vulnerability was fixed in Firefox for iOS 151.0."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:iphone_os:*:*","versionEndExcluding":"151.0","matchCriteriaId":"4D85DC2E-0C29-40ED-B967-4E01D016EC4C"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2036618","source":"security@mozilla.org","tags":["Permissions Required"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-49/","source":"security@mozilla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-47356","sourceIdentifier":"vulnreport@tenable.com","published":"2026-05-19T17:16:22.680","lastModified":"2026-05-20T14:23:20.603","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via the webhook_url parameter in the file scan endpoint (POST /v1/{iac}/{iacVersion}/{cloud}/local/file/scan) when running in server mode. An unauthenticated remote attacker can supply an arbitrary URL as the webhook_url multipart form parameter. After scanning the uploaded file, Terrascan sends an HTTP POST request to the attacker-controlled URL containing the full scan results as a JSON body, with the attacker-supplied webhook_token forwarded as a Bearer token in the Authorization header. The retryable HTTP client retries up to 10 times on failure. This affects deployments running terrascan in server mode (terrascan server), which binds to 0.0.0.0 with no authentication. Note: Terrascan was archived in August 2023 and no patch will be released."}],"metrics":{"cvssMetricV40":[{"source":"vulnreport@tenable.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"vulnreport@tenable.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.0}]},"weaknesses":[{"source":"vulnreport@tenable.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tenable:terrascan:*:*:*:*:*:*:*:*","versionEndIncluding":"1.18.3","matchCriteriaId":"1C8F7B29-FEB9-4252-980D-2788D8AF0DDB"}]}]}],"references":[{"url":"https://github.com/tenable/terrascan","source":"vulnreport@tenable.com","tags":["Product"]}]}},{"cve":{"id":"CVE-2026-47357","sourceIdentifier":"vulnreport@tenable.com","published":"2026-05-19T17:16:22.863","lastModified":"2026-05-20T14:23:12.183","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via the remote_url parameter in the remote directory scan endpoint (POST /v1/{iac}/{iacVersion}/{cloud}/remote/dir/scan) when running in server mode. An unauthenticated remote attacker can supply an attacker-controlled HTTP URL as remote_url with remote_type set to \"http\". The URL is passed directly to hashicorp/go-getter (v1.7.5) without validation. Go-getter's HttpGetter supports the X-Terraform-Get response header, allowing the attacker's server to redirect the download to a file:// URL, enabling local file read. Additionally, HttpGetter has Netrc set to true, causing it to read ~/.netrc and send stored credentials to attacker-controlled hostnames. This affects deployments running terrascan in server mode (terrascan server), which binds to 0.0.0.0 with no authentication. Note: Terrascan was archived in August 2023 and no patch will be released."}],"metrics":{"cvssMetricV40":[{"source":"vulnreport@tenable.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"vulnreport@tenable.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.0}]},"weaknesses":[{"source":"vulnreport@tenable.com","type":"Secondary","description":[{"lang":"en","value":"CWE-73"},{"lang":"en","value":"CWE-610"},{"lang":"en","value":"CWE-918"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tenable:terrascan:*:*:*:*:*:*:*:*","versionEndIncluding":"1.18.3","matchCriteriaId":"1C8F7B29-FEB9-4252-980D-2788D8AF0DDB"}]}]}],"references":[{"url":"https://github.com/tenable/terrascan","source":"vulnreport@tenable.com","tags":["Product"]}]}},{"cve":{"id":"CVE-2026-47358","sourceIdentifier":"vulnreport@tenable.com","published":"2026-05-19T17:16:23.023","lastModified":"2026-05-20T14:18:30.710","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via external URL resolution in uploaded IaC templates when running in server mode. When Terrascan parses uploaded ARM templates or CloudFormation templates, it resolves external URLs referenced within those templates via hashicorp/go-getter with all default detectors enabled, including FileDetector. An unauthenticated remote attacker can upload an ARM template containing a templateLink.uri or parametersLink.uri field, or a CloudFormation template containing an AWS::CloudFormation::Stack TemplateURL field, pointing to an attacker-controlled URL. Terrascan will fetch the attacker-controlled URL server-side. Unlike SSRF via the remote scan endpoint, file:// URLs are directly usable without requiring an X-Terraform-Get redirect, enabling local file read. This affects deployments running terrascan in server mode (terrascan server), which binds to 0.0.0.0 with no authentication. Note: Terrascan was archived in August 2023 and no patch will be released."}],"metrics":{"cvssMetricV40":[{"source":"vulnreport@tenable.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"vulnreport@tenable.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.0}]},"weaknesses":[{"source":"vulnreport@tenable.com","type":"Secondary","description":[{"lang":"en","value":"CWE-73"},{"lang":"en","value":"CWE-610"},{"lang":"en","value":"CWE-918"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tenable:terrascan:*:*:*:*:*:*:*:*","versionEndIncluding":"1.18.3","matchCriteriaId":"1C8F7B29-FEB9-4252-980D-2788D8AF0DDB"}]}]}],"references":[{"url":"https://github.com/tenable/terrascan","source":"vulnreport@tenable.com","tags":["Product"]}]}},{"cve":{"id":"CVE-2026-47107","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-19T18:16:22.167","lastModified":"2026-05-20T13:16:38.933","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Windmill prior to 1.703.2 contains an incorrect default permissions vulnerability in nsjail sandbox configuration files where /etc is bind-mounted without read-write restrictions, allowing authenticated users to write arbitrary entries to /etc/hosts, /etc/resolv.conf, and /etc/ssl/certs/ca-certificates.crt from within script execution sandboxes. Attackers can exploit persistent poisoned entries across all subsequent script executions on the same worker pod to redirect hostnames, intercept DNS queries, perform transparent HTTPS man-in-the-middle attacks, and intercept WM_TOKEN JWTs to gain workspace-admin access to other users' workspaces."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-276"}]}],"references":[{"url":"https://github.com/windmill-labs/windmill/commit/f8467f38c8a053117ce62f96684cfb15ef792f08","source":"disclosure@vulncheck.com"},{"url":"https://github.com/windmill-labs/windmill/pull/9194","source":"disclosure@vulncheck.com"},{"url":"https://github.com/windmill-labs/windmill/releases/tag/v1.703.2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/windmill-incorrect-default-permissions-in-nsjail-configuration","source":"disclosure@vulncheck.com"},{"url":"https://github.com/windmill-labs/windmill/pull/9194","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-32738","sourceIdentifier":"security-advisories@github.com","published":"2026-05-19T19:16:48.823","lastModified":"2026-05-20T14:17:41.080","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samples_per_chunk=0 in the stsc box causes an unsigned integer underflow in the Chunk constructor (m_last_sample = 0 + 0 - 1 = UINT32_MAX), mapping all samples to an empty chunk and resulting in a denial of service. When any sample is accessed, the library reads from index 0 of an empty std::vector, causing a guaranteed SEGV (null-page read). The file parses successfully without producing an error; the crash occurs on the first frame access. This issue has been fixed in version 1.22.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"},{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:struktur:libheif:*:*:*:*:*:*:*:*","versionEndExcluding":"1.22.0","matchCriteriaId":"CB01CAAF-1D64-461B-8CC0-3CF2FBAC60A5"}]}]}],"references":[{"url":"https://github.com/strukturag/libheif/security/advisories/GHSA-7f2h-cmpf-v9ww","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/strukturag/libheif/security/advisories/GHSA-7f2h-cmpf-v9ww","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-33741","sourceIdentifier":"security-advisories@github.com","published":"2026-05-19T19:16:49.463","lastModified":"2026-05-20T14:16:42.190","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below allow authenticated users to upload SVG attachments through normal attachment-capable fields and later serve those SVG files as top-level inline documents through both the attachment and image entry points, resulting in stored cross-user XSS reachable through a normal attachment workflow. Although inline SVG script is blocked by the response CSP, the same CSP still allows same-origin external script. As a result, an attacker can upload a malicious SVG together with a second attacker-controlled JavaScript attachment, then trick another user into opening the SVG to execute JavaScript in the victim's EspoCRM origin. This issue has been fixed in version 9.3.4."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.1,"impactScore":4.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/espocrm/espocrm/security/advisories/GHSA-5wh5-ccv2-m3pv","source":"security-advisories@github.com"},{"url":"https://github.com/espocrm/espocrm/security/advisories/GHSA-5wh5-ccv2-m3pv","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-32739","sourceIdentifier":"security-advisories@github.com","published":"2026-05-19T20:16:18.780","lastModified":"2026-05-20T14:17:13.740","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in Box_stts::get_sample_duration(), consuming 100% CPU indefinitely with zero progress, leading to DoS. The loop has no iteration limit or timeout and is triggered during file open (parsing) - before any user interaction or image decoding. The process stays alive (no crash, no error logged), making it invisible to crash-based monitoring. This issue has been fixed in version 1.22.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-835"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:struktur:libheif:*:*:*:*:*:*:*:*","versionEndExcluding":"1.22.0","matchCriteriaId":"CB01CAAF-1D64-461B-8CC0-3CF2FBAC60A5"}]}]}],"references":[{"url":"https://github.com/strukturag/libheif/releases/tag/v1.22.0","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/strukturag/libheif/security/advisories/GHSA-j9g7-q9hv-gq8c","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/strukturag/libheif/security/advisories/GHSA-j9g7-q9hv-gq8c","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-57798","sourceIdentifier":"security-advisories@github.com","published":"2026-05-19T21:16:40.817","lastModified":"2026-05-20T16:16:24.953","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.6.14 and prior contain a Denial of Service (DoS) vulnerability in the title input functionality due to a lack of proper length validation. This flaw allows an attacker to cause an Out Of Memory (OOM) error and subsequent program termination by inserting an excessively long string into a note's title. This can be triggered either through direct user interface (UI) input or programmatically via the local web service API after compromising an authentication token. There are 2 primary methods of exploitation: via User Interface (UI) Input, and the Local Web Service API. A local user can directly type or paste an extremely long string into the title field when creating or editing a note Joplin runs a local web service (typically on port 41184) that allows programmatic interaction, such as creating or editing notes via HTTP API calls. If an attacker manages to exfiltrate or compromise the user's authentication token (e.g., through malware on the local system, or other local vulnerabilities), they can then send a crafted HTTP POST request to this local API. By including an excessively long string in the title parameter of this request, the application will attempt to allocate an unbounded amount of memory. This issue has been patched in version 3.7.1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://github.com/laurent22/joplin/commit/5b8795da446a5a40c9e212c98b35e368ffce628e","source":"security-advisories@github.com"},{"url":"https://github.com/laurent22/joplin/security/advisories/GHSA-6jm8-gr87-q69x","source":"security-advisories@github.com"},{"url":"https://github.com/laurent22/joplin/security/advisories/GHSA-6jm8-gr87-q69x","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-32741","sourceIdentifier":"security-advisories@github.com","published":"2026-05-19T21:16:42.073","lastModified":"2026-05-20T17:16:21.133","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and below contain a heap buffer overflow in MaskImageCodec::decode_mask_image(). When decoding a HEIF file containing a mask image (mski), the function copies the full iloc extent data into a pixel buffer using memcpy(dst, data.data(), data.size()). The copy length data.size() is determined by the iloc extent in the file (attacker-controlled), while the destination buffer is sized based on the declared image dimensions. Because no upper-bound check exists on the data length, a crafted file whose iloc extent exceeds the pixel buffer allocation overflows the heap. The vulnerable single-memcpy branch is reached when the mskC property specifies bits_per_pixel = 8 and the ispe property declares an even width ≥ 64 (so that stride == width), with no changes to default security limits or external codec plugins required. This issue has been fixed in version 1.22.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":4.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]}],"references":[{"url":"https://github.com/strukturag/libheif/releases/tag/v1.22.0","source":"security-advisories@github.com"},{"url":"https://github.com/strukturag/libheif/security/advisories/GHSA-j3w5-7whq-p37q","source":"security-advisories@github.com"},{"url":"https://github.com/strukturag/libheif/security/advisories/GHSA-j3w5-7whq-p37q","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-32814","sourceIdentifier":"security-advisories@github.com","published":"2026-05-19T21:16:42.223","lastModified":"2026-05-20T14:16:41.740","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, when decoding a HEIF grid image with strict_decoding=false (the default), a corrupted tile silently fails to decode and the library returns heif_error_Ok with no indication of failure, leading to an uninitialized heap memory information leak. The canvas is allocated via create_clone_image_at_new_size() → plane.alloc() → new (std::nothrow) uint8_t[allocation_size] which does not zero the memory; only the alpha plane is explicitly initialized via fill_plane(), so the Y, Cb, and Cr planes contain whatever was previously at that heap address. The failed tile's region of the canvas is never written. It retains uninitialized heap data that is delivered to the caller as decoded pixel values (4,096 bytes per Y/Cb/Cr plane = 12,288+ bytes total). Any application using libheif to decode grid-based HEIF/AVIF files with default settings is vulnerable: a crafted .heic or .avif file causes 4,096+ bytes of heap memory to appear as pixel values in the decoded image, and the calling application receives heif_error_Ok, so it has no indication the output contains heap garbage. In server-side image processing, an uploaded crafted HEIF decoded and re-encoded (e.g., as PNG/JPEG for thumbnails, CDN, social media) can leak cross-user data such as auth tokens, database results, and other users' image data. This issue has been fixed in version 1.22.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-908"}]}],"references":[{"url":"https://github.com/strukturag/libheif/releases/tag/v1.22.0","source":"security-advisories@github.com"},{"url":"https://github.com/strukturag/libheif/security/advisories/GHSA-4m8r-34pg-rvwc","source":"security-advisories@github.com"},{"url":"https://github.com/strukturag/libheif/security/advisories/GHSA-4m8r-34pg-rvwc","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-32882","sourceIdentifier":"security-advisories@github.com","published":"2026-05-19T21:16:42.363","lastModified":"2026-05-20T18:16:26.880","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap buffer over-read in HeifPixelImage::overlay() in libheif/pixelimage.cc. When compositing an overlay image (iovl) whose child image has a different bit depth for the alpha channel than for the color channels, the function indexes into the alpha plane using the color channel stride (in_stride) instead of the previously retrieved alpha_stride, causing reads past the end of the alpha buffer (up to 3,123 bytes for a 100×50 image with 10-bit color and 8-bit alpha). A crafted HEIF file can exploit this to cause a denial of service (crash) or potentially disclose adjacent heap memory through leaked bytes embedded in the decoded output pixels. This issue has been fixed in versionThis issue has been fixed in version 1.22.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":4.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"references":[{"url":"https://github.com/strukturag/libheif/releases/tag/v1.22.0","source":"security-advisories@github.com"},{"url":"https://github.com/strukturag/libheif/security/advisories/GHSA-hg7q-rjr2-8x46","source":"security-advisories@github.com"},{"url":"https://github.com/strukturag/libheif/security/advisories/GHSA-hg7q-rjr2-8x46","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-34216","sourceIdentifier":"security-advisories@github.com","published":"2026-05-19T21:16:42.570","lastModified":"2026-05-20T14:06:33.993","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the admin settings update endpoint accepted a fully qualified class name directly from user-supplied request input and used it for dynamic static method calls and object instantiation without any allowlist validation, allowing for authenticated Remote Code Execution. An authenticated admin-level user could supply an arbitrary class name available in the Composer autoloader, potentially triggering unintended constructor or magic method execution. The update() method reads settings_class directly from the HTTP request and passed it to new $settings_class() and $settings_class::getValidations() without verifying that the provided value corresponds to a legitimate settings class: Because PHP resolves class names against the Composer autoloader at runtime, any autoloadable class in the application or its dependencies could be instantiated. Depending on the classes available in the dependency tree, this can trigger unintended side effects through constructors or magic methods (__construct, __toString, __wakeup), following a PHP object injection / gadget chain pattern. This issue has been fixed in version 1.2.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.7,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-470"}]}],"references":[{"url":"https://github.com/Ctrlpanel-gg/panel/releases/tag/1.2.0","source":"security-advisories@github.com"},{"url":"https://github.com/Ctrlpanel-gg/panel/security/advisories/GHSA-vcg3-fjrx-rg5q","source":"security-advisories@github.com"},{"url":"https://github.com/Ctrlpanel-gg/panel/security/advisories/GHSA-vcg3-fjrx-rg5q","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-34233","sourceIdentifier":"security-advisories@github.com","published":"2026-05-19T21:16:42.720","lastModified":"2026-05-20T14:06:33.993","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, multiple admin controllers expose DataTable endpoints without authorization checks, allowing any authenticated user to access sensitive administrative data that should be restricted to administrators only. The affected admin controllers define datatable() methods that are reachable via GET requests but lack any permission or role verification. Because the routes fall under the /admin/ prefix, operators may assume they are protected - however, the middleware applied to this route group does not enforce admin-level authorization on these specific endpoints. As a result, any authenticated user (regardless of role) can query these endpoints and receive paginated JSON responses containing sensitive records. Exploitation can result in enumeration of user PII, payment and transaction records, active voucher and coupon codes, role and permission structure, server ownership mappings and support ticket contents. This issue has been fixed in version 1.2.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-284"},{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/Ctrlpanel-gg/panel/releases/tag/1.2.0","source":"security-advisories@github.com"},{"url":"https://github.com/Ctrlpanel-gg/panel/security/advisories/GHSA-mj5g-j7fq-7hc4","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-39250","sourceIdentifier":"cve@mitre.org","published":"2026-05-19T21:16:42.863","lastModified":"2026-05-20T14:25:17.977","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An authorization vulnerability exists in Innoshop 0.6.0. After logging into the frontend, an attacker can directly access backend application interfaces, leading to further dangerous operations."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://gist.github.com/hkdmh/4af513ea7589212cb1d49bc5d972972e","source":"cve@mitre.org"},{"url":"https://www.innoshop.com/","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2023-7345","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-19T22:16:35.180","lastModified":"2026-05-20T14:16:35.753","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Ledger Live with vulnerable versions of ledgerhq/hw-app-eth prior to 6.34.7 contains an integer parsing vulnerability that allows attackers to manipulate EIP-712 typed data messages by exploiting incorrect hexadecimal field parsing when values contain an odd number of characters. Attackers can obtain signatures on truncated or misinterpreted message values to authorize unintended blockchain transactions, such as asset transfers at incorrect amounts."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-704"}]}],"references":[{"url":"https://donjon.ledger.com/lsb/020/","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/ledger-live-hw-app-eth-eip-712-message-parsing-integer-truncation","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2024-36343","sourceIdentifier":"psirt@amd.com","published":"2026-05-19T22:16:35.420","lastModified":"2026-05-20T14:04:24.967","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Improper input validation in the System Management Mode (SMM) communications buffer could allow a privileged attacker to perform an out of bounds read or write to a limited section of the Top of Memory Segment (TSEG) memory region, potentially resulting in loss of confidentiality or integrity."}],"metrics":{"cvssMetricV40":[{"source":"psirt@amd.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"psirt@amd.com","type":"Secondary","description":[{"lang":"en","value":"CWE-124"}]}],"references":[{"url":"https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3030.html","source":"psirt@amd.com"},{"url":"https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4017.html","source":"psirt@amd.com"}]}},{"cve":{"id":"CVE-2025-15645","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-19T22:16:36.187","lastModified":"2026-05-20T14:16:36.080","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Ledger Nano X, Flex, and Stax devices contain a denial of service vulnerability in the MCU firmware update process due to missing validation of the reset_handler parameter during firmware flashing. An attacker can provide a crafted reset_handler address pointing to invalid memory or attacker-controlled code to cause the device to enter an unrecoverable fault state during boot, resulting in permanent loss of operability."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":0.9,"impactScore":3.6}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1284"}]}],"references":[{"url":"https://donjon.ledger.com/lsb/021/","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/ledger-nano-x-flex-stax-mcu-firmware-update-denial-of-service","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-34234","sourceIdentifier":"security-advisories@github.com","published":"2026-05-19T22:16:37.123","lastModified":"2026-05-20T17:16:21.257","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the web-based installer (public/installer/index.php) is vulnerable to unauthenticated Remote Code Execution (RCE) because it performs the install.lock check only after including and executing form handler files, leaving installer endpoints reachable on already-installed instances. The handlers also pass unsanitized user input directly into shell commands, allowing an attacker to submit crafted requests that execute arbitrary commands on the server. The vulnerability stems from two combined weaknesses: (1) premature form handler execution before the lock file gate, and (2) unsafe use of user input in shell command construction. This issue is reported to be actively exploited in the wild. The issue has been fixed in version 1.2.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"},{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://github.com/Ctrlpanel-gg/panel/releases/tag/1.2.0","source":"security-advisories@github.com"},{"url":"https://github.com/Ctrlpanel-gg/panel/security/advisories/GHSA-jmhr-q9q5-fqwh","source":"security-advisories@github.com"},{"url":"https://github.com/Ctrlpanel-gg/panel/security/advisories/GHSA-jmhr-q9q5-fqwh","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-34241","sourceIdentifier":"security-advisories@github.com","published":"2026-05-19T22:16:37.297","lastModified":"2026-05-20T16:16:25.253","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting (XSS) vulnerability in the ticket reply notification system. Unsanitized reply content ($newmessage) is stored directly in database notification payloads and later rendered unescaped via Blade's {!! !!} syntax in the recipient's browser. The flaw exists in both App\\Notifications\\Ticket\\Admin\\AdminReplyNotification (triggered when a user replies, targeting admins) and App\\Notifications\\Ticket\\User\\ReplyNotification (triggered when an admin replies, targeting users), allowing arbitrary JavaScript execution in the victim's session context. A low-privileged attacker can exploit this to hijack admin sessions, harvest credentials via fake login prompts or keyloggers, and escalate privileges by performing administrative actions on the victim's behalf. The reverse path also enables a malicious or compromised admin to target regular users in the same manner. This issue has been fixed in version 1.2.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":5.8}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/Ctrlpanel-gg/panel/releases/tag/1.2.0","source":"security-advisories@github.com"},{"url":"https://github.com/Ctrlpanel-gg/panel/security/advisories/GHSA-cmrr-q3hw-3vqh","source":"security-advisories@github.com"},{"url":"https://github.com/Ctrlpanel-gg/panel/security/advisories/GHSA-cmrr-q3hw-3vqh","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-34246","sourceIdentifier":"security-advisories@github.com","published":"2026-05-19T22:16:37.460","lastModified":"2026-05-20T18:16:26.987","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting (XSS) vulnerability exists in the admin role management interface. In app/Http/Controllers/Admin/RoleController.php, the datatable() method interpolates $role->name and $role->color directly into a <span> element's HTML and style attribute without sanitization, and the chained .rawColumns(['actions', 'name']) call instructs DataTables to render the name column as raw HTML, bypassing automatic output escaping. An admin with role creation or edit permissions can inject a payload such as <img src=x onerror=\"alert('XSS_POC')\"> into the name or color fields, which is persisted to the database and executes in the browser of every admin who loads the /admin/roles page. This enables session hijacking via cookie theft, credential harvesting through fake login prompts or keyloggers, lateral privilege escalation by performing admin actions on behalf of victims, and a persistent backdoor that re-executes on every page load until the malicious role record is removed. This issue has been resolved in version 1.2.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-80"},{"lang":"en","value":"CWE-116"}]}],"references":[{"url":"https://github.com/Ctrlpanel-gg/panel/releases/tag/1.2.0","source":"security-advisories@github.com"},{"url":"https://github.com/Ctrlpanel-gg/panel/security/advisories/GHSA-wpqj-xwhq-2mmh","source":"security-advisories@github.com"},{"url":"https://github.com/Ctrlpanel-gg/panel/security/advisories/GHSA-wpqj-xwhq-2mmh","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-34358","sourceIdentifier":"security-advisories@github.com","published":"2026-05-19T22:16:37.637","lastModified":"2026-05-20T16:16:25.360","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contains a broken access control vulnerability where multiple admin controllers enforce permission checks on form display methods but omit equivalent checks on the corresponding write methods, allowing any authenticated user to bypass RBAC via direct POST/PATCH requests. Controllers missing checks on write methods store() and update() include ApplicationApiController (admin.api.write), CouponController (admin.coupons.write), PartnerController (admin.partners.write), ShopProductController (admin.store.write), UsefulLinkController (admin.useful_links.write), and VoucherController (admin.voucher.write); ProductController (admin.products.edit), ServerController (write/change_owner/change_identifier), and UserController (write/change_email/change_credits/change_username/change_password/change_role/change_referral/change_ptero/change_serverlimit) are missing checks on update() only, and ActivityLogController exposed empty stub store()/update() methods that silently accepted any request. An authenticated attacker without admin write privileges can issue API credentials, generate unlimited coupons and vouchers, assign arbitrary partner commission and discount rates, alter shop product pricing and limits, reassign server ownership or identifiers, and modify user accounts including roles, credits, passwords, and linked Pterodactyl IDs to achieve full privilege escalation, as well as abuse logBackIn() without the login_as permission to interfere with admin impersonation sessions. This issue has been fixed in version 1.2.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"},{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/Ctrlpanel-gg/panel/releases/tag/1.2.0","source":"security-advisories@github.com"},{"url":"https://github.com/Ctrlpanel-gg/panel/security/advisories/GHSA-pxmw-gj52-9p68","source":"security-advisories@github.com"},{"url":"https://github.com/Ctrlpanel-gg/panel/security/advisories/GHSA-pxmw-gj52-9p68","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-34390","sourceIdentifier":"security-advisories@github.com","published":"2026-05-19T22:16:37.807","lastModified":"2026-05-20T14:06:33.993","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior have a Privilege Escalation vulnerability where insufficient access control checks in ProjectUsersAddCommand (manage_proj_user_add.php) allow users having manage_project_threshold access level (manager by default) to grant project-level administrator access to any user (including themselves) in any Project they have manager rights in. The normal project-user add form restricts the selectable access levels to the actor's own project role or below. However, the backend handler still accepts a forged higher access_level value and writes it. The consequences of the privilege escalation are slight, as having administrator access at Project level is effectively not very different from being manager, and it does not actually give administrator privileges on the whole MantisBT instance. In particular, it does not let the upgraded user delete the Project or grant them any access to global administrative functions such as managing Users, Projects, Plugins, Custom Fields, etc. This issue has been fixed in version 2.28.2."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://github.com/mantisbt/mantisbt/commit/69e0180f180ed5acf48a8d281a73683a7bf32461","source":"security-advisories@github.com"},{"url":"https://github.com/mantisbt/mantisbt/security/advisories/GHSA-frf7-jhp9-jxm6","source":"security-advisories@github.com"},{"url":"https://mantisbt.org/bugs/view.php?id=36995","source":"security-advisories@github.com"},{"url":"https://mantisbt.org/bugs/view.php?id=37002","source":"security-advisories@github.com"},{"url":"https://mantisbt.org/bugs/view.php?id=36995","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"},{"url":"https://mantisbt.org/bugs/view.php?id=37002","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-34463","sourceIdentifier":"security-advisories@github.com","published":"2026-05-19T22:16:37.980","lastModified":"2026-05-20T14:06:33.993","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior contain a Stored XSS vulnerability. When cloning an issue originating from a Project other than the current one, the clone form (bug_report_page.php) prepends the source Project name before the category selector without proper escaping, allowing an attacker able to to inject HTML if they can set the Project's name (which typically requires manager or administrator access level). This issue has been resolved in version 2.28.2."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/mantisbt/mantisbt/commit/df22697ae497ddd93f3d9132fdf4979db8d081cd","source":"security-advisories@github.com"},{"url":"https://github.com/mantisbt/mantisbt/security/advisories/GHSA-fvjf-68wh-rwp2","source":"security-advisories@github.com"},{"url":"https://mantisbt.org/bugs/view.php?id=36986","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-5090","sourceIdentifier":"9b29abf9-4ab0-4765-b253-1875cd9b441e","published":"2026-05-19T22:16:39.003","lastModified":"2026-05-20T14:17:02.610","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected.\n\nThe html_filter function did not escape single quotes. HTML attributes inside of single quotes could be have code injected.  For example, the variable \"var\" in\n\n    <a id='ref' title='[% var | html %]'>\n\nwould not be properly escaped. An attacker could insert some limited HTML and JavaScript, for example,\n\n    var = \" ' onclick='while (true) { alert(1) }'\"\n\nNote that arbitrary HTML and JavaScript would be difficult to inject, because angle brackets, ampersands and double-quotes would still be escaped."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/abw/Template2/issues/327","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://github.com/abw/Template2/pull/337/changes/11c78a7a771d4af505efeb754a0b8775689c2eae","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"http://www.openwall.com/lists/oss-security/2026/05/19/40","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-34579","sourceIdentifier":"security-advisories@github.com","published":"2026-05-19T23:16:57.137","lastModified":"2026-05-20T14:06:33.993","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior are vulnerable to Authorization Bypass through the private issue monitoring feature . Using a crafted POST request to bug_monitor_add.php, a user with project-level access can add themselves as a monitor for a private issue they do not have access to. Despite displaying an Access Denied error, the application accepts the request and creates a monitor relationship for the private issue. Direct access to the private issue remains blocked, but the user will receive email notifications for updates, leading to disclosure of the private issue's metadata and content. This issue has been fixed in version 2.28.2."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/mantisbt/mantisbt/commit/0a93267deba445fb9d15250c16e6fdb1246ffa65","source":"security-advisories@github.com"},{"url":"https://github.com/mantisbt/mantisbt/security/advisories/GHSA-ggw7-9675-6v4v","source":"security-advisories@github.com"},{"url":"https://mantisbt.org/bugs/view.php?id=36975","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-34600","sourceIdentifier":"security-advisories@github.com","published":"2026-05-19T23:16:57.290","lastModified":"2026-05-20T16:16:25.463","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.5.2 and prior contain a logic error in the delta API that allows share recipients to download notes that are no longer shared with them, related to but not fully fixed by the prior patch in #14289. In ChangeModel.delta, when DELTA_INCLUDES_ITEMS is enabled (the default), the latest state of items is attached to delta output without verifying that those items are still shared with the requesting user, and the existing removal logic only filters items deleted for all users. Additionally, the change compression logic incorrectly reduces create - delete to NOOP, which is unsafe because compression is applied per page and an item can have multiple create events; if an earlier create falls on a separate page from a later create -> delete pair, the deletion is dropped and the sequence collapses to a create. As a result, the delta API returns a create event for a deleted item with the full latest content attached, exposing notes the user no longer has access to. This issue has been fixed in version 3.5.3."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-281"},{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/laurent22/joplin/issues/14110","source":"security-advisories@github.com"},{"url":"https://github.com/laurent22/joplin/pull/14289","source":"security-advisories@github.com"},{"url":"https://github.com/laurent22/joplin/security/advisories/GHSA-88x4-77rc-jw94","source":"security-advisories@github.com"},{"url":"https://github.com/laurent22/joplin/security/advisories/GHSA-88x4-77rc-jw94","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-34744","sourceIdentifier":"security-advisories@github.com","published":"2026-05-19T23:16:57.443","lastModified":"2026-05-20T14:06:33.993","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior permit a user to list and download their own attachments from an Issue created by another user even after it becomes private, bypassing read access revocation. The loss of confidentiality caused by this vulnerability is minimal, considering that only attachments previously uploaded by the user themselves remain accessible. This issue has been fixed in version 2.82.2."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-281"}]}],"references":[{"url":"https://github.com/mantisbt/mantisbt/commit/de7bdeec36de066235e38a77bf056917d951c84d","source":"security-advisories@github.com"},{"url":"https://github.com/mantisbt/mantisbt/security/advisories/GHSA-rmp5-5jj7-gmvf","source":"security-advisories@github.com"},{"url":"https://mantisbt.org/bugs/view.php?id=36977","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-6365","sourceIdentifier":"mlhess@drupal.org","published":"2026-05-19T23:16:58.103","lastModified":"2026-05-20T22:59:58.117","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\") vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).\n\nThis issue affects Drupal core: from 8.0.0 before 10.5.9, from 10.6.0 before 10.6.7, from 11.0.0 before 11.2.11, from 11.3.0 before 11.3.7."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"mlhess@drupal.org","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"10.5.9","matchCriteriaId":"8326F74A-316D-4017-9A1A-8ED8F093363B"},{"vulnerable":true,"criteria":"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*","versionStartIncluding":"10.6.0","versionEndExcluding":"10.6.7","matchCriteriaId":"C85BA74C-BFE9-4547-8BB0-091E9FBB7BF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0.0","versionEndExcluding":"11.2.11","matchCriteriaId":"2A5FFDBD-3AB7-48A2-BFF5-B35F78AFDB76"},{"vulnerable":true,"criteria":"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*","versionStartIncluding":"11.3.0","versionEndExcluding":"11.3.7","matchCriteriaId":"E2562EDF-52F1-4415-A686-0CCED9DB3651"}]}]}],"references":[{"url":"https://www.drupal.org/sa-core-2026-001","source":"mlhess@drupal.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-6366","sourceIdentifier":"mlhess@drupal.org","published":"2026-05-19T23:16:58.233","lastModified":"2026-05-20T22:59:40.930","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.\n\nThis issue affects Drupal core: from 8.0.0 before 10.5.9, from 10.6.0 before 10.6.7, from 11.0.0 before 11.2.11, from 11.3.0 before 11.3.7."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.7,"impactScore":5.9}]},"weaknesses":[{"source":"mlhess@drupal.org","type":"Secondary","description":[{"lang":"en","value":"CWE-915"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"10.5.9","matchCriteriaId":"8326F74A-316D-4017-9A1A-8ED8F093363B"},{"vulnerable":true,"criteria":"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*","versionStartIncluding":"10.6.0","versionEndExcluding":"10.6.7","matchCriteriaId":"C85BA74C-BFE9-4547-8BB0-091E9FBB7BF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0.0","versionEndExcluding":"11.2.11","matchCriteriaId":"2A5FFDBD-3AB7-48A2-BFF5-B35F78AFDB76"},{"vulnerable":true,"criteria":"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*","versionStartIncluding":"11.3.0","versionEndExcluding":"11.3.7","matchCriteriaId":"E2562EDF-52F1-4415-A686-0CCED9DB3651"}]}]}],"references":[{"url":"https://www.drupal.org/sa-core-2026-002","source":"mlhess@drupal.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-6367","sourceIdentifier":"mlhess@drupal.org","published":"2026-05-19T23:16:58.353","lastModified":"2026-05-20T22:58:38.920","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\") vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).\n\nThis issue affects Drupal core: from 11.3.0 before 11.3.7."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"mlhess@drupal.org","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*","versionStartIncluding":"11.3.0","versionEndExcluding":"11.3.7","matchCriteriaId":"E2562EDF-52F1-4415-A686-0CCED9DB3651"}]}]}],"references":[{"url":"https://www.drupal.org/sa-core-2026-003","source":"mlhess@drupal.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8491","sourceIdentifier":"mlhess@drupal.org","published":"2026-05-19T23:16:58.740","lastModified":"2026-05-20T18:16:27.980","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Node View Permissions allows Forceful Browsing.\n\nThis issue affects Node View Permissions: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.1."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4}]},"weaknesses":[{"source":"mlhess@drupal.org","type":"Secondary","description":[{"lang":"en","value":"CWE-754"}]}],"references":[{"url":"https://www.drupal.org/sa-contrib-2026-034","source":"mlhess@drupal.org"}]}},{"cve":{"id":"CVE-2026-8492","sourceIdentifier":"mlhess@drupal.org","published":"2026-05-19T23:16:58.860","lastModified":"2026-05-20T18:16:28.137","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Modification of Assumed-Immutable Data (MAID) vulnerability in Drupal Translate Drupal with GTranslate allows Resource Location Spoofing.\n\nThis issue affects Translate Drupal with GTranslate: from 0.0.0 before 3.0.5."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N","baseScore":2.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":1.4}]},"weaknesses":[{"source":"mlhess@drupal.org","type":"Secondary","description":[{"lang":"en","value":"CWE-471"}]}],"references":[{"url":"https://www.drupal.org/sa-contrib-2026-035","source":"mlhess@drupal.org"}]}},{"cve":{"id":"CVE-2026-8493","sourceIdentifier":"mlhess@drupal.org","published":"2026-05-19T23:16:58.987","lastModified":"2026-05-20T18:16:28.287","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\") vulnerability in Drupal Colorbox Inline allows Cross-Site Scripting (XSS).\n\nThis issue affects Colorbox Inline: from 0.0.0 before 2.1.1."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"mlhess@drupal.org","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://www.drupal.org/sa-contrib-2026-036","source":"mlhess@drupal.org"}]}},{"cve":{"id":"CVE-2026-8495","sourceIdentifier":"mlhess@drupal.org","published":"2026-05-19T23:16:59.117","lastModified":"2026-05-20T18:16:28.440","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in Drupal Date iCal allows Forceful Browsing.\n\nThis issue affects Date iCal: from 0.0.0 before 4.0.15."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"mlhess@drupal.org","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://www.drupal.org/sa-contrib-2026-037","source":"mlhess@drupal.org"}]}},{"cve":{"id":"CVE-2026-34754","sourceIdentifier":"security-advisories@github.com","published":"2026-05-20T00:16:34.857","lastModified":"2026-05-20T14:06:33.993","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior allow an authenticated user to upload attachments to private Issues they are not authorized to access. This issue has been fixed in version 2.28.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://github.com/mantisbt/mantisbt/commit/b262b4d2835b81394d75356dead66e52a6275206","source":"security-advisories@github.com"},{"url":"https://github.com/mantisbt/mantisbt/security/advisories/GHSA-h4x5-gvx6-3rwc","source":"security-advisories@github.com"},{"url":"https://mantisbt.org/bugs/view.php?id=36976","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-34970","sourceIdentifier":"security-advisories@github.com","published":"2026-05-20T00:16:35.560","lastModified":"2026-05-20T14:06:33.993","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior allow a bugnote author to access the note's Revisions page after losing access to the parent private issue. This issue has been fixed in version 2.28.2."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://github.com/mantisbt/mantisbt/commit/71df1f67e05b2050cd4bd87839e6cc13747cf03f","source":"security-advisories@github.com"},{"url":"https://github.com/mantisbt/mantisbt/security/advisories/GHSA-crmx-4p49-46m2","source":"security-advisories@github.com"},{"url":"https://mantisbt.org/bugs/view.php?id=36978","source":"security-advisories@github.com"},{"url":"https://mantisbt.org/bugs/view.php?id=36978","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-35593","sourceIdentifier":"security-advisories@github.com","published":"2026-05-20T00:16:37.433","lastModified":"2026-05-20T14:16:50.653","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Trilium Notes is an open-source, cross-platform hierarchical note taking application for building large personal knowledge bases. Versions 0.102.1 and prior are vulnerable to Local File Inclusion, allowing an authenticated attacker to read sensitive arbitrary files from the server's filesystem. The uploadModifiedFileToAttachment function, which is called when a POST request is received to /api/attachments/{attachmentId}/upload-modified-file, replaces the content of the attachment with the content from another file (whose path is provided in filePath of Request body). After which the content of the attachment can be viewed at /api/attachments/{attachmentId}/download. This exposes sensitive system files such as SSH keys, credentials, configs, and OS files, potentially leading to remote code execution and compromise of co-hosted applications. This issue has been fixed in version 0.102.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":4.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-73"}]}],"references":[{"url":"https://github.com/TriliumNext/Trilium/releases/tag/v0.102.2","source":"security-advisories@github.com"},{"url":"https://github.com/TriliumNext/Trilium/security/advisories/GHSA-hf4x-22rg-pjjp","source":"security-advisories@github.com"},{"url":"https://github.com/TriliumNext/Trilium/security/advisories/GHSA-hf4x-22rg-pjjp","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-39309","sourceIdentifier":"security-advisories@github.com","published":"2026-05-20T00:16:37.613","lastModified":"2026-05-20T17:16:22.433","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Electron configuration is vulnerable to TCC Bypass via Prompt Spoofing, allowing local attackers to trigger misleading macOS permission prompts by running malicious code under the identity of the trusted app. The root cause is that the RunAsNode fuse allows launching the app in a special Node.js mode using -e to execute arbitrary system commands with Trilium Notes's permissions and identity. An attacker can leverage this through a subprocess to request any sensitive permissions, such as access to hardware (camera, microphone) and TCC-protected files, causing the TCC system prompt to appear as if the request came from Trilium rather than the attacker's code, because macOS treats the subprocess as part of the parent application. Exploitation allows access to TCC-protected resources like the screen, camera, microphone, and folders such as ~/Documents and ~/Downloads, undermining macOS's security model and UI integrity through social engineering. This issue has been fixed in version 0.102.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-290"},{"lang":"en","value":"CWE-451"}]}],"references":[{"url":"https://github.com/TriliumNext/Trilium/releases/tag/v0.102.2","source":"security-advisories@github.com"},{"url":"https://github.com/TriliumNext/Trilium/security/advisories/GHSA-66pm-8hvq-2wwx","source":"security-advisories@github.com"},{"url":"https://github.com/TriliumNext/Trilium/security/advisories/GHSA-66pm-8hvq-2wwx","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-45585","sourceIdentifier":"secure@microsoft.com","published":"2026-05-20T00:16:44.380","lastModified":"2026-05-20T16:42:42.177","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as &quot;YellowKey&quot;. The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices.\nWe are issuing this CVE to provide mitigation guidance that can be implemented to protect against this vulnerability until the security update is made available."}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.9,"impactScore":5.9}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-77"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*","matchCriteriaId":"1799DC19-34BA-42B4-A6DC-02774202DE22"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*","matchCriteriaId":"AAAB3FDE-4FF2-47DE-9BDA-25B2855054E7"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:*","matchCriteriaId":"DA9F6F61-46D3-4ECD-8B5D-1484222B7364"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*","matchCriteriaId":"9B12238F-DF99-4247-B645-259C3FD98F61"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585","source":"secure@microsoft.com","tags":["Vendor Advisory","Mitigation"]},{"url":"https://github.com/Nightmare-Eclipse/YellowKey","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-3985","sourceIdentifier":"security@wordfence.com","published":"2026-05-20T02:16:35.570","lastModified":"2026-05-20T13:54:54.890","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Creative Mail – Easier WordPress & WooCommerce Email Marketing plugin for WordPress is vulnerable to SQL Injection via the 'checkout_uuid' parameter in all versions up to, and including, 1.6.9. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in the `has_checkout_consent()` method. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/creative-mail-by-constant-contact/tags/1.6.9/src/Managers/CheckoutManager.php#L100","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/creative-mail-by-constant-contact/tags/1.6.9/src/Managers/DatabaseManager.php#L298","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/creative-mail-by-constant-contact/trunk/src/Managers/DatabaseManager.php#L298","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/39c17935-a853-407f-a99d-3828561919e6?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-5293","sourceIdentifier":"security@wordfence.com","published":"2026-05-20T02:16:37.053","lastModified":"2026-05-20T13:54:54.890","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The 診断ジェネレータ作成プラグイン (Diagnosis Generator) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'js' parameter in versions up to and including 1.4.16. This is due to missing authorization checks and insufficient input sanitization in the themeFunc() function. The function is hooked to 'admin_init' and processes theme update requests without verifying user capabilities, allowing any authenticated user (including subscribers) to save malicious JavaScript to theme files. Additionally, the save() function uses stripslashes() which removes WordPress's magic quotes protection. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in theme files that will execute whenever a user accesses a page containing the diagnosis form shortcode."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/os-diagnosis-generator/tags/1.4.16/class/themeClass.php#L26","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/os-diagnosis-generator/tags/1.4.16/class/themeClass.php#L39","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/os-diagnosis-generator/tags/1.4.16/diagnosisAdminClass.php#L409","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/os-diagnosis-generator/tags/1.4.16/include_files/user-viewFormPage.php#L102","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/os-diagnosis-generator/trunk/class/themeClass.php#L26","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/os-diagnosis-generator/trunk/class/themeClass.php#L39","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/os-diagnosis-generator/trunk/diagnosisAdminClass.php#L409","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/os-diagnosis-generator/trunk/include_files/user-viewFormPage.php#L102","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c5293c0f-90b0-41df-a623-90297d998c41?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-6072","sourceIdentifier":"security@wordfence.com","published":"2026-05-20T02:16:37.207","lastModified":"2026-05-20T13:54:54.890","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.4.2.6. The plugin protects its entire /wp-json/pos-bridge/* REST API namespace through the oliver_pos_rest_authentication() permission callback, which uses a loose PHP comparison (==) to compare the attacker-supplied 'OliverAuth' header value against the 'oliver_pos_authorization_token' option. On fresh installations where the admin has not yet completed the connection flow, this option is unset (get_option returns false). Due to PHP's type juggling, the loose comparison '0' == false evaluates to true, allowing an unauthenticated attacker to bypass authentication by sending 'OliverAuth: 0'. This grants full access to all POS API endpoints, enabling attackers to read user data (including administrator details), update user profiles (including email addresses), and delete non-admin users. An admin account email reset can lead to site takeover."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":4.2}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/oliver-pos/tags/2.4.2.6/includes/class-pos-bridge-user.php#L170","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/oliver-pos/tags/2.4.2.6/includes/class-pos-bridge-user.php#L195","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/oliver-pos/tags/2.4.2.6/includes/class-pos-bridge-user.php#L231","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/oliver-pos/tags/2.4.2.6/includes/class-pos-bridge.php#L1677","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/oliver-pos/tags/2.4.2.6/includes/class-pos-bridge.php#L1679","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/oliver-pos/trunk/includes/class-pos-bridge-user.php#L170","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/oliver-pos/trunk/includes/class-pos-bridge-user.php#L195","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/oliver-pos/trunk/includes/class-pos-bridge-user.php#L231","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/oliver-pos/trunk/includes/class-pos-bridge.php#L1677","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/oliver-pos/trunk/includes/class-pos-bridge.php#L1679","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ca6aa922-9c58-445c-b88a-3d1d1c95102c?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-6391","sourceIdentifier":"security@wordfence.com","published":"2026-05-20T02:16:37.347","lastModified":"2026-05-20T13:54:54.890","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Sentence To SEO (keywords, description and tags) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the create_admin_page() function. This makes it possible for unauthenticated attackers to inject malicious web scripts and update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/sentence-to-seo/tags/1.0/index.php#L50","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/sentence-to-seo/tags/1.0/index.php#L75","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/sentence-to-seo/tags/1.0/index.php#L81","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/sentence-to-seo/tags/1.0/index.php#L87","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/sentence-to-seo/trunk/index.php#L50","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/sentence-to-seo/trunk/index.php#L75","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/sentence-to-seo/trunk/index.php#L81","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/sentence-to-seo/trunk/index.php#L87","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/add32c06-90d0-466f-b176-aaae55cf03fb?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-6394","sourceIdentifier":"security@wordfence.com","published":"2026-05-20T02:16:37.490","lastModified":"2026-05-20T13:54:54.890","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Nexa Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Server-Side Request Forgery (SSRF) in versions up to and including 1.1.1. This is due to the import_demo() function accepting a user-supplied URL in the demo_json_file POST parameter and passing it directly to wp_remote_get() without any URL validation or restriction against internal or private network destinations. The nexa_blocks_nonce required for the AJAX action is publicly exposed in the HTML source of any frontend page where the plugin is active via wp_localize_script on the enqueue_block_assets hook, effectively making the nonce available to all visitors and bypassing any intended authentication barrier. This makes it possible for unauthenticated attackers to make server-side HTTP requests to arbitrary internal or external destinations, potentially exposing internal services, cloud metadata endpoints such as the AWS instance metadata service, localhost services, and other resources not intended to be publicly accessible. A secondary SSRF vector also exists whereby image URLs extracted from the attacker-controlled JSON response are subsequently fetched via a second wp_remote_get() call, allowing chained exploitation through a crafted JSON payload."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":2.7}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/nexa-blocks/tags/1.1.1/inc/classes/enqueue-assets.php#L84","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/nexa-blocks/tags/1.1.1/inc/template/template.php#L236","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/nexa-blocks/tags/1.1.1/inc/template/template.php#L242","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/nexa-blocks/trunk/inc/classes/enqueue-assets.php#L84","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/nexa-blocks/trunk/inc/template/template.php#L236","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/nexa-blocks/trunk/inc/template/template.php#L242","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b4bb3067-7953-466d-a469-8a101450f133?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-6395","sourceIdentifier":"security@wordfence.com","published":"2026-05-20T02:16:37.627","lastModified":"2026-05-20T13:54:54.890","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Word 2 Cash plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Stored Cross-Site Scripting in versions up to and including 0.9.2. This is due to the complete absence of nonce verification on the settings save handler in the w2c_admin() function, combined with missing input sanitization before storage and missing output escaping when rendering the stored value. The w2c-definitions POST parameter is saved raw via update_option() and later echoed without escaping inside a <textarea> element. This makes it possible for unauthenticated attackers to forge a request on behalf of a logged-in administrator, storing arbitrary JavaScript payloads that execute in the WordPress admin panel whenever the settings page is visited."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/word-2-cash/tags/0.9.2/word2cash.php#L18","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/word-2-cash/tags/0.9.2/word2cash.php#L20","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/word-2-cash/tags/0.9.2/word2cash.php#L31","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/word-2-cash/trunk/word2cash.php#L18","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/word-2-cash/trunk/word2cash.php#L20","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/word-2-cash/trunk/word2cash.php#L31","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e4c7ca5c-38aa-4413-83eb-29185cca2a74?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-6397","sourceIdentifier":"security@wordfence.com","published":"2026-05-20T02:16:37.770","lastModified":"2026-05-20T13:54:54.890","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Sticky plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `cvmh-sticky` shortcode `readmoretext` attribute in versions up to and including 2.5.6. This is due to insufficient input sanitization and output escaping in the `cvmh_sticky_front_render()` function — the `readmoretext` attribute value is passed through `apply_filters()` and directly concatenated into the HTML output without any escaping function such as `esc_html()`. This makes it possible for authenticated attackers with Contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses a page containing the injected shortcode."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/sticky/tags/2.5.6/includes/functions.php#L118","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/sticky/tags/2.5.6/includes/shortcode.php#L7","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/sticky/trunk/includes/functions.php#L118","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/sticky/trunk/includes/shortcode.php#L7","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/135783c5-8175-4775-a013-f1e2bef04479?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-6399","sourceIdentifier":"security@wordfence.com","published":"2026-05-20T02:16:37.920","lastModified":"2026-05-20T13:54:54.890","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The General Options plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.1.0. This is due to the use of sanitize_text_field() for output escaping in the Contact Number (ad_contact_number) field — a function that strips HTML tags but does not encode double-quote characters to their HTML entity equivalent (&quot;). When the stored value is echoed inside a double-quoted HTML attribute (value=\"...\"), an attacker-supplied double-quote character breaks out of the attribute context. Even with WordPress's wp_magic_quotes mechanism (which prefixes quotes with a backslash), the resulting \\\" sequence is NOT treated as an escaped quote by HTML parsers — the backslash is rendered as a literal character and the bare double-quote still closes the attribute. This makes it possible for authenticated attackers with Administrator-level access and above to inject arbitrary web scripts in the admin settings page that will execute whenever any administrator visits the General Options settings page."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.3,"impactScore":2.7}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/general-options/tags/1.1.0/direct-action.php","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/general-options/tags/1.1.0/direct-main.php","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/general-options/trunk/direct-action.php","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/general-options/trunk/direct-main.php","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d29c69bb-4feb-477e-b18f-934ece21aff6?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-6400","sourceIdentifier":"security@wordfence.com","published":"2026-05-20T02:16:38.067","lastModified":"2026-05-20T13:54:54.890","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Child Height Predictor by Ostheimer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.3. This is due to missing nonce verification in the options() function, which handles plugin settings updates. The form template does not include a wp_nonce_field() call, and the handler never calls check_admin_referer() or wp_verify_nonce(). This makes it possible for unauthenticated attackers to trick a site administrator into clicking a link or visiting a malicious page that submits a forged POST request, causing unauthorized changes to the plugin settings such as unit preferences to be persisted to the database via update_option()."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/child-height-predictor/tags/1.3/childheight.php#L135","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/child-height-predictor/tags/1.3/childheight.php#L149","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/child-height-predictor/trunk/childheight.php#L135","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/child-height-predictor/trunk/childheight.php#L149","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/dc1681a8-5f2e-45f1-96d9-797b13644607?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-6401","sourceIdentifier":"security@wordfence.com","published":"2026-05-20T02:16:38.213","lastModified":"2026-05-20T13:54:54.890","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Bottom Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 0.1.7. This is due to missing nonce verification on the plugin's settings update forms handled in bottom-bar-admin.php. None of the three settings forms (main settings, sharing services, restore defaults) include a wp_nonce_field(), and the server-side processing code never calls check_admin_referer() or any equivalent nonce validation before processing POST data and calling update_option(). This makes it possible for unauthenticated attackers to trick a logged-in administrator into submitting a crafted request that updates plugin configuration options, such as changing the language, maximum post counts, or enabled sharing services."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/bottom-bar/tags/0.1.7/bottom-bar-admin.php#L16","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/bottom-bar/tags/0.1.7/bottom-bar-admin.php#L59","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/bottom-bar/trunk/bottom-bar-admin.php#L16","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/bottom-bar/trunk/bottom-bar-admin.php#L59","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/db0715ed-a06e-4a68-b9c3-408887cae113?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-6404","sourceIdentifier":"security@wordfence.com","published":"2026-05-20T02:16:38.357","lastModified":"2026-05-20T13:54:54.890","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Anomify AI – Anomaly Detection and Alerting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'anomify_api_key' parameter in versions up to and including 0.3.6. This is due to insufficient input sanitization and missing output escaping: the plugin applies sanitize_text_field() to the Metric Data Key input before saving it via update_option(), but sanitize_text_field() strips HTML tags without encoding double-quote characters, and the value is then echoed directly into an HTML attribute context (value=\"...\") without esc_attr(). This makes it possible for authenticated attackers with administrator-level access to inject arbitrary web scripts that execute whenever a user visits the plugin's settings page."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.3,"impactScore":2.7}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/anomify/tags/0.3.6/Anomify/Config.php#L152","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/anomify/tags/0.3.6/Anomify/Wp/Admin.php#L32","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/anomify/tags/0.3.6/Anomify/Wp/includes/admin_options.php#L43","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/anomify/trunk/Anomify/Config.php#L152","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/anomify/trunk/Anomify/Wp/Admin.php#L32","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/anomify/trunk/Anomify/Wp/includes/admin_options.php#L43","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4036057c-0c43-4d9c-97db-4861d91a4daa?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-6452","sourceIdentifier":"security@wordfence.com","published":"2026-05-20T02:16:38.497","lastModified":"2026-05-20T13:54:54.890","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Bigfishgames Syndicate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the bigfishgames_syndicate_submenu() function. This makes it possible for unauthenticated attackers to reset plugin settings and update them via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/bigfishgames-syndicate/tags/1.2/bigfishgames-syndicate.php#L169","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/bigfishgames-syndicate/tags/1.2/bigfishgames-syndicate.php#L238","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/bigfishgames-syndicate/trunk/bigfishgames-syndicate.php#L169","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/bigfishgames-syndicate/trunk/bigfishgames-syndicate.php#L238","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/67877a2e-a45d-4674-b749-05d9217ef6bf?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-6456","sourceIdentifier":"security@wordfence.com","published":"2026-05-20T02:16:38.637","lastModified":"2026-05-20T13:54:54.890","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Account Switcher plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.2. This is due to the `rememberLogin` REST API endpoint using a loose comparison (`!=` instead of `!==`) for secret validation at `app/RestAPI.php:111`, combined with no validation that the secret is non-empty. When a target user has never used the \"Remember me\" feature, their `asSecret` user meta does not exist, causing `get_user_meta()` to return an empty string. An attacker can send an empty `secret` parameter, which passes the comparison (`'' != ''` is `false`), and the endpoint then calls `wp_set_auth_cookie()` for the target user. Additionally, all REST routes use `permission_callback => '__return_true'` with no capability checks. This makes it possible for authenticated attackers, with Subscriber-level access and above, to switch to any user account including Administrator, ultimately granting themselves full administrative privileges."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/account-switcher/tags/1.0.2/app/PluginHero/BaseAPI.php#L54","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/account-switcher/tags/1.0.2/app/RestAPI.php#L111","source":"security@wordfence.com"},{"url":"https://wordpress.org/plugins/account-switcher/","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9e9cfb9b-6951-4246-9cd6-dd64fee3a1bc?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-6549","sourceIdentifier":"security@wordfence.com","published":"2026-05-20T02:16:38.780","lastModified":"2026-05-20T13:54:54.890","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Logo Manager For Enamad plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' attribute of the `vc_enamad_namad`, `vc_enamad_shamed`, and `vc_enamad_custom` shortcodes in all versions up to, and including, 0.7.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/logo-manager-for-enamad/tags/0.7.4/widgets.php#L295","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/logo-manager-for-enamad/trunk/widgets.php#L295","source":"security@wordfence.com"},{"url":"https://wordpress.org/plugins/logo-manager-for-enamad","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ed6d1167-c89d-4c97-9446-b968df945e6c?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-6555","sourceIdentifier":"security@wordfence.com","published":"2026-05-20T02:16:38.930","lastModified":"2026-05-20T13:54:54.890","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The ProSolution WP Client plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 2.0.0. This is due to an array validation mismatch where only the first file in the upload array undergoes extension and MIME type validation, while all files are processed and uploaded to a web-accessible directory. This makes it possible for unauthenticated attackers to upload malicious PHP files and achieve remote code execution by sending a valid first file followed by a malicious file."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/prosolution-wp-client/tags/2.0.0/includes/UploadHandler.php#L1345","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/prosolution-wp-client/tags/2.0.0/includes/UploadHandler.php#L384","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/prosolution-wp-client/tags/2.0.0/public/class-prosolwpclient-public.php#L1072","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/prosolution-wp-client/tags/2.0.0/public/class-prosolwpclient-public.php#L998","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/prosolution-wp-client/trunk/includes/UploadHandler.php#L1345","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/prosolution-wp-client/trunk/includes/UploadHandler.php#L384","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/prosolution-wp-client/trunk/public/class-prosolwpclient-public.php#L1072","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/prosolution-wp-client/trunk/public/class-prosolwpclient-public.php#L998","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0b870d35-7e10-4fb5-8c3b-2bf299d1f3d5?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-7284","sourceIdentifier":"security@wordfence.com","published":"2026-05-20T02:16:39.083","lastModified":"2026-05-20T13:54:54.890","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to privilege escalation via user registration in all versions up to, and including, 1.4.4. This is due to the 'easyel_handle_register' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-269"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/easy-elements/tags/1.4.0/widgets/login-register/class.login-register.php#L62","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3534530/easy-elements#file728","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/32b6ccfe-a659-41e4-9cec-146f4f910071?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-7462","sourceIdentifier":"security@wordfence.com","published":"2026-05-20T02:16:39.260","lastModified":"2026-05-20T13:54:54.890","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The VatanSMS WP SMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `page` parameter in all versions up to, and including, 1.01. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an administrator into performing an action such as clicking on a link."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/wp-sms-vatansms-com/trunk/includes/admin/groups/groups.php#L34","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-sms-vatansms-com/trunk/includes/admin/outbox/outbox.php#L5","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-sms-vatansms-com/trunk/includes/admin/subscribers/subscribers.php#L128","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/96ef8459-1600-4ca0-93c6-0ee42f8adabd?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-7467","sourceIdentifier":"security@wordfence.com","published":"2026-05-20T02:16:39.410","lastModified":"2026-05-20T13:54:54.890","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Read More & Accordion plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.7. This is due to the 'RadMoreAjax::importData' function not restricting which database tables can be written to during import and not properly validating the imported data. This makes it possible for authenticated attackers, with permission granted by the site owner through the plugin's role settings, to insert arbitrary rows into the 'wp_users' and 'wp_usermeta' tables, including the 'wp_capabilities' field, allowing them to create a new administrator account and gain administrator access to the site."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-269"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/expand-maker/tags/3.5.5/files/RadMoreAjax.php#L62","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/adf51c03-b0bb-4864-b64d-6b0cba4b0130?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-7472","sourceIdentifier":"security@wordfence.com","published":"2026-05-20T02:16:39.547","lastModified":"2026-05-20T13:54:54.890","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Read More & Accordion plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 3.5.7. This is due to the use of esc_sql() without surrounding the value in quotes in an ORDER BY clause inside the getAllDataByLimit() and getAccordionAllDataByLimit() functions in ReadMoreData.php. The user-supplied $_GET['orderby'] value is only processed through esc_attr() (an HTML-escaping function) before being passed to these database functions, where esc_sql() is applied but the value is directly concatenated—unquoted—into the ORDER BY fragment of the SQL query before $wpdb->prepare() is called. Because esc_sql() only escapes quote characters and backslashes (which are irrelevant in an unquoted ORDER BY context), an attacker can inject arbitrary SQL expressions such as (SELECT SLEEP(5)) or conditional subqueries to perform time-based blind data extraction. This makes it possible for authenticated attackers with administrator-level access or above (or any role explicitly permitted access to the plugin's admin pages via the yrm-user-roles setting) to extract sensitive data from the database, including administrator credential hashes."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/expand-maker/tags/3.5.7/classes/ReadMoreData.php#L1522","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/expand-maker/tags/3.5.7/classes/ReadMoreData.php#L1537","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/expand-maker/tags/3.5.7/views/accordionBuilder/list.php#L29","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/expand-maker/tags/3.5.7/views/readMorePagesView.php#L29","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/expand-maker/trunk/classes/ReadMoreData.php#L1522","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/expand-maker/trunk/classes/ReadMoreData.php#L1537","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/expand-maker/trunk/views/accordionBuilder/list.php#L29","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/expand-maker/trunk/views/readMorePagesView.php#L29","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/cc7c7e21-fbd7-4451-bc7d-3d11db01a443?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-8038","sourceIdentifier":"security@wordfence.com","published":"2026-05-20T02:16:39.690","lastModified":"2026-05-20T13:54:54.890","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Faces of Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'default' shortcode attribute in the 'facesofusers' shortcode in all versions up to, and including, 0.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/faces-of-users/tags/0.0.3/faces-of.php#L62","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/faces-of-users/trunk/faces-of.php#L62","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ea39d249-0345-4028-af58-31b298376950?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-8418","sourceIdentifier":"security@wordfence.com","published":"2026-05-20T02:16:39.827","lastModified":"2026-05-20T13:54:54.890","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Games Catalog plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the gc_crud() function which handles the delete action (action=delete) via a GET request without any wp_verify_nonce() / check_admin_referer() call. This makes it possible for unauthenticated attackers to delete arbitrary game catalog entries (including the associated WordPress post created for the game) via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/game-catalog/tags/1.2.0/admin-crud.php#L31","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/game-catalog/tags/1.2.0/admin-crud.php#L94","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/game-catalog/tags/1.2.0/games-catalog.php#L96","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/game-catalog/trunk/admin-crud.php#L31","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/game-catalog/trunk/admin-crud.php#L94","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/game-catalog/trunk/games-catalog.php#L96","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0888cda8-63ca-44f6-a3eb-765c14a7e6c7?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-8419","sourceIdentifier":"security@wordfence.com","published":"2026-05-20T02:16:39.973","lastModified":"2026-05-20T13:54:54.890","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Amazon Scraper plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/amazon-scraper/tags/1.1/amazon-admin.php#L13","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/amazon-scraper/tags/1.1/amazon-admin.php#L26","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/amazon-scraper/tags/1.1/amazon-admin.php#L45","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/amazon-scraper/tags/1.1/amazon-admin.php#L49","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/amazon-scraper/trunk/amazon-admin.php#L13","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/amazon-scraper/trunk/amazon-admin.php#L26","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/amazon-scraper/trunk/amazon-admin.php#L45","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/amazon-scraper/trunk/amazon-admin.php#L49","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c956e4c5-bf7e-4ec4-b795-74d477a61694?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-8420","sourceIdentifier":"security@wordfence.com","published":"2026-05-20T02:16:40.113","lastModified":"2026-05-20T13:54:54.890","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The BLOGCHAT Chat System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/blogchat-chat-system/tags/1.3.6.3/wp-blogchat-widget.php#L208","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/blogchat-chat-system/tags/1.3.6.3/wp-blogchat-widget.php#L215","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/blogchat-chat-system/tags/1.3.6.3/wp-blogchat-widget.php#L222","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/blogchat-chat-system/tags/1.3.6.3/wp-blogchat-widget.php#L293","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/blogchat-chat-system/trunk/wp-blogchat-widget.php#L208","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/blogchat-chat-system/trunk/wp-blogchat-widget.php#L215","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/blogchat-chat-system/trunk/wp-blogchat-widget.php#L222","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/blogchat-chat-system/trunk/wp-blogchat-widget.php#L293","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a62186aa-19aa-445b-8fdc-b029bdafd58f?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-8423","sourceIdentifier":"security@wordfence.com","published":"2026-05-20T02:16:40.260","lastModified":"2026-05-20T13:54:54.890","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The JaviBola Custom Theme Test plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.5. This is due to missing or incorrect nonce validation on the options page. This makes it possible for unauthenticated attackers to change the site's active theme by modifying the jbct_theme option via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/javibola-custom-theme/tags/2.0.5/javibola-custom-theme.php#L40","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/javibola-custom-theme/tags/2.0.5/javibola-custom-theme.php#L41","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/javibola-custom-theme/tags/2.0.5/javibola-custom-theme.php#L54","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/javibola-custom-theme/trunk/javibola-custom-theme.php#L40","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/javibola-custom-theme/trunk/javibola-custom-theme.php#L41","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/javibola-custom-theme/trunk/javibola-custom-theme.php#L54","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/68a8a277-2ea6-4d75-b8cd-4d20eb17b3aa?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-8424","sourceIdentifier":"security@wordfence.com","published":"2026-05-20T02:16:40.400","lastModified":"2026-05-20T13:54:54.890","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Remove Yellow BGBOX plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'rybb_api_settings' page. This makes it possible for unauthenticated attackers to reset the plugin's stored settings by overwriting its configuration via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/remove-yellow-bgbox/tags/1.0/admin/rybb_api_settings.php#L5","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/remove-yellow-bgbox/tags/1.0/includes/functions.php#L16","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/remove-yellow-bgbox/trunk/admin/rybb_api_settings.php#L5","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/remove-yellow-bgbox/trunk/includes/functions.php#L16","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c5b30d27-a3f8-4535-a47f-675c939ec648?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-8610","sourceIdentifier":"security@wordfence.com","published":"2026-05-20T02:16:40.547","lastModified":"2026-05-20T13:54:54.890","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The TypeSquare Webfonts for ConoHa plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the plugin's site-wide font settings, including the typesquare_auth option (fontThemeUseType), show_post_form, and typesquare_fonttheme, by submitting a POST request to any wp-admin page. For fontThemeUseType values 1 and 3, no nonce verification is performed either, meaning those branches are additionally exploitable via cross-site request forgery."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/ts-webfonts-for-conoha/tags/2.0.4/inc/class/class.auth.php#L51","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ts-webfonts-for-conoha/tags/2.0.4/typesquare-admin.php#L25","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ts-webfonts-for-conoha/tags/2.0.4/typesquare-admin.php#L93","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/88002a25-6890-4f8b-8a11-239b59d56672?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-8624","sourceIdentifier":"security@wordfence.com","published":"2026-05-20T02:16:40.693","lastModified":"2026-05-20T13:54:54.890","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The LJ comments import: reloaded plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHP_SELF Parameter in all versions up to, and including, 0.97.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. The vulnerability arises specifically because PHP_SELF includes attacker-controllable PATH_INFO appended to the script name, and there are two distinct unsanitized echo points for this value in the same function."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/lj-comments-import-reloaded/trunk/lj_comments_import.php#L129","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/lj-comments-import-reloaded/trunk/lj_comments_import.php#L161","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0f09cb59-dbbb-48a3-aeac-377f6ec87b88?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-8626","sourceIdentifier":"security@wordfence.com","published":"2026-05-20T02:16:40.837","lastModified":"2026-05-20T13:54:54.890","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The SponsorMe plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHP_SELF Parameter in all versions up to, and including, 0.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. The PHP_SELF value is reflected in two separate locations within the vulnerable function — a form action attribute and an anchor href attribute — both of which can be exploited by appending a crafted payload to the wp-admin/admin.php URL path."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/sponsorme/trunk/sponsorme.php#L440","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/sponsorme/trunk/sponsorme.php#L475","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7df7f541-b8aa-46fa-bfca-b333beea27f9?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-8627","sourceIdentifier":"security@wordfence.com","published":"2026-05-20T02:16:40.980","lastModified":"2026-05-20T13:54:54.890","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Correct Prices plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $_SERVER['PHP_SELF'] variable in versions up to and including 1.0. This is due to the correct_prices_page() function echoing $_SERVER['PHP_SELF'] into a form's action attribute without any input sanitization or output escaping (such as esc_url() or esc_attr()). Because PHP_SELF reflects attacker-controlled path-info appended to the script URL, an attacker can break out of the attribute and inject arbitrary markup. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a specially crafted link."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/correct-prices/trunk/correct_prices.php#L134","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/605c6c53-6920-42ba-8784-b3a186bbf821?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-8685","sourceIdentifier":"security@wordfence.com","published":"2026-05-20T02:16:41.143","lastModified":"2026-05-20T13:54:54.890","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Infility Global plugin for WordPress is vulnerable to SQL Injection via the 'orderby' and 'order' parameters in all versions up to, and including, 2.15.16. This is due to insufficient escaping on user supplied parameters and lack of sufficient preparation on the existing SQL query within the show_control_data::post_list() function, which is registered as an admin menu page with only the 'read' capability. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/infility-global/trunk/widgets/show-control-data/show-control-data.php#L34","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/infility-global/trunk/widgets/show-control-data/show-control-data.php#L74","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/infility-global/trunk/widgets/show-control-data/show-control-data.php#L78","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/infility-global/trunk/widgets/show-control-data/show-control-data.php#L84","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1caeb5e0-9e4e-4c9e-a6e4-881fb81dc5f2?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2025-15369","sourceIdentifier":"security@wordfence.com","published":"2026-05-20T04:16:42.597","lastModified":"2026-05-20T13:54:54.890","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the get_content_editor function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to create published Xpro templates."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/xpro-elementor-addons/trunk?rev=3508547","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/cf49d3fb-de14-42bc-bf51-f9adceba0d32?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2025-33255","sourceIdentifier":"psirt@nvidia.com","published":"2026-05-20T04:16:43.667","lastModified":"2026-05-21T00:06:30.987","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"NVIDIA TRT-LLM for any platform contains a vulnerability in MPI server, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure."}],"metrics":{"cvssMetricV31":[{"source":"psirt@nvidia.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"psirt@nvidia.com","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nvidia:tensorrt_llm:*:*:*:*:*:*:*:*","versionEndExcluding":"1.2","matchCriteriaId":"98DDF811-7971-4E89-8807-68A05836B01A"}]}]}],"references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-33255","source":"psirt@nvidia.com","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://nvidia.custhelp.com/app/answers/detail/a_id/5805","source":"psirt@nvidia.com","tags":["Vendor Advisory"]},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-33255","source":"psirt@nvidia.com","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2026-24142","sourceIdentifier":"psirt@nvidia.com","published":"2026-05-20T04:16:44.993","lastModified":"2026-05-21T00:04:56.283","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"NVIDIA TRT-LLM for any platform contains a deserialization vulnerability   and unsafe serialized handle. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure."}],"metrics":{"cvssMetricV31":[{"source":"psirt@nvidia.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.0,"impactScore":3.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"psirt@nvidia.com","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nvidia:tensorrt_llm:*:*:*:*:*:*:*:*","versionEndExcluding":"1.2","matchCriteriaId":"98DDF811-7971-4E89-8807-68A05836B01A"}]}]}],"references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24142","source":"psirt@nvidia.com","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://nvidia.custhelp.com/app/answers/detail/a_id/5805","source":"psirt@nvidia.com","tags":["Vendor Advisory"]},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-24142","source":"psirt@nvidia.com","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2026-24163","sourceIdentifier":"psirt@nvidia.com","published":"2026-05-20T04:16:45.537","lastModified":"2026-05-20T19:40:38.177","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"NVIDIA TRT-LLM for any platform contains a vulnerability in RPC testing, where an attacker could  cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure."}],"metrics":{"cvssMetricV31":[{"source":"psirt@nvidia.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"psirt@nvidia.com","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nvidia:tensorrt_llm:*:*:*:*:*:*:*:*","versionEndExcluding":"1.2","matchCriteriaId":"98DDF811-7971-4E89-8807-68A05836B01A"}]}]}],"references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24163","source":"psirt@nvidia.com","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://nvidia.custhelp.com/app/answers/detail/a_id/5805","source":"psirt@nvidia.com","tags":["Vendor Advisory"]},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-24163","source":"psirt@nvidia.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-24206","sourceIdentifier":"psirt@nvidia.com","published":"2026-05-20T04:16:45.713","lastModified":"2026-05-20T17:31:24.760","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of this vulnerability might lead to escalation of privileges, denial of service, or information disclosure."}],"metrics":{"cvssMetricV31":[{"source":"psirt@nvidia.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"psirt@nvidia.com","type":"Primary","description":[{"lang":"en","value":"CWE-288"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nvidia:triton_inference_server:*:*:*:*:*:*:*:*","versionEndExcluding":"26.03","matchCriteriaId":"D5CC0AB5-9C28-4746-A0A0-D44CC1D43DF6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}]}]}],"references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24206","source":"psirt@nvidia.com","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://nvidia.custhelp.com/app/answers/detail/a_id/5828","source":"psirt@nvidia.com","tags":["Vendor Advisory"]},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-24206","source":"psirt@nvidia.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-24207","sourceIdentifier":"psirt@nvidia.com","published":"2026-05-20T04:16:45.960","lastModified":"2026-05-20T17:30:43.320","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure."}],"metrics":{"cvssMetricV31":[{"source":"psirt@nvidia.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"psirt@nvidia.com","type":"Primary","description":[{"lang":"en","value":"CWE-288"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nvidia:triton_inference_server:*:*:*:*:*:*:*:*","versionEndExcluding":"26.03","matchCriteriaId":"D5CC0AB5-9C28-4746-A0A0-D44CC1D43DF6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}]}]}],"references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24207","source":"psirt@nvidia.com","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://nvidia.custhelp.com/app/answers/detail/a_id/5828","source":"psirt@nvidia.com","tags":["Vendor Advisory"]},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-24207","source":"psirt@nvidia.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-24208","sourceIdentifier":"psirt@nvidia.com","published":"2026-05-20T04:16:46.177","lastModified":"2026-05-20T17:29:44.640","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a path traversal issue. A successful exploit of this vulnerability might lead to denial of service."}],"metrics":{"cvssMetricV31":[{"source":"psirt@nvidia.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"psirt@nvidia.com","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nvidia:triton_inference_server:*:*:*:*:*:*:*:*","versionEndExcluding":"26.03","matchCriteriaId":"D5CC0AB5-9C28-4746-A0A0-D44CC1D43DF6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}]}]}],"references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24208","source":"psirt@nvidia.com","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://nvidia.custhelp.com/app/answers/detail/a_id/5828","source":"psirt@nvidia.com","tags":["Vendor Advisory"]},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-24208","source":"psirt@nvidia.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-24209","sourceIdentifier":"psirt@nvidia.com","published":"2026-05-20T04:16:46.463","lastModified":"2026-05-20T17:22:25.470","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a path traversal issue. A successful exploit of this vulnerability might lead to denial of service."}],"metrics":{"cvssMetricV31":[{"source":"psirt@nvidia.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"psirt@nvidia.com","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nvidia:triton_inference_server:*:*:*:*:*:*:*:*","versionEndExcluding":"26.03","matchCriteriaId":"D5CC0AB5-9C28-4746-A0A0-D44CC1D43DF6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}]}]}],"references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24209","source":"psirt@nvidia.com","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://nvidia.custhelp.com/app/answers/detail/a_id/5828","source":"psirt@nvidia.com","tags":["Vendor Advisory"]},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-24209","source":"psirt@nvidia.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-24210","sourceIdentifier":"psirt@nvidia.com","published":"2026-05-20T04:16:46.690","lastModified":"2026-05-20T17:20:33.123","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an integer overflow. A successful exploit of this vulnerability might lead to denial of service."}],"metrics":{"cvssMetricV31":[{"source":"psirt@nvidia.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"psirt@nvidia.com","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nvidia:triton_inference_server:*:*:*:*:*:*:*:*","versionEndExcluding":"26.03","matchCriteriaId":"D5CC0AB5-9C28-4746-A0A0-D44CC1D43DF6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}]}]}],"references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24210","source":"psirt@nvidia.com","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://nvidia.custhelp.com/app/answers/detail/a_id/5828","source":"psirt@nvidia.com","tags":["Vendor Advisory"]},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-24210","source":"psirt@nvidia.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-24213","sourceIdentifier":"psirt@nvidia.com","published":"2026-05-20T04:16:46.913","lastModified":"2026-05-20T17:18:32.003","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker could cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, or information disclosure."}],"metrics":{"cvssMetricV31":[{"source":"psirt@nvidia.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"psirt@nvidia.com","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nvidia:triton_inference_server:*:*:*:*:*:*:*:*","versionEndExcluding":"26.03","matchCriteriaId":"D5CC0AB5-9C28-4746-A0A0-D44CC1D43DF6"}]}]}],"references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24213","source":"psirt@nvidia.com","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://nvidia.custhelp.com/app/answers/detail/a_id/5828","source":"psirt@nvidia.com","tags":["Vendor Advisory"]},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-24213","source":"psirt@nvidia.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-24214","sourceIdentifier":"psirt@nvidia.com","published":"2026-05-20T04:16:47.173","lastModified":"2026-05-20T17:13:59.930","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker could cause an integer overflow. A successful exploit of this vulnerability might lead to code execution, data tampering, or denial of service."}],"metrics":{"cvssMetricV31":[{"source":"psirt@nvidia.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"psirt@nvidia.com","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nvidia:triton_inference_server:*:*:*:*:*:*:*:*","versionEndExcluding":"26.03","matchCriteriaId":"D5CC0AB5-9C28-4746-A0A0-D44CC1D43DF6"}]}]}],"references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24214","source":"psirt@nvidia.com","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://nvidia.custhelp.com/app/answers/detail/a_id/5828","source":"psirt@nvidia.com","tags":["Vendor Advisory"]},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-24214","source":"psirt@nvidia.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-24215","sourceIdentifier":"psirt@nvidia.com","published":"2026-05-20T04:16:47.373","lastModified":"2026-05-20T17:19:31.883","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"NVIDIA Triton Inference Server contains a vulnerability in the DALI backend, where an attacker could cause uncontrolled resource consumption. A successful exploit of this vulnerability might lead to denial of service."}],"metrics":{"cvssMetricV31":[{"source":"psirt@nvidia.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"psirt@nvidia.com","type":"Primary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nvidia:triton_inference_server:*:*:*:*:*:*:*:*","versionEndExcluding":"26.03","matchCriteriaId":"D5CC0AB5-9C28-4746-A0A0-D44CC1D43DF6"}]}]}],"references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24215","source":"psirt@nvidia.com","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://nvidia.custhelp.com/app/answers/detail/a_id/5828","source":"psirt@nvidia.com","tags":["Vendor Advisory"]},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-24215","source":"psirt@nvidia.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-7460","sourceIdentifier":"help@fluidattacks.com","published":"2026-05-20T04:16:56.270","lastModified":"2026-05-20T14:23:14.993","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"mailcow-dockerized contains a stored cross-site scripting vulnerability in the administrator Queue Manager. The Queue Manager fetches mail queue entries from /api/v1/get/mailq/all, copies server-controlled Postfix queue fields into DataTables rows, and renders several of those fields as HTML without adequate output encoding.\n\n\n\nThis issue affects mailcow-dockerized: 2026-03b."}],"metrics":{"cvssMetricV40":[{"source":"help@fluidattacks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"help@fluidattacks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://fluidattacks.com/advisories/mojabi","source":"help@fluidattacks.com"},{"url":"https://github.com/mailcow/mailcow-dockerized","source":"help@fluidattacks.com"},{"url":"https://fluidattacks.com/advisories/mojabi","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-7637","sourceIdentifier":"security@wordfence.com","published":"2026-05-20T04:16:56.747","lastModified":"2026-05-20T13:54:54.890","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.0.3 via deserialization of untrusted input in the STYXKEY-BOOST_USER_LOCATION cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://www.pixelyoursite.com/boost-plugin","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e391f560-2037-4180-a77e-1731524a318c?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-9003","sourceIdentifier":"twcert@cert.org.tw","published":"2026-05-20T04:16:59.217","lastModified":"2026-05-20T14:01:24.027","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"E-LAN Hybrid Recording System developed by TONNET has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents."}],"metrics":{"cvssMetricV40":[{"source":"twcert@cert.org.tw","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"twcert@cert.org.tw","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"twcert@cert.org.tw","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://www.twcert.org.tw/en/cp-139-10912-21886-2.html","source":"twcert@cert.org.tw"},{"url":"https://www.twcert.org.tw/tw/cp-132-10911-e6abb-1.html","source":"twcert@cert.org.tw"}]}},{"cve":{"id":"CVE-2026-9010","sourceIdentifier":"security@wordfence.com","published":"2026-05-20T04:16:59.703","lastModified":"2026-05-20T13:54:54.890","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'current_url' and 'user_name' parameters in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL queries. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://www.pixelyoursite.com/boost-plugin","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1cac2397-bb38-40d6-b90d-68e3ea136267?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-5075","sourceIdentifier":"security@wordfence.com","published":"2026-05-20T05:16:22.120","lastModified":"2026-05-20T13:54:54.890","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The All in One SEO plugin for WordPress is vulnerable to Sensitive Information Exposure via 'internalOptions' localized script data in versions up to, and including, 4.9.7 due to sensitive internal option data being passed to wp_localize_script() in post editor contexts without effective masking for low-privilege users. This makes it possible for authenticated attackers, with contributor-level access and above, to view configured API/OAuth tokens and license-related values from page source."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset/3532318/all-in-one-seo-pack","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0d8bc203-c17a-4b31-8f9e-695f9e638cda?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-7522","sourceIdentifier":"security@wordfence.com","published":"2026-05-20T05:16:22.327","lastModified":"2026-05-20T13:54:54.890","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Advanced Database Cleaner – Premium plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.1.0 via the 'template' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://docs.sigmaplugin.com/article/97-advanced-database-cleaner-chaneglog","source":"security@wordfence.com"},{"url":"https://sigmaplugin.com/downloads/wordpress-advanced-database-cleaner/","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/77e4e516-8a12-48ee-9124-27f941b68b13?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-9056","sourceIdentifier":"4ac701fe-44e9-4bcd-9585-dd6449257611","published":"2026-05-20T05:16:23.350","lastModified":"2026-05-20T14:04:18.950","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A stored cross-site scripting vulnerability has been found in the Talend Administration Center. An attacker with permission to manage servers can store a XSS payload that can be triggered by a different user."}],"metrics":{"cvssMetricV31":[{"source":"4ac701fe-44e9-4bcd-9585-dd6449257611","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"references":[{"url":"https://community.qlik.com/t5/Official-Support-Articles/Security-fix-for-Qlik-Talend-Administration-Center-cross-site/ta-p/2548522","source":"4ac701fe-44e9-4bcd-9585-dd6449257611"}]}},{"cve":{"id":"CVE-2026-9057","sourceIdentifier":"4ac701fe-44e9-4bcd-9585-dd6449257611","published":"2026-05-20T05:16:23.467","lastModified":"2026-05-20T14:04:18.950","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A broken access control issue has been identified in the Talend Administration Center, that allows a user with “View” permission to modify the Talend Studio update URL. This issue was resolved in a patch, which is already available."}],"metrics":{"cvssMetricV31":[{"source":"4ac701fe-44e9-4bcd-9585-dd6449257611","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":5.8}]},"references":[{"url":"https://community.qlik.com/t5/Official-Support-Articles/Security-fix-for-Qlik-Talend-Administration-Center-URL-access/ta-p/2548524","source":"4ac701fe-44e9-4bcd-9585-dd6449257611"}]}},{"cve":{"id":"CVE-2026-2955","sourceIdentifier":"security@wordfence.com","published":"2026-05-20T07:16:13.820","lastModified":"2026-05-20T13:54:54.890","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' header in versions up to, and including, 1.4.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: Practical exploitation is constrained due to a 20-character storage limit."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset/3505998/ai-copilot-content-generator","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8d434250-aa16-4ba1-a1f8-289371176545?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-44392","sourceIdentifier":"vultures@jpcert.or.jp","published":"2026-05-20T07:16:15.317","lastModified":"2026-05-20T14:25:17.977","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing authorization vulnerability exists in Movable Type. Under certain conditions, when a user without administrator privileges signs in to the product, unintended update processing may be executed."}],"metrics":{"cvssMetricV40":[{"source":"vultures@jpcert.or.jp","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV30":[{"source":"vultures@jpcert.or.jp","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"vultures@jpcert.or.jp","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://jvn.jp/en/jp/JVN66473735/","source":"vultures@jpcert.or.jp"},{"url":"https://movabletype.org/news/2026/05/mt-908-released.html","source":"vultures@jpcert.or.jp"},{"url":"https://www.sixapart.jp/movabletype/news/2026/05/20-1100.html","source":"vultures@jpcert.or.jp"}]}},{"cve":{"id":"CVE-2026-5776","sourceIdentifier":"contact@wpscan.com","published":"2026-05-20T07:16:15.903","lastModified":"2026-05-20T14:01:24.027","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Email Encoder  WordPress plugin before 2.4.7 does not escape email addresses retrieved via user input, allowing unauthenticated attackers to perform Stored XSS attacks"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"references":[{"url":"https://wpscan.com/vulnerability/00c0b9f7-c559-463e-80ae-97d99e0ef99f/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-6566","sourceIdentifier":"security@wordfence.com","published":"2026-05-20T07:16:16.030","lastModified":"2026-05-20T13:54:54.890","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 4.2.0. This is due to insufficient object-level authorization in the image deletion REST flow where the permission callback for DELETE /imagely/v1/images/{id} only checks 'NextGEN Manage gallery' permissions and does not enforce gallery ownership or 'NextGEN Manage others gallery' permissions. This makes it possible for authenticated attackers, with Subscriber-level privileges and 'NextGEN Manage gallery' capability, to delete gallery images belonging to other users as well as their associated image files from disk when deleteImg is enabled (default)."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset/3533432/nextgen-gallery","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/439809ad-21ea-4a0b-b1fd-5de9f8f5ee7a?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-7385","sourceIdentifier":"contact@wpscan.com","published":"2026-05-20T07:16:16.353","lastModified":"2026-05-20T18:16:27.673","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Decent Comments WordPress plugin before 3.0.2 does not restrict access to comment author email addresses and post author email addresses via its REST API endpoint, allowing unauthenticated attackers to enumerate registered user email addresses."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"references":[{"url":"https://wpscan.com/vulnerability/1c5949d0-cf50-45d3-a7e2-2f94cdb42405/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-5200","sourceIdentifier":"security@wordfence.com","published":"2026-05-20T08:16:22.860","lastModified":"2026-05-20T13:54:54.890","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 10.8.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify privileged AcyMailing configuration, export subscriber secret keys, and chain these actions into administrator account takeover when a target administrator email address is known."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset/3516422/acymailing","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f8470662-2247-4159-9dac-f13677c94bdf?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-6405","sourceIdentifier":"security@wordfence.com","published":"2026-05-20T08:16:23.027","lastModified":"2026-05-20T13:54:54.890","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Anomify AI – Anomaly Detection and Alerting plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) in versions up to and including 0.3.6. This is due to missing nonce verification on the settings page handler and insufficient output escaping in the admin_options.php template. The settings form includes no wp_nonce_field() and the handler performs no check_admin_referer() check, meaning any cross-origin POST can modify plugin settings. The API key field is sanitized only with sanitize_text_field(), which strips HTML tags but does not encode double-quote characters; the value is then rendered into an HTML attribute via bare echo without esc_attr(), allowing a double-quote attribute-escape payload to survive both sanitization and storage. This makes it possible for unauthenticated attackers to inject arbitrary web scripts by tricking a logged-in administrator into visiting a malicious page that submits a forged request, storing the payload in the database and causing it to execute in the administrator's browser whenever the plugin settings page is visited."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/anomify/tags/0.3.6/Anomify/Config.php#L152","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/anomify/tags/0.3.6/Anomify/Wp/Admin.php#L31","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/anomify/tags/0.3.6/Anomify/Wp/includes/admin_options.php#L43","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/anomify/trunk/Anomify/Config.php#L152","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/anomify/trunk/Anomify/Wp/Admin.php#L31","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/anomify/trunk/Anomify/Wp/includes/admin_options.php#L43","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a1e02c2d-a38a-495c-9c37-098049297be2?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-9059","sourceIdentifier":"vulnreport@tenable.com","published":"2026-05-20T09:16:27.020","lastModified":"2026-05-20T14:01:24.027","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"NextGEN Gallery version prior to 4.2.1 are vulnerable to authenticated SQL injection via the 'orderby' parameter on the REST API endpoints '/imagely/v1/galleries' and '/imagely/v1/albums'.\n\n\n\nThe root cause is an insufficient sanitization function ('_clean_column()') in the data mapper layer that uses a character blacklist instead of a whitelist approach. This allows an authenticated attacker with the 'NextGEN Gallery overview' capability (assigned to the Administrator role by default) to inject arbitrary SQL into the 'ORDER BY' clause."}],"metrics":{"cvssMetricV40":[{"source":"vulnreport@tenable.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"vulnreport@tenable.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://www.tenable.com/security/research/tra-2026-42","source":"vulnreport@tenable.com"}]}},{"cve":{"id":"CVE-2026-9065","sourceIdentifier":"vulnreport@tenable.com","published":"2026-05-20T09:16:27.217","lastModified":"2026-05-20T14:01:24.027","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SureCart version prior to 4.2.1 are vulnerable to authenticated SQL injection via multiple parameters ('model_name', 'model_id', 'integration_id', 'provider') on the REST API endpoint '/surecart/v1/integrations/{id}'.\n\nThe root cause is a flawed escaping bypass in the query builder ('wp-query-builder'). Values passed to the 'where()' method are only sanitized via '$wpdb->prepare()' when they do **not** contain a dot ('.') or the WordPress table prefix ('wp_'). By including a dot anywhere in the payload, an attacker completely bypasses the escaping logic and injects arbitrary SQL into the 'WHERE' clause, allowing full UNION-based extraction of the database."}],"metrics":{"cvssMetricV40":[{"source":"vulnreport@tenable.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"vulnreport@tenable.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://www.tenable.com/security/research/tra-2026-43","source":"vulnreport@tenable.com"}]}},{"cve":{"id":"CVE-2026-32792","sourceIdentifier":"sep@nlnetlabs.nl","published":"2026-05-20T10:16:26.277","lastModified":"2026-05-20T22:44:09.940","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"NLnet Labs Unbound 1.6.2 up to and including version 1.25.0 has a denial of service vulnerability when compiled with DNSCrypt support ('--enable-dnscrypt'). A bad DNSCrypt query could underflow Unbound's DNSCrypt packet reading procedure that may lead to heap overflow. A malicious actor can exploit the vulnerability with a single bad DNSCrypt query that its decrypted plaintext consists entirely of '0x00' bytes and does not contain the expected '0x80' marker. Unbound would then start reading more bytes than necessary until it finds a non-'0x00' byte. Based on the underlying memory allocator and the memory layout, it could lead to heap overflow while reading followed by a crash. Likelihood of a crash is low, since it relies heavily on the underlying memory allocator and the memory layout. If the heap overflow does not happen, Unbound's later packet checks will deny the packet. Unbound 1.25.1 contains a patch with a fix to bound reading in the given buffer space."}],"metrics":{"cvssMetricV40":[{"source":"sep@nlnetlabs.nl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Green","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"GREEN"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"sep@nlnetlabs.nl","type":"Secondary","description":[{"lang":"en","value":"CWE-125"},{"lang":"en","value":"CWE-166"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*","versionStartIncluding":"1.6.2","versionEndExcluding":"1.25.1","matchCriteriaId":"E2A7CA69-1A30-44D8-A0FF-2A4853C6F6D9"}]}]}],"references":[{"url":"https://www.nlnetlabs.nl/downloads/unbound/CVE-2026-32792.txt","source":"sep@nlnetlabs.nl","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-33278","sourceIdentifier":"sep@nlnetlabs.nl","published":"2026-05-20T10:16:26.530","lastModified":"2026-05-20T22:49:23.313","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwriting a destination pointer. An adversary can exploit the vulnerability by controlling a malicious signed zone and querying a vulnerable Unbound. When DS sub-queries need to suspend validation due to NSEC3 computational budget exhaustion (introduced in Unbound 1.19.1), Unbound deep-copies response messages to preserve them across memory region teardown. A struct-assignment bug overwrites the destination's pointer with the source's pointer. After the sub-query region is freed, the resumed validator dereferences this dangling pointer, triggering a crash or potentially enabling arbitrary code execution. Unbound 1.25.1 contains a patch with a fix to preserve the correct pointer when deep copying the data structure."}],"metrics":{"cvssMetricV40":[{"source":"sep@nlnetlabs.nl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Red","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"RED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"sep@nlnetlabs.nl","type":"Secondary","description":[{"lang":"en","value":"CWE-416"},{"lang":"en","value":"CWE-672"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*","versionStartIncluding":"1.19.1","versionEndExcluding":"1.25.1","matchCriteriaId":"5C330C7D-8CBA-407E-9C85-8BB7D5A97797"}]}]}],"references":[{"url":"https://www.nlnetlabs.nl/downloads/unbound/CVE-2026-33278.txt","source":"sep@nlnetlabs.nl","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-35070","sourceIdentifier":"security_alert@emc.com","published":"2026-05-20T10:16:26.677","lastModified":"2026-05-20T13:56:48.777","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Dell SmartFabric Storage Software, versions prior to 1.4.5, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker."}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.5,"impactScore":5.9}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Primary","description":[{"lang":"en","value":"CWE-77"}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000466942/dsa-2026-235-security-update-for-dell-networking-smartfabric-storage-software-vulnerabilities","source":"security_alert@emc.com"}]}},{"cve":{"id":"CVE-2026-40622","sourceIdentifier":"sep@nlnetlabs.nl","published":"2026-05-20T10:16:26.850","lastModified":"2026-05-20T14:02:12.280","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"NLnet Labs Unbound 1.16.2 up to and including version 1.25.0 has a vulnerability of the 'ghost domain names' family of attacks that could extend the ghost domain window by up to one cached TTL configured value. Similar to other 'ghost domain names' attacks, an adversary needs to control a (ghost) zone and be able to query a vulnerable Unbound. A single client NS query can cause Unbound to overwrite the cached expired parent-side referral NS rrset with the child-side apex NS rrset and essentially extend the ghost domain window by up to one cached TTL configured value ('cache-max-ttl'). In configurations where 'harden-referral-path: yes' is used (non-default configuration), no client NS query is required since Unbound implicitly performs that query. Unbound 1.25.1 contains a patch with a fix that does not allow extension of TTLs for (parent) NS records regardless of their trust."}],"metrics":{"cvssMetricV40":[{"source":"sep@nlnetlabs.nl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber","baseScore":6.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"AMBER"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-346"}]}],"references":[{"url":"https://www.nlnetlabs.nl/downloads/unbound/CVE-2026-40622.txt","source":"sep@nlnetlabs.nl"}]}},{"cve":{"id":"CVE-2026-41054","sourceIdentifier":"meissner@suse.de","published":"2026-05-20T10:16:26.990","lastModified":"2026-05-20T14:25:57.283","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In `src/havegecmd.c`, the `socket_handler` function performs a credential check on the abstract UNIX socket (`\\0/sys/entropy/haveged`). However, while it detects if the connecting user is not root (`cred.uid != 0`) and prepares a negative acknowledgement (`ASCII_NAK`), it **fails to stop execution**. The code proceeds to the `switch` statement, allowing any local unprivileged user to execute privileged commands such as `MAGIC_CHROOT`."}],"metrics":{"cvssMetricV31":[{"source":"meissner@suse.de","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"meissner@suse.de","type":"Primary","description":[{"lang":"en","value":"CWE-305"}]}],"references":[{"url":"https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-41054","source":"meissner@suse.de"},{"url":"http://www.openwall.com/lists/oss-security/2026/05/19/3","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2026/05/19/4","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2026/05/19/5","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2026/05/20/1","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-41292","sourceIdentifier":"sep@nlnetlabs.nl","published":"2026-05-20T10:16:27.327","lastModified":"2026-05-20T22:49:46.850","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to a degradation of service attack related to parsing long lists of incoming EDNS options. An adversary sending queries with too many EDNS options can hold Unbound threads hostage while they are parsing and creating internal data structures for the options. Coordinated attacks can result in degradation and/or denial of service. Unbound 1.25.1 contains a patch with a fix to limit acceptable incoming EDNS options (100)."}],"metrics":{"cvssMetricV40":[{"source":"sep@nlnetlabs.nl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Red","baseScore":6.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"RED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"sep@nlnetlabs.nl","type":"Secondary","description":[{"lang":"en","value":"CWE-407"},{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*","versionEndExcluding":"1.25.1","matchCriteriaId":"45EC9AEF-23EC-4ECC-A769-18DF07B2CAEC"}]}]}],"references":[{"url":"https://www.nlnetlabs.nl/downloads/unbound/CVE-2026-41292.txt","source":"sep@nlnetlabs.nl","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-42534","sourceIdentifier":"sep@nlnetlabs.nl","published":"2026-05-20T10:16:27.477","lastModified":"2026-05-20T22:50:00.157","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the jostle logic that could defeat its purpose and degrade resolution performance. Retransmits of the same query could renew the age of slow running queries and not allow the jostle logic to see them as aged and potential targets for replacement with new queries. An adversary who can query a vulnerable Unbound and who can control a domain name server that replies slowly and/or maliciously to Unbound's queries can exploit the vulnerability and degrade the resolution performance of Unbound. When Unbound's 'num-queries-per-thread' reaches its limit, the jostle logic kicks in. When a new query comes in, half of the available queries that are also slow to resolve are candidates for replacement. The vulnerability then happens because duplicate queries that need resolution would skew the aging result by using the timestamp of the latest duplicate query instead of the original one that started the resolution effort. Cache and local data response performance remains unaffected. Coordinated attacks could raise this to a denial of resolution service. Unbound 1.25.1 contains a patch with a fix to attach an initial, non-updatable start time for incoming queries that allow the jostle logic to work as intended."}],"metrics":{"cvssMetricV40":[{"source":"sep@nlnetlabs.nl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"AMBER"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"sep@nlnetlabs.nl","type":"Secondary","description":[{"lang":"en","value":"CWE-440"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*","versionEndExcluding":"1.25.1","matchCriteriaId":"45EC9AEF-23EC-4ECC-A769-18DF07B2CAEC"}]}]}],"references":[{"url":"https://www.nlnetlabs.nl/downloads/unbound/CVE-2026-42534.txt","source":"sep@nlnetlabs.nl","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-42923","sourceIdentifier":"sep@nlnetlabs.nl","published":"2026-05-20T10:16:27.630","lastModified":"2026-05-20T22:50:35.780","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the DNSSEC validator where the code path to consult the negative cache for DS records does not take into account the limit on NSEC3 hash calculations introduced in 1.19.1. This leads to degradation of service during the attack. An adversary that controls a DNSSEC signed zone can exploit this by signing NSEC3 records with acceptably high iterations for child delegations and querying a vulnerable Unbound. Unbound will keep performing the allowed hash calculations on the NSEC3 records and will not limit the work by the mitigation introduced in 1.19.1. As a side effect, a global lock for the negative cache will be held for the duration of the hashing, blocking other threads that need to consult the negative cache. Coordinated attacks could raise the vulnerability to denial of service. Unbound 1.25.1 contains a patch with a fix to bound the vulnerable code path with the existing limit for NSEC3 hash calculations."}],"metrics":{"cvssMetricV40":[{"source":"sep@nlnetlabs.nl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"AMBER"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"sep@nlnetlabs.nl","type":"Secondary","description":[{"lang":"en","value":"CWE-407"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*","versionStartIncluding":"1.19.1","versionEndExcluding":"1.25.1","matchCriteriaId":"5C330C7D-8CBA-407E-9C85-8BB7D5A97797"}]}]}],"references":[{"url":"https://www.nlnetlabs.nl/downloads/unbound/CVE-2026-42923.txt","source":"sep@nlnetlabs.nl","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-42944","sourceIdentifier":"sep@nlnetlabs.nl","published":"2026-05-20T10:16:27.760","lastModified":"2026-05-20T22:50:49.877","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vulnerability that results in heap overflow when encoding multiple NSID and/or DNS Cookie EDNS and/or EDNS Padding options in the reply packet. The relevant options ('nsid', 'answer-cookie', 'pad-responses' (default)) need to be enabled for the vulnerability to be exploited. An adversary who can query Unbound can exploit the vulnerability by attaching multiple NSID and/or DNS Cookie EDNS and/or EDNS Padding options to the query. A flaw in the size calculation of the EDNS field truncates the correct value which allows the encoder to overflow the available space when writing. Those two combined lead to a heap overflow write of Unbound controlled data and eventually a crash. Unbound 1.25.1 contains a patch with a fix to de-duplicate the EDNS options and a fix to prevent truncation of the EDNS field size calculation."}],"metrics":{"cvssMetricV40":[{"source":"sep@nlnetlabs.nl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Red","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"RED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"sep@nlnetlabs.nl","type":"Secondary","description":[{"lang":"en","value":"CWE-197"},{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*","versionStartIncluding":"1.14.0","versionEndExcluding":"1.25.1","matchCriteriaId":"94679303-2382-42F1-8BFF-FD02D0444EE6"}]}]}],"references":[{"url":"https://www.nlnetlabs.nl/downloads/unbound/CVE-2026-42944.txt","source":"sep@nlnetlabs.nl","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-42959","sourceIdentifier":"sep@nlnetlabs.nl","published":"2026-05-20T10:16:27.903","lastModified":"2026-05-20T22:51:00.717","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a crash given malicious upstream replies. When Unbound constructs chase-reply messages for validation, the code uses the wrong counter to calculate write offsets for ADDITIONAL section rrsets. DNAME duplication could increase the ANSWER section count and authority filtering could decrease the AUTHORITY section count and create an uninitialized array slot. Combining these two, the validator later dereferences this uninitialized pointer, causing an immediate process crash. An adversary controlling a DNSSEC-signed domain can trigger this bug with a single query by configuring a DNAME chain with unsigned CNAMEs and a response containing unsigned AUTHORITY records alongside signed ADDITIONAL glue records. Unbound 1.25.1 contains a patch with a fix to use the proper counters to calculate the write offsets."}],"metrics":{"cvssMetricV40":[{"source":"sep@nlnetlabs.nl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Red","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"RED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"sep@nlnetlabs.nl","type":"Secondary","description":[{"lang":"en","value":"CWE-824"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*","versionEndExcluding":"1.25.1","matchCriteriaId":"45EC9AEF-23EC-4ECC-A769-18DF07B2CAEC"}]}]}],"references":[{"url":"https://www.nlnetlabs.nl/downloads/unbound/CVE-2026-42959.txt","source":"sep@nlnetlabs.nl","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-42960","sourceIdentifier":"sep@nlnetlabs.nl","published":"2026-05-20T10:16:28.037","lastModified":"2026-05-20T22:51:43.680","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous records for the authority section. Promiscuous RRSets that complement DNS replies in the authority section can be used to trick Unbound to cache such records. If an adversary is able to attach such records in a reply (i.e., spoofed packet, fragmentation attack) he would be able to poison Unbound's cache. A malicious actor can exploit the possible poisonous effect by injecting RRSets other than NS that are also accompanied by address records in a reply, for example MX. This could be achieved by trying to spoof a reply packet or fragmentation attacks. Unbound would then accept the relative address records in the additional section and cache them if the authority RRSet has enough trust at this point, i.e., in-zone data for the delegation point. Unbound 1.25.1 contains a patch with a fix that disregards address records from the additional section if they are not explicitly relevant only to authority NS records, mitigating the possible poison effect. This is a complement fix to CVE-2025-11411."}],"metrics":{"cvssMetricV40":[{"source":"sep@nlnetlabs.nl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"AMBER"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.8}]},"weaknesses":[{"source":"sep@nlnetlabs.nl","type":"Secondary","description":[{"lang":"en","value":"CWE-349"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*","versionEndExcluding":"1.25.1","matchCriteriaId":"45EC9AEF-23EC-4ECC-A769-18DF07B2CAEC"}]}]}],"references":[{"url":"https://www.nlnetlabs.nl/downloads/unbound/CVE-2026-42960.txt","source":"sep@nlnetlabs.nl","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44390","sourceIdentifier":"sep@nlnetlabs.nl","published":"2026-05-20T10:16:28.183","lastModified":"2026-05-20T22:52:27.343","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability when handling replies with very large RRsets that Unbound needs to perform name compression for. Malicious upstream responses with very large RRsets with records that don't share a suffix above the root can cause Unbound to spend a considerable time applying name compression to downstream replies. This can lead to degraded performance and eventually denial of service in well orchestrated attacks. An adversary can exploit the vulnerability by querying Unbound for the specially crafted contents of a malicious zone with very large RRsets. Before Unbound replies to the query it will try to apply name compression which was an unbounded operation that could lock the CPU until the whole packet was complete. A compression limit was introduced in 1.21.1 for this but it didn't account for the case where records would not share any suffix above the root. That causes Unbound to go in a different code path because of the compression tree lookup failure and eventually not increment the compression counter for those operations. Unbound 1.25.1 contains a patch with a fix that increments the compression counter regardless of the compression tree lookup. This is a complement fix to CVE-2024-8508."}],"metrics":{"cvssMetricV40":[{"source":"sep@nlnetlabs.nl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"AMBER"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"sep@nlnetlabs.nl","type":"Secondary","description":[{"lang":"en","value":"CWE-407"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*","versionEndExcluding":"1.25.1","matchCriteriaId":"45EC9AEF-23EC-4ECC-A769-18DF07B2CAEC"}]}]}],"references":[{"url":"https://www.nlnetlabs.nl/downloads/unbound/CVE-2026-44390.txt","source":"sep@nlnetlabs.nl","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44608","sourceIdentifier":"sep@nlnetlabs.nl","published":"2026-05-20T10:16:28.313","lastModified":"2026-05-20T22:52:48.303","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a locking inconsistency vulnerability that when certain conditions are met (multi-threaded, RPZ XFR reload, RPZ zone with 'rpz-nsip'/'rpz-nsdname' triggers) it could result in heap use-after-free and eventual crash. An adversary can exploit the vulnerability if conditions are first met on a vulnerable Unbound, i.e., multi-threaded, an RPZ zone with 'rpz-nsip'/'rpz-nsdname' triggers and an ongoing XFR for that RPZ zone. Local RPZ files do not trigger the vulnerability. If the timing is right and an XFR happens at the same time another thread needs to read that RPZ zone, the reader may not hold the lock long enough and the thread applying the XFR may free objects that the reader is about to walk causing the use-after-free. Unbound 1.25.1 contains a patch with a fix to the locking code."}],"metrics":{"cvssMetricV40":[{"source":"sep@nlnetlabs.nl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"AMBER"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":3.6}]},"weaknesses":[{"source":"sep@nlnetlabs.nl","type":"Secondary","description":[{"lang":"en","value":"CWE-413"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*","versionStartIncluding":"1.14.0","versionEndExcluding":"1.25.1","matchCriteriaId":"94679303-2382-42F1-8BFF-FD02D0444EE6"}]}]}],"references":[{"url":"https://www.nlnetlabs.nl/downloads/unbound/CVE-2026-44608.txt","source":"sep@nlnetlabs.nl","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44933","sourceIdentifier":"meissner@suse.de","published":"2026-05-20T10:16:28.453","lastModified":"2026-05-20T14:01:24.027","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"`PluginScript` attempts to `chroot` the plugin to the `repoManagerRoot`, this root is frequently `/` (the system root) in standard configurations or when using `--root`. If the chroot target is `/`, it is a no-op, allowing the traversed path to execute host binaries (like `/bin/bash`) with root privileges."}],"metrics":{"cvssMetricV40":[{"source":"meissner@suse.de","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"meissner@suse.de","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"meissner@suse.de","type":"Primary","description":[{"lang":"en","value":"CWE-35"}]}],"references":[{"url":"https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-44933","source":"meissner@suse.de"}]}},{"cve":{"id":"CVE-2026-6728","sourceIdentifier":"security@wordfence.com","published":"2026-05-20T10:16:28.770","lastModified":"2026-05-20T13:54:54.890","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.0.9 via the 'get_stream_data()' function. This makes it possible for unauthenticated attackers to extract sensitive data including published password-protected post, page, and product content."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://www.sliderrevolution.com/changelog/","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3cd7be2c-9ba9-4d25-8907-610898df5834?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-9064","sourceIdentifier":"secalert@redhat.com","published":"2026-05-20T10:16:28.940","lastModified":"2026-05-20T14:02:12.280","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in 389-ds-base. The get_ldapmessage_controls_ext() function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of minimal controls within the default maximum BER message size (2 MB), causing excessive CPU consumption and heap allocation on the server. Under concurrent exploitation, this leads to significant latency degradation, worker thread starvation, or out-of-memory termination, resulting in a denial of service."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Primary","description":[{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-9064","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2480093","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-0856","sourceIdentifier":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158","published":"2026-05-20T11:16:25.780","lastModified":"2026-05-20T14:03:10.193","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Access Control vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables a normal user gaining access to the admin panel. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020."}],"metrics":{"cvssMetricV31":[{"source":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://seccore.at/blog/cves-meona/","source":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158"}]}},{"cve":{"id":"CVE-2026-0857","sourceIdentifier":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158","published":"2026-05-20T11:16:25.923","lastModified":"2026-05-20T14:03:10.193","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cleartext Storage of Sensitive Information in Memory vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component.\n\nThis issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020."}],"metrics":{"cvssMetricV31":[{"source":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.5,"impactScore":4.0}]},"weaknesses":[{"source":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158","type":"Secondary","description":[{"lang":"en","value":"CWE-316"}]}],"references":[{"url":"https://seccore.at/blog/cves-meona/","source":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158"}]}},{"cve":{"id":"CVE-2026-22314","sourceIdentifier":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158","published":"2026-05-20T11:16:26.057","lastModified":"2026-05-20T14:03:10.193","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Control of Generation of Code ('Code Injection') vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables code execution on other users' systems. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020."}],"metrics":{"cvssMetricV31":[{"source":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H","baseScore":9.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0}]},"weaknesses":[{"source":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://seccore.at/blog/cves-meona/","source":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158"}]}},{"cve":{"id":"CVE-2026-22315","sourceIdentifier":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158","published":"2026-05-20T11:16:26.187","lastModified":"2026-05-20T14:03:10.193","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect Privilege Assignment vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables the export  of user data, including cleartext passwords, via the SQL editor. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020."}],"metrics":{"cvssMetricV31":[{"source":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}]},"weaknesses":[{"source":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158","type":"Secondary","description":[{"lang":"en","value":"CWE-266"}]}],"references":[{"url":"https://seccore.at/blog/cves-meona/","source":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158"}]}},{"cve":{"id":"CVE-2026-25602","sourceIdentifier":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158","published":"2026-05-20T11:16:26.313","lastModified":"2026-05-20T14:03:10.193","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Insufficient Verification of Data Authenticity vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component makes it possible to send messages to any email address. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020."}],"metrics":{"cvssMetricV31":[{"source":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":2.5}]},"weaknesses":[{"source":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158","type":"Secondary","description":[{"lang":"en","value":"CWE-345"}]}],"references":[{"url":"https://seccore.at/blog/cves-meona/","source":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158"}]}},{"cve":{"id":"CVE-2025-31973","sourceIdentifier":"psirt@hcl.com","published":"2026-05-20T12:16:20.527","lastModified":"2026-05-20T19:11:42.040","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"HCL BigFix Service Management (SM) is susceptible to  a Configuration – 'Insecure Use of Base Image Version'. Using outdated or insecure base images may introduce known vulnerabilities, potentially increasing the risk of exploitation in the application environment."}],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L","baseScore":4.0,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":0.6,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hcltech:bigfix_service_management:23.0:*:*:*:*:*:*:*","matchCriteriaId":"4D915AC1-7C2B-497D-9A77-9726954B2282"}]}]}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0128144","source":"psirt@hcl.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-31985","sourceIdentifier":"psirt@hcl.com","published":"2026-05-20T12:16:20.660","lastModified":"2026-05-20T19:09:24.893","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header.  This could allow browsers to perform MIME-type sniffing, potentially causing malicious content to be interpreted and executed incorrectly."}],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.2,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}]},"weaknesses":[{"source":"psirt@hcl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hcltech:bigfix_service_management:23.0:*:*:*:*:*:*:*","matchCriteriaId":"4D915AC1-7C2B-497D-9A77-9726954B2282"}]}]}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0128144","source":"psirt@hcl.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-11954","sourceIdentifier":"iletisim@usom.gov.tr","published":"2026-05-20T13:16:14.153","lastModified":"2026-05-20T14:04:18.950","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-Site request forgery (CSRF) vulnerability in Sitemio Information Technologies Trade Ltd. Co. WISECP allows Cross Site Request Forgery.\n\nThis issue affects WISECP: through 20022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":5.9}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0262","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2026-24573","sourceIdentifier":"audit@patchstack.com","published":"2026-05-20T13:16:16.253","lastModified":"2026-05-20T13:54:54.890","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Visualizer allows Stored XSS.\n\nThis issue affects Visualizer: from n/a before 4.0.0."}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.3,"impactScore":3.7}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/visualizer/vulnerability/wordpress-visualizer-plugin-4-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-27405","sourceIdentifier":"audit@patchstack.com","published":"2026-05-20T13:16:16.750","lastModified":"2026-05-20T13:54:54.890","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in Magepeople inc. WpBookingly allows Exploiting Incorrectly Configured Access Control Security Levels.\n\nThis issue affects WpBookingly: from n/a through 1.2.9."}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.2}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/service-booking-manager/vulnerability/wordpress-wpbookingly-plugin-1-2-9-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-27424","sourceIdentifier":"audit@patchstack.com","published":"2026-05-20T13:16:16.897","lastModified":"2026-05-20T13:54:54.890","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in WP Chill Image Photo Gallery Final Tiles Grid allows Exploiting Incorrectly Configured Access Control Security Levels.\n\nThis issue affects Image Photo Gallery Final Tiles Grid: from n/a through 3.6.11."}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/final-tiles-grid-gallery-lite/vulnerability/wordpress-image-photo-gallery-final-tiles-grid-plugin-3-6-11-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-41091","sourceIdentifier":"secure@microsoft.com","published":"2026-05-20T13:16:29.173","lastModified":"2026-05-20T19:06:36.850","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally."}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"cisaExploitAdd":"2026-05-20","cisaActionDue":"2026-06-03","cisaRequiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","cisaVulnerabilityName":"Microsoft Defender Link Following Vulnerability","weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-59"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:malware_protection_engine:*:*:*:*:*:*:*:*","versionStartIncluding":"1.1.26030.3008","versionEndExcluding":"1.1.26040.8","matchCriteriaId":"AD1882FA-1447-46F7-A592-142F55820A60"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41091","source":"secure@microsoft.com","tags":["Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-41091","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-42383","sourceIdentifier":"audit@patchstack.com","published":"2026-05-20T13:16:32.333","lastModified":"2026-05-20T13:54:54.890","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Blind SQL Injection.\n\nThis issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.29.0."}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.3,"impactScore":4.7}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/yith-woocommerce-product-add-ons/vulnerability/wordpress-yith-woocommerce-product-add-ons-plugin-4-29-0-sql-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-42834","sourceIdentifier":"secure@microsoft.com","published":"2026-05-20T13:16:34.500","lastModified":"2026-05-20T18:29:08.070","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper link resolution before file access ('link following') in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally."}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Primary","description":[{"lang":"en","value":"CWE-59"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:windows_admin_center:*:*:*:*:*:azure:*:*","versionEndExcluding":"0.72.0.0","matchCriteriaId":"A03F6B4A-F5F3-4FA8-A133-D47441305B5F"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42834","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-45443","sourceIdentifier":"audit@patchstack.com","published":"2026-05-20T13:16:36.267","lastModified":"2026-05-20T13:54:54.890","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in ADD-ONS.ORG PDF for Elementor Forms + Drag And Drop Template Builder allows Exploiting Incorrectly Configured Access Control Security Levels.\n\nThis issue affects PDF for Elementor Forms + Drag And Drop Template Builder: from n/a through 5.5.1."}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":1.4}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/pdf-for-elementor-forms/vulnerability/wordpress-pdf-for-elementor-forms-drag-and-drop-template-builder-plugin-5-5-1-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-45498","sourceIdentifier":"secure@microsoft.com","published":"2026-05-20T13:16:36.780","lastModified":"2026-05-20T19:05:46.837","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft Defender Denial of Service Vulnerability"}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":4.0,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.5,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"cisaExploitAdd":"2026-05-20","cisaActionDue":"2026-06-03","cisaRequiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","cisaVulnerabilityName":"Microsoft Defender Denial of Service Vulnerability","weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:defender_antimalware_platform:*:*:*:*:*:*:*:*","versionStartIncluding":"4.18.26030.3011","versionEndExcluding":"4.18.26040.7","matchCriteriaId":"EE400D53-CA9B-433A-BB02-048BFDE09034"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45498","source":"secure@microsoft.com","tags":["Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-45498","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2026-45584","sourceIdentifier":"secure@microsoft.com","published":"2026-05-20T13:16:37.333","lastModified":"2026-05-20T18:56:32.350","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network."}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Primary","description":[{"lang":"en","value":"CWE-122"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:malware_protection_engine:*:*:*:*:*:*:*:*","versionStartIncluding":"1.1.26030.3008","versionEndExcluding":"1.1.26040.8","matchCriteriaId":"AD1882FA-1447-46F7-A592-142F55820A60"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45584","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-21836","sourceIdentifier":"psirt@hcl.com","published":"2026-05-20T14:16:36.373","lastModified":"2026-05-20T14:23:44.700","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"The HCL DominoIQ RAG feature is affected by a Broken Access Control vulnerability.  Under certain circumstances, document level access restrictions will be ignored when determining what data to return from an AI query.  This could enable an authenticated attacker to view sensitive data."}],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"psirt@hcl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130932","source":"psirt@hcl.com"}]}},{"cve":{"id":"CVE-2026-24425","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-20T14:16:38.917","lastModified":"2026-05-20T14:25:57.283","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PHP callables to sort, filter, map, and reduce filters. Attackers can exploit the runtime check that fails to use the current template source to bypass sandbox restrictions and execute arbitrary code when the sandbox is enabled through a source policy rather than globally."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-693"}]}],"references":[{"url":"https://github.com/twigphp/Twig/releases/tag/v3.26.0","source":"disclosure@vulncheck.com"},{"url":"https://github.com/twigphp/Twig/security/advisories/GHSA-2q52-x2ff-qgfr","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/twig-x-x-sandbox-bypass-via-sourcepolicyinterface","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-8485","sourceIdentifier":"security@progress.com","published":"2026-05-20T14:17:04.603","lastModified":"2026-05-20T17:50:03.217","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation allows Excessive Allocation.\n\nThis issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7."}],"metrics":{"cvssMetricV31":[{"source":"security@progress.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@progress.com","type":"Primary","description":[{"lang":"en","value":"CWE-789"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:progress:moveit_automation:*:*:*:*:*:*:*:*","versionEndExcluding":"2025.0.11","matchCriteriaId":"0D8444E8-7755-4579-8351-3059BC055832"},{"vulnerable":true,"criteria":"cpe:2.3:a:progress:moveit_automation:*:*:*:*:*:*:*:*","versionStartIncluding":"2025.1.0","versionEndExcluding":"2025.1.7","matchCriteriaId":"F191F99D-6054-4A53-A20E-8181AFD0D483"}]}]}],"references":[{"url":"https://docs.progress.com/bundle/moveit-automation-release-notes-2026/page/Fixed-Issues-2026.html","source":"security@progress.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2023-7346","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-20T16:16:23.770","lastModified":"2026-05-20T17:33:05.830","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Ledger Bitcoin app versions 2.1.0 and 2.1.1 contain an address derivation vulnerability that allows attackers to cause incorrect Bitcoin addresses to be displayed by exploiting improper handling of miniscript policies containing the a: fragment. Attackers can craft malicious miniscript policies that cause the device to derive and display incorrect receiving addresses, potentially leading to funds being sent to unintended addresses."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:P/AC:H/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.1,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":4.0,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":0.4,"impactScore":3.6}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-682"}]}],"references":[{"url":"https://donjon.ledger.com/lsb/019/","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/ledger-bitcoin-app-address-derivation-error-via-miniscript","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2025-32750","sourceIdentifier":"security_alert@emc.com","published":"2026-05-20T16:16:24.803","lastModified":"2026-05-20T17:30:40.450","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure."}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Primary","description":[{"lang":"en","value":"CWE-548"}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000391392/dsa-2025-434-security-update-for-dell-powerflex-appliance-multiple-third-party-component-vulnerabilities","source":"security_alert@emc.com"},{"url":"https://www.dell.com/support/kbdoc/en-us/000391568/dsa-2025-435-security-update-for-dell-powerflex-rack-multiple-third-party-component-vulnerabilities","source":"security_alert@emc.com"}]}},{"cve":{"id":"CVE-2026-39047","sourceIdentifier":"cve@mitre.org","published":"2026-05-20T16:16:25.630","lastModified":"2026-05-20T17:31:45.303","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Buffer Overflow vulnerability in EPSON L14150 FL27PB allows a remote attacker to execute arbitrary code via the RAW Printing Service (JetDirect) on TCP port 9100"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"references":[{"url":"https://gist.github.com/AzhariRamadhan/1defc815542fb72e6025da2ce53a1046","source":"cve@mitre.org"},{"url":"https://github.com/AzhariRamadhan/CVE-PORT-9100","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-4293","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-05-20T16:16:26.003","lastModified":"2026-05-20T17:30:40.450","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"The affected Kieback & Peter DDC building controllers are vulnerable to cross-site scripting, enabling JavaScript to be executed by the victim's browser, which allows the attacker to control the browser."}],"metrics":{"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-139-05.json","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-139-05","source":"ics-cert@hq.dhs.gov"}]}},{"cve":{"id":"CVE-2026-5783","sourceIdentifier":"iletisim@usom.gov.tr","published":"2026-05-20T16:16:26.790","lastModified":"2026-05-20T17:30:47.177","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Beyaz Computer Software Design Industry and Trade Ltd. Co. CityPLus allows Reflected XSS.\n\nThis issue affects CityPLus: before V24.29750.1.0."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":4.7}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0263","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2026-8598","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-05-20T16:16:27.707","lastModified":"2026-05-20T17:30:40.450","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An undocumented configuration export port is accessible on some models \nof ZKTeco CCTV cameras. This port does not require authentication and \nexposes critical information about the camera such as open services and \ncamera account credentials."}],"metrics":{"cvssMetricV40":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Primary","description":[{"lang":"en","value":"CWE-288"}]}],"references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-139-04.json","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-139-04","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.zkteco.com/en/announcement/23","source":"ics-cert@hq.dhs.gov"}]}},{"cve":{"id":"CVE-2026-9084","sourceIdentifier":"5a6e4751-2f3f-4070-9419-94fb35b644e8","published":"2026-05-20T16:16:28.107","lastModified":"2026-05-20T17:31:45.303","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"MISP’s OIDC authentication plugin allowed automatic linking of an OIDC identity to an existing local user account based on the email claim when the local account had no stored sub value. Under insecure or untrusted IdP configurations where email ownership is not enforced, an attacker with a valid OIDC token could assert a victim’s email address and authenticate as that user, leading to account takeover."}],"metrics":{"cvssMetricV40":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"ADJACENT","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/71f5662c1b5886613d2cd5c72fd93bb4ca6fa172","source":"5a6e4751-2f3f-4070-9419-94fb35b644e8"}]}},{"cve":{"id":"CVE-2026-20171","sourceIdentifier":"psirt@cisco.com","published":"2026-05-20T17:16:19.813","lastModified":"2026-05-20T17:30:40.450","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the Border Gateway Protocol (BGP)&nbsp;enforce-first-as feature of&nbsp;Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to trigger BGP peer flaps, resulting in a denial of service (DoS) condition.\r\n\r\nThis vulnerability is due to incorrect parsing of a transitive BGP attribute. An attacker could exploit this vulnerability by sending a crafted BGP update through an established BGP peer session. If the update propagates to an affected device, it could cause the device to drop the BGP session and flap with the BGP peer that is forwarding this update, resulting in a DoS condition."}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":4.0}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Primary","description":[{"lang":"en","value":"CWE-670"}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bgp-iefab-3hb2pwtx","source":"psirt@cisco.com"}]}},{"cve":{"id":"CVE-2026-20199","sourceIdentifier":"psirt@cisco.com","published":"2026-05-20T17:16:20.100","lastModified":"2026-05-20T17:30:40.450","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the SSL certificate handling of Cisco ThousandEyes Virtual Appliance could allow an authenticated, remote attacker to execute commands on the underlying operating system as the root user.\r\n\r This vulnerability is due to insufficient validation of user-supplied input. An authenticated attacker could exploit this vulnerability by uploading a crafted certificate to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit this vulnerability, the attacker must have valid administrative credentials."}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.2,"impactScore":3.4}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Primary","description":[{"lang":"en","value":"CWE-74"}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tevacert-rce-RMJVEym5","source":"psirt@cisco.com"}]}},{"cve":{"id":"CVE-2026-20206","sourceIdentifier":"psirt@cisco.com","published":"2026-05-20T17:16:20.243","lastModified":"2026-05-20T17:30:40.450","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the BrowserBot component of Cisco ThousandEyes Enterprise Agent could have allowed an authenticated, remote attacker to execute arbitrary commands on Agents on behalf of the BrowserBot synthetics orchestration process. Cisco has addressed this vulnerability in the Cisco ThousandEyes Enterprise Agent, and no customer action is needed.\r\n\r\nThis vulnerability was due to insufficient input validation of command arguments that are supplied by the user. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by authenticating to the ThousandEyes SaaS and submitting crafted input into the affected parameter. A successful exploit could have allowed the attacker to execute arbitrary commands within the BrowserBot container as the node user.\r\nTo exploit this vulnerability, the attacker must have valid user credentials for the ThousandEyes SaaS and the ability to manage transaction tests."}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tebbot-cmdinj-wN3yQ5gn","source":"psirt@cisco.com"}]}},{"cve":{"id":"CVE-2026-20223","sourceIdentifier":"psirt@cisco.com","published":"2026-05-20T17:16:20.400","lastModified":"2026-05-20T17:30:40.450","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the&nbsp;access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the&nbsp;Site Admin role.\r\n\r\nThis vulnerability is due to insufficient validation and authentication when accessing REST API endpoints. An attacker could exploit this vulnerability if they are able to send a crafted API request to an affected endpoint. A successful exploit could allow the attacker to read sensitive information and make configuration changes across tenant boundaries with the privileges of the&nbsp;Site Admin user.&nbsp;"}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Primary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csw-pnbsa-g8WEnuy","source":"psirt@cisco.com"}]}},{"cve":{"id":"CVE-2026-44926","sourceIdentifier":"cve@mitre.org","published":"2026-05-20T17:16:24.357","lastModified":"2026-05-20T20:16:40.517","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"InfoScale CmdServer before 7.4.2 mishandles access control."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://supportinfoscale.cloud.com/support-home/kbsearch/article?articleNumber=1000766081&articleTitle=InfoScale_Command_Server_Security_Bulletin_for_CVE_2026_44926","source":"cve@mitre.org"},{"url":"https://www.veritas.com/support/en_US/doc/109864724-141543588-0/v141217547-141543588","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-7613","sourceIdentifier":"security@wordfence.com","published":"2026-05-20T17:16:29.163","lastModified":"2026-05-20T17:33:05.830","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csvdata[0][cost_of_goods_value]' parameter in versions up to, and including, 1.2.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.7}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://www.pixelyoursite.com/plugins/woocommerce-cost-of-goods","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6e8646f0-8bd1-4cfd-85bb-86a054ab297f?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-8342","sourceIdentifier":"security@wordfence.com","published":"2026-05-20T17:16:29.310","lastModified":"2026-05-20T17:16:29.310","vulnStatus":"Rejected","cveTags":[],"descriptions":[{"lang":"en","value":"Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage."}],"metrics":{},"references":[]}},{"cve":{"id":"CVE-2026-9087","sourceIdentifier":"secalert@redhat.com","published":"2026-05-20T17:16:32.207","lastModified":"2026-05-20T17:32:35.827","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Keycloak. The cross-session verification proof is keyed only by (local userId,\nidpAlias) and is not bound to the upstream identity that was actually verified, so a second upstream account on the same IdP can consume it and get linked to the victim's local account."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":5.2}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Primary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-9087","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2480172","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-9100","sourceIdentifier":"cna@mongodb.com","published":"2026-05-20T17:16:32.360","lastModified":"2026-05-20T17:32:35.827","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"The MongoDB C Driver's legacy GridFS API accepts malformed file metadata from the database without adequate validation. Crafted documents in a GridFS collection may cause any application that reads those files via the legacy API to either crash (via a division-by-zero) or silently leak process memory contents (via an out-of-bounds read)."}],"metrics":{"cvssMetricV40":[{"source":"cna@mongodb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@mongodb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":4.2}]},"weaknesses":[{"source":"cna@mongodb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1285"}]}],"references":[{"url":"https://jira.mongodb.org/browse/CDRIVER-6281","source":"cna@mongodb.com"}]}},{"cve":{"id":"CVE-2026-9101","sourceIdentifier":"cna@mongodb.com","published":"2026-05-20T17:16:32.517","lastModified":"2026-05-20T17:32:35.827","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Prototype pollution in csv parsing logic during import can lead to untrusted file paths (but not arguments) entering shell.openExternal after specific user behavior leading to \"1-click\" command execution."}],"metrics":{"cvssMetricV40":[{"source":"cna@mongodb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@mongodb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"cna@mongodb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1321"}]}],"references":[{"url":"https://jira.mongodb.org/browse/COMPASS-10657","source":"cna@mongodb.com"}]}},{"cve":{"id":"CVE-2026-8399","sourceIdentifier":"cve@gitlab.com","published":"2026-05-20T23:16:35.937","lastModified":"2026-05-20T23:16:35.937","vulnStatus":"Rejected","cveTags":[],"descriptions":[{"lang":"en","value":"Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."}],"metrics":{},"references":[]}}]}