{"resultsPerPage":332,"startIndex":0,"totalResults":332,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-22T19:33:27.262","vulnerabilities":[{"cve":{"id":"CVE-2024-27289","sourceIdentifier":"security-advisories@github.com","published":"2024-03-06T19:15:08.140","lastModified":"2026-05-21T19:57:50.713","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2, SQL injection can occur when all of the following conditions are met: the non-default simple protocol is used; a placeholder for a numeric value must be immediately preceded by a minus; there must be a second placeholder for a string value after the first placeholder; both must be on the same line; and both parameter values must be user-controlled. The problem is resolved in v4.18.2. As a workaround, do not use the simple protocol or do not place a minus directly before a placeholder.\n"},{"lang":"es","value":"pgx es un controlador PostgreSQL y un conjunto de herramientas para Go. Antes de la versión 4.18.2, la inyección SQL puede ocurrir cuando se cumplen todas las condiciones siguientes: se utiliza el protocolo simple no predeterminado; un marcador de posición para un valor numérico debe ir precedido inmediatamente de un signo menos; debe haber un segundo marcador de posición para un valor de cadena después del primer marcador de posición; ambos deben estar en la misma línea; y ambos valores de parámetros deben ser controlados por el usuario. El problema se resuelve en v4.18.2. Como solución alternativa, no utilice el protocolo simple ni coloque un signo menos directamente antes de un marcador de posición."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jackc:pgx:*:*:*:*:*:go:*:*","versionEndExcluding":"4.18.2","matchCriteriaId":"46A3AE50-BDE3-41DC-9E17-9151318A3E94"}]}]}],"references":[{"url":"https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/jackc/pgx/security/advisories/GHSA-m7wr-2xf7-cm9p","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/jackc/pgx/security/advisories/GHSA-m7wr-2xf7-cm9p","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.sonarsource.com/blog/double-dash-double-trouble-a-subtle-sql-injection-flaw/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2024-27304","sourceIdentifier":"security-advisories@github.com","published":"2024-03-06T19:15:08.767","lastModified":"2026-05-21T19:58:35.277","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. The problem is resolved in v4.18.2 and v5.5.4. As a workaround, reject user input large enough to cause a single query or bind message to exceed 4 GB in size."},{"lang":"es","value":"pgx es un controlador PostgreSQL y un conjunto de herramientas para Go. La inyección de SQL puede ocurrir si un atacante puede hacer que una sola consulta o mensaje de enlace supere los 4 GB de tamaño. Un desbordamiento de enteros en el tamaño del mensaje calculado puede provocar que un mensaje grande se envíe como varios mensajes bajo el control del atacante. El problema se resuelve en v4.18.2 y v5.5.4. Como solución alternativa, rechace la entrada del usuario lo suficientemente grande como para provocar que una sola consulta o mensaje vinculado supere los 4 GB de tamaño."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"},{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jackc:pgproto3:*:*:*:*:*:go:*:*","versionEndExcluding":"2.3.3","matchCriteriaId":"8F2C8085-0A4C-4DBB-9532-404B943C690F"},{"vulnerable":true,"criteria":"cpe:2.3:a:jackc:pgx:*:*:*:*:*:go:*:*","versionEndExcluding":"4.18.2","matchCriteriaId":"46A3AE50-BDE3-41DC-9E17-9151318A3E94"},{"vulnerable":true,"criteria":"cpe:2.3:a:jackc:pgx:*:*:*:*:*:go:*:*","versionStartIncluding":"5.0.0","versionEndExcluding":"5.5.4","matchCriteriaId":"F4EAB649-59DA-40EF-A9AB-1079F6C14419"}]}]}],"references":[{"url":"https://github.com/jackc/pgproto3/commit/945c2126f6db8f3bea7eeebe307c01fe92bca007","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/jackc/pgproto3/security/advisories/GHSA-7jwh-3vrq-q3m8","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://github.com/jackc/pgx/commit/adbb38f298c76e283ffc7c7a3f571036fea47fd4","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/jackc/pgx/commit/c543134753a0c5d22881c12404025724cb05ffd8","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/jackc/pgx/security/advisories/GHSA-mrww-27vc-gghv","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://www.youtube.com/watch?v=Tfg1B8u1yvE","source":"security-advisories@github.com","tags":["Press/Media Coverage"]},{"url":"https://github.com/jackc/pgproto3/commit/945c2126f6db8f3bea7eeebe307c01fe92bca007","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/jackc/pgproto3/security/advisories/GHSA-7jwh-3vrq-q3m8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://github.com/jackc/pgx/commit/adbb38f298c76e283ffc7c7a3f571036fea47fd4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/jackc/pgx/commit/c543134753a0c5d22881c12404025724cb05ffd8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/jackc/pgx/security/advisories/GHSA-mrww-27vc-gghv","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2024-21262","sourceIdentifier":"secalert_us@oracle.com","published":"2024-10-15T20:15:17.157","lastModified":"2026-05-21T20:48:16.970","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC).  Supported versions that are affected are 9.0.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of MySQL Connectors accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)."},{"lang":"es","value":"Vulnerabilidad en el producto MySQL Connectors de Oracle MySQL (componente: Connector/ODBC). Las versiones compatibles afectadas son 9.0.0 y anteriores. Esta vulnerabilidad, que se puede explotar fácilmente, permite que un atacante no autenticado con acceso a la red a través de múltiples protocolos ponga en peligro MySQL Connectors. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado actualizaciones, inserciones o eliminaciones no autorizadas de algunos datos accesibles de MySQL Connectors y la capacidad no autorizada de provocar una denegación de servicio parcial (DOS parcial) de MySQL Connectors. Puntuación base de CVSS 3.1: 6,5 (impactos en la integridad y disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)."}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*","matchCriteriaId":"F1BE6C1F-2565-4E97-92AA-16563E5660A5"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*","versionEndIncluding":"9.0.0","matchCriteriaId":"8D2735AD-37D7-4275-A31B-F150B5E8AF0A"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cpuoct2024.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20241025-0005/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2024-12251","sourceIdentifier":"security@progress.com","published":"2025-02-12T15:15:12.370","lastModified":"2026-05-21T21:00:55.297","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In Progress Telerik UI for WinUI versions prior to 2025 Q1 (3.0.0), a command injection attack is possible through improper neutralization of hyperlink elements."},{"lang":"es","value":"En las versiones de Progress® Telerik® UI para WinUI anteriores a 2025 Q1 (3.0.0), es posible un ataque de inyección de comandos a través de la neutralización incorrecta de elementos de hipervínculo."}],"metrics":{"cvssMetricV31":[{"source":"security@progress.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"security@progress.com","type":"Secondary","description":[{"lang":"en","value":"CWE-77"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-77"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:progress:telerik_ui_for_winui:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"3.0.0","matchCriteriaId":"5678F54D-A5EA-460E-8442-7B16F85974D0"}]}]}],"references":[{"url":"https://docs.telerik.com/devtools/winui/security/kb-security-command-injection-cve-2024-12251","source":"security@progress.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-25639","sourceIdentifier":"security-advisories@github.com","published":"2026-02-09T21:15:49.010","lastModified":"2026-05-21T20:13:01.910","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service. This vulnerability is fixed in versions 0.30.3 and 1.13.5."},{"lang":"es","value":"Axios es un cliente HTTP basado en promesas para el navegador y Node.js. Antes de la versión 1.13.5, la función mergeConfig en axios falla con un TypeError al procesar objetos de configuración que contienen __proto__ como propiedad propia. Un atacante puede desencadenar esto proporcionando un objeto de configuración malicioso creado a través de JSON.parse(), causando una denegación de servicio completa. Esta vulnerabilidad se corrigió en la versión 1.13.5."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-754"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:axios:axios:*:*:*:*:*:node.js:*:*","versionEndExcluding":"0.30.3","matchCriteriaId":"019BC980-929D-424C-8242-D0A874945DCE"},{"vulnerable":true,"criteria":"cpe:2.3:a:axios:axios:*:*:*:*:*:node.js:*:*","versionStartIncluding":"1.0.0","versionEndExcluding":"1.13.5","matchCriteriaId":"FDF4603C-A077-48CC-A144-EEBE1FE4611D"}]}]}],"references":[{"url":"https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/axios/axios/commit/d7ff1409c68168d3057fc3891f911b2b92616f9e","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/axios/axios/pull/7369","source":"security-advisories@github.com","tags":["Issue Tracking"]},{"url":"https://github.com/axios/axios/pull/7388","source":"security-advisories@github.com","tags":["Issue Tracking"]},{"url":"https://github.com/axios/axios/releases/tag/v0.30.3","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/axios/axios/releases/tag/v1.13.5","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-70040","sourceIdentifier":"cve@mitre.org","published":"2026-03-09T16:16:15.360","lastModified":"2026-05-21T17:16:20.520","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered in LupinLin1 jimeng-web-mcp v2.1.2. This allows an attacker to obtain sensitive information."},{"lang":"es","value":"Un problema relacionado con CWE-532: Inserción de información sensible en un archivo de registro fue descubierto en LupinLin1 jimeng-web-mcp v2.1.2. Esto permite a un atacante obtener información sensible."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-532"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:lupinlin1:jimeng_web_mcp_server:2.1.2:*:*:*:*:*:*:*","matchCriteriaId":"968F70BE-5330-425D-A928-A74CF15441F5"}]}]}],"references":[{"url":"https://gist.github.com/zcxlighthouse/73b4ea07d1056ca9f100d11bfb4c8aa5","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://github.com/LupinLin1","source":"cve@mitre.org","tags":["Product"]},{"url":"https://github.com/LupinLin1/jimeng-web-mcp","source":"cve@mitre.org","tags":["Product"]}]}},{"cve":{"id":"CVE-2026-26738","sourceIdentifier":"cve@mitre.org","published":"2026-03-10T18:18:43.800","lastModified":"2026-05-21T17:13:18.027","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Buffer Overflow vulnerability in Uderzo Software SpaceSniffer v.2.0.5.18 allows a remote attacker to execute arbitrary code via a crafted .sns snapshot file."},{"lang":"es","value":"Vulnerabilidad de desbordamiento de búfer en Uderzo Software SpaceSniffer v.2.0.5.18 permite a un atacante remoto ejecutar código arbitrario a través de un archivo de instantánea .sns manipulado."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:uderzo:spacesniffer:2.0.5.18:*:*:*:*:*:*:*","matchCriteriaId":"7BBA9A34-3433-46E7-B2F7-4695E63CDE8F"}]}]}],"references":[{"url":"https://www.gruppotim.it/it/footer/red-team.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.gruppotim.it/it/footer/red-team/2026/CVE-2026-26738-Uderzo-Software1.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.gruppotim.it/it/footer/red-team/2026/CVE-2026-26738-UderzoSoftware.html","source":"cve@mitre.org","tags":["Broken Link"]}]}},{"cve":{"id":"CVE-2026-23941","sourceIdentifier":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","published":"2026-03-13T19:54:15.237","lastModified":"2026-05-21T15:22:43.880","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Erlang OTP (inets httpd module) allows HTTP Request Smuggling.\n\nThis vulnerability is associated with program files lib/inets/src/http_server/httpd_request.erl and program routines httpd_request:parse_headers/7.\n\nThe server does not reject or normalize duplicate Content-Length headers. The earliest Content-Length in the request is used for body parsing while common reverse proxies (nginx, Apache httpd, Envoy) honor the last Content-Length value. This violates RFC 9112 Section 6.3 and allows front-end/back-end desynchronization, leaving attacker-controlled bytes queued as the start of the next request.\n\nThis issue affects OTP from OTP 17.0 until OTP 28.4.1, OTP 27.3.4.9 and OTP 26.2.5.18, corresponding to inets from 5.10 until 9.6.1, 9.3.2.3 and 9.1.0.5."},{"lang":"es","value":"La vulnerabilidad de Interpretación inconsistente de solicitudes HTTP ('Contrabando de solicitudes HTTP') en Erlang OTP (módulo inets httpd) permite el contrabando de solicitudes HTTP.\n\nEsta vulnerabilidad está asociada con los archivos de programa lib/inets/src/http_server/httpd_request.erl y las rutinas de programa httpd_request:parse_headers/7.\n\nEl servidor no rechaza ni normaliza los encabezados Content-Length duplicados. El Content-Length más temprano en la solicitud se utiliza para el análisis del cuerpo, mientras que los proxies inversos comunes (nginx, Apache httpd, Envoy) respetan el último valor de Content-Length. Esto viola la Sección 6.3 de RFC 9112 y permite la desincronización front-end/back-end, dejando bytes controlados por el atacante en cola como el inicio de la siguiente solicitud.\n\nEste problema afecta a OTP desde OTP 17.0 hasta OTP 28.4.1, OTP 27.3.4.9 y OTP 26.2.5.18, lo que corresponde a inets desde 5.10 hasta 9.6.1, 9.3.2.3 y 9.1.0.5."}],"metrics":{"cvssMetricV40":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L","baseScore":9.4,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":5.5}]},"weaknesses":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","description":[{"lang":"en","value":"CWE-444"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/inets:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10","versionEndExcluding":"9.1.0.5","matchCriteriaId":"51F23E56-D6A0-4406-BF11-862502FAFE38"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/inets:*:*:*:*:*:*:*:*","versionStartIncluding":"9.3","versionEndExcluding":"9.3.2.3","matchCriteriaId":"61E04989-9259-49AF-866D-98385A3A1EA0"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/inets:*:*:*:*:*:*:*:*","versionStartIncluding":"9.6","versionEndExcluding":"9.6.1","matchCriteriaId":"D2EA5EC1-0077-459E-A77C-A5CE93AF737D"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","versionStartIncluding":"17.0","versionEndExcluding":"26.2.5.18","matchCriteriaId":"6241E245-67D2-4FA6-83FE-4E9A4A07B3D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","versionStartIncluding":"27.0","versionEndExcluding":"27.3.4.9","matchCriteriaId":"BE60BA92-431E-4DE3-A1C1-E8976E3A6BA7"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","versionStartIncluding":"28.0","versionEndExcluding":"28.4.1","matchCriteriaId":"B8D9E80B-CA20-423A-A1A8-DEBB99D82BDB"}]}]}],"references":[{"url":"https://cna.erlef.org/cves/CVE-2026-23941.html","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Vendor Advisory"]},{"url":"https://github.com/erlang/otp/commit/a4b46336fd25aa100ac602eb9a627aaead7eda18","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Patch"]},{"url":"https://github.com/erlang/otp/commit/a761d391d8d08316cbd7d4a86733ba932b73c45b","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Patch"]},{"url":"https://github.com/erlang/otp/commit/e775a332f623851385ab6ddb866d9b150612ddf6","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Patch"]},{"url":"https://github.com/erlang/otp/security/advisories/GHSA-w4jc-9wpv-pqh7","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Vendor Advisory"]},{"url":"https://osv.dev/vulnerability/EEF-CVE-2026-23941","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Third Party Advisory"]},{"url":"https://www.erlang.org/doc/system/versions.html#order-of-versions","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Product"]}]}},{"cve":{"id":"CVE-2026-23942","sourceIdentifier":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","published":"2026-03-13T19:54:15.520","lastModified":"2026-05-21T15:22:38.703","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (ssh_sftpd module) allows Path Traversal.\n\nThis vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl and program routines ssh_sftpd:is_within_root/2.\n\nThe SFTP server uses string prefix matching via lists:prefix/2 rather than proper path component validation when checking if a path is within the configured root directory. This allows authenticated users to access sibling directories that share a common name prefix with the configured root directory. For example, if root is set to /home/user1, paths like /home/user10 or /home/user1_backup would incorrectly be considered within the root.\n\nThis issue affects OTP from OTP 17.0 until OTP 28.4.1, OTP 27.3.4.9 and OTP 26.2.5.18, corresponding to ssh from 3.0.1 until 5.5.1, 5.2.11.6 and 5.1.4.14."},{"lang":"es","value":"Limitación Inadecuada de un Nombre de Ruta a un Directorio Restringido ('Salto de Ruta') vulnerabilidad en Erlang OTP (módulo ssh_sftpd) permite Salto de Ruta.\n\nEsta vulnerabilidad está asociada con los archivos de programa lib/ssh/src/ssh_sftpd.erl y las rutinas de programa ssh_sftpd:is_within_root/2.\n\nEl servidor SFTP utiliza la coincidencia de prefijos de cadena a través de lists:prefix/2 en lugar de una validación adecuada de los componentes de la ruta al verificar si una ruta está dentro del directorio raíz configurado. Esto permite a los usuarios autenticados acceder a directorios hermanos que comparten un prefijo de nombre común con el directorio raíz configurado. Por ejemplo, si la raíz está configurada como /home/user1, rutas como /home/user10 o /home/user1_backup se considerarían incorrectamente dentro de la raíz.\n\nEste problema afecta a OTP desde OTP 17.0 hasta OTP 28.4.1, OTP 27.3.4.9 y OTP 26.2.5.18, lo que corresponde a ssh desde 3.0.1 hasta 5.5.1, 5.2.11.6 y 5.1.4.14."}],"metrics":{"cvssMetricV40":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}]},"weaknesses":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","versionStartIncluding":"17.0","versionEndExcluding":"26.2.5.18","matchCriteriaId":"6241E245-67D2-4FA6-83FE-4E9A4A07B3D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","versionStartIncluding":"27.0","versionEndExcluding":"27.3.4.9","matchCriteriaId":"BE60BA92-431E-4DE3-A1C1-E8976E3A6BA7"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","versionStartIncluding":"28.0","versionEndExcluding":"28.4.1","matchCriteriaId":"B8D9E80B-CA20-423A-A1A8-DEBB99D82BDB"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/ssh:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.1","versionEndExcluding":"5.1.4.14","matchCriteriaId":"24FD89BF-28BB-4432-9FDA-F0D84B5F716C"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/ssh:*:*:*:*:*:*:*:*","versionStartIncluding":"5.2","versionEndExcluding":"5.2.11.6","matchCriteriaId":"C0BFA1FA-14CC-4A47-A6A3-2572BA686367"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/ssh:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndIncluding":"5.5.1","matchCriteriaId":"0ABFC1FB-435C-414A-BF43-B119730E3DCE"}]}]}],"references":[{"url":"https://cna.erlef.org/cves/CVE-2026-23942.html","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Vendor Advisory"]},{"url":"https://github.com/erlang/otp/commit/27688a824f753d4c16371dc70e88753fb410590b","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Patch"]},{"url":"https://github.com/erlang/otp/commit/5ed603a1211b83b8be2d1fc06d3f3bf30c3c9759","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Patch"]},{"url":"https://github.com/erlang/otp/commit/9e0ac85d3485e7898e0da88a14be0ee2310a3b28","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Patch"]},{"url":"https://github.com/erlang/otp/security/advisories/GHSA-4749-w85x-hw9h","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Mitigation","Vendor Advisory"]},{"url":"https://osv.dev/vulnerability/EEF-CVE-2026-23942","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Vendor Advisory"]},{"url":"https://www.erlang.org/doc/system/versions.html#order-of-versions","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Product"]}]}},{"cve":{"id":"CVE-2026-23943","sourceIdentifier":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","published":"2026-03-13T19:54:15.783","lastModified":"2026-05-21T15:22:36.017","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Handling of Highly Compressed Data (Compression Bomb) vulnerability in Erlang OTP ssh (ssh_transport modules) allows Denial of Service via Resource Depletion.\n\nThe SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads pre-authentication without any size limit, enabling reliable memory exhaustion DoS.\n\nTwo compression algorithms are affected:\n\n* zlib: Activates immediately after key exchange, enabling unauthenticated attacks\n* zlib@openssh.com: Activates post-authentication, enabling authenticated attacks\n\nEach SSH packet can decompress ~255 MB from 256 KB of wire data (1029:1 amplification ratio). Multiple packets can rapidly exhaust available memory, causing OOM kills in memory-constrained environments.\n\nThis vulnerability is associated with program files lib/ssh/src/ssh_transport.erl and program routines ssh_transport:decompress/2, ssh_transport:handle_packet_part/4.\n\nThis issue affects OTP from OTP 17.0 until OTP 28.4.1, 27.3.4.9 and 26.2.5.18 corresponding to ssh from 3.0.1 until 5.5.1, 5.2.11.6 and 5.1.4.14."},{"lang":"es","value":"La vulnerabilidad de Manejo Inadecuado de Datos Altamente Comprimidos (Bomba de Compresión) en Erlang OTP ssh (módulos ssh_transport) permite la denegación de servicio mediante el agotamiento de recursos.\n\nLa capa de transporte SSH anuncia la compresión zlib heredada por defecto e infla cargas útiles controladas por el atacante pre-autenticación sin ningún límite de tamaño, lo que permite una DoS fiable por agotamiento de memoria.\n\nDos algoritmos de compresión se ven afectados:\n\n* zlib: Se activa inmediatamente después del intercambio de claves, lo que permite ataques no autenticados\n* zlib@openssh.com: Se activa post-autenticación, lo que permite ataques autenticados\n\nCada paquete SSH puede descomprimir ~255 MB de 256 KB de datos en la red (relación de amplificación de 1029:1). Múltiples paquetes pueden agotar rápidamente la memoria disponible, causando eliminaciones por OOM en entornos con memoria limitada.\n\nEsta vulnerabilidad está asociada con los archivos de programa lib/ssh/src/ssh_transport.erl y las rutinas de programa ssh_transport:decompress/2, ssh_transport:handle_packet_part/4.\n\nEste problema afecta a OTP desde OTP 17.0 hasta OTP 28.4.1, 27.3.4.9 y 26.2.5.18, lo que corresponde a ssh desde 3.0.1 hasta 5.5.1, 5.2.11.6 y 5.1.4.14."}],"metrics":{"cvssMetricV40":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","description":[{"lang":"en","value":"CWE-409"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","versionStartIncluding":"17.0","versionEndExcluding":"26.2.5.18","matchCriteriaId":"6241E245-67D2-4FA6-83FE-4E9A4A07B3D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","versionStartIncluding":"27.0","versionEndExcluding":"27.3.4.9","matchCriteriaId":"BE60BA92-431E-4DE3-A1C1-E8976E3A6BA7"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","versionStartIncluding":"28.0","versionEndExcluding":"28.4.1","matchCriteriaId":"B8D9E80B-CA20-423A-A1A8-DEBB99D82BDB"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/ssh:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.1","versionEndExcluding":"5.1.4.14","matchCriteriaId":"24FD89BF-28BB-4432-9FDA-F0D84B5F716C"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/ssh:*:*:*:*:*:*:*:*","versionStartIncluding":"5.2","versionEndExcluding":"5.2.11.6","matchCriteriaId":"C0BFA1FA-14CC-4A47-A6A3-2572BA686367"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/ssh:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndIncluding":"5.5.1","matchCriteriaId":"0ABFC1FB-435C-414A-BF43-B119730E3DCE"}]}]}],"references":[{"url":"https://cna.erlef.org/cves/CVE-2026-23943.html","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Vendor Advisory"]},{"url":"https://github.com/erlang/otp/commit/0c1c04b191f6ab940e8fcfabce39eb5a8a6440a4","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Patch"]},{"url":"https://github.com/erlang/otp/commit/43a87b949bdff12d629a8c34146711d9da93b1b1","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Patch"]},{"url":"https://github.com/erlang/otp/commit/93073c3bd338c60cd2bae715ce6a1d4ffc1a8fd3","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Patch"]},{"url":"https://github.com/erlang/otp/security/advisories/GHSA-c836-qprm-jw9r","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Vendor Advisory"]},{"url":"https://osv.dev/vulnerability/EEF-CVE-2026-23943","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Third Party Advisory"]},{"url":"https://www.erlang.org/doc/system/versions.html#order-of-versions","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Product"]}]}},{"cve":{"id":"CVE-2026-4270","sourceIdentifier":"ff89ba41-3aa1-4d27-914a-91399e9639e5","published":"2026-03-16T17:16:32.270","lastModified":"2026-05-21T15:58:19.767","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP Server versions >= 0.2.14 and < 1.3.9 on all platforms may allow the bypass of intended file access restriction and expose arbitrary local file contents in the MCP client application context.\n\nTo remediate this issue, users should upgrade to version 1.3.9."},{"lang":"es","value":"Protección Inadecuada de Ruta Alternativa existe en la característica no-access y workdir del servidor AWS API MCP versiones &gt;= 0.2.14 y &lt; 1.3.9 en todas las plataformas, lo que puede permitir la omisión de la restricción de acceso a archivos prevista y exponer contenidos de archivos locales arbitrarios en el contexto de la aplicación cliente MCP.\n\nPara remediar este problema, los usuarios deben actualizar a la versión 1.3.9."}],"metrics":{"cvssMetricV40":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","type":"Secondary","description":[{"lang":"en","value":"CWE-424"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:amazon:aws_api_mcp_server:*:*:*:*:*:python:*:*","versionStartIncluding":"0.2.14","versionEndExcluding":"1.3.9","matchCriteriaId":"EE415FFE-9C17-4E1A-8608-7DAA348BDAA6"}]}]}],"references":[{"url":"https://aws.amazon.com/security/security-bulletins/2026-007-AWS/","source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","tags":["Vendor Advisory"]},{"url":"https://pypi.org/project/awslabs.aws-api-mcp-server/1.3.9/","source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2025-71266","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-03-18T11:16:15.560","lastModified":"2026-05-21T15:39:12.267","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nfs: ntfs3: check return value of indx_find to avoid infinite loop\n\nWe found an infinite loop bug in the ntfs3 file system that can lead to a\nDenial-of-Service (DoS) condition.\n\nA malformed dentry in the ntfs3 filesystem can cause the kernel to hang\nduring the lookup operations. By setting the HAS_SUB_NODE flag in an\nINDEX_ENTRY within a directory's INDEX_ALLOCATION block and manipulating the\nVCN pointer, an attacker can cause the indx_find() function to repeatedly\nread the same block, allocating 4 KB of memory each time. The kernel lacks\nVCN loop detection and depth limits, causing memory exhaustion and an OOM\ncrash.\n\nThis patch adds a return value check for fnd_push() to prevent a memory\nexhaustion vulnerability caused by infinite loops. When the index exceeds the\nsize of the fnd->nodes array, fnd_push() returns -EINVAL. The indx_find()\nfunction checks this return value and stops processing, preventing further\nmemory allocation."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nfs: ntfs3: verificar el valor de retorno de indx_find para evitar un bucle infinito\n\nHemos encontrado un error de bucle infinito en el sistema de archivos ntfs3 que puede conducir a una condición de Denegación de Servicio (DoS).\n\nUna entrada de directorio (dentry) malformada en el sistema de archivos ntfs3 puede hacer que el kernel se cuelgue durante las operaciones de búsqueda. Al establecer la bandera HAS_SUB_NODE en una INDEX_ENTRY dentro del bloque INDEX_ALLOCATION de un directorio y manipular el puntero VCN, un atacante puede hacer que la función indx_find() lea repetidamente el mismo bloque, asignando 4 KB de memoria cada vez. El kernel carece de detección de bucles VCN y límites de profundidad, causando agotamiento de memoria y un fallo OOM.\n\nEste parche añade una verificación del valor de retorno para fnd_push() para prevenir una vulnerabilidad de agotamiento de memoria causada por bucles infinitos. Cuando el índice excede el tamaño del array fnd-&gt;nodes, fnd_push() devuelve -EINVAL. La función indx_find() verifica este valor de retorno y detiene el procesamiento, evitando una mayor asignación de memoria."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-835"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.1","versionEndExcluding":"5.15.202","matchCriteriaId":"70D6E265-A649-432E-9359-55BB2D1DB7B3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.165","matchCriteriaId":"797C7F46-D0BE-4FB8-A502-C5EF8E6B6654"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.128","matchCriteriaId":"851E9353-6C09-4CC9-877E-E09DB164A3C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.16","matchCriteriaId":"B4B8CDA9-BADF-4CF5-8B3B-702DE8EEA40B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.6","matchCriteriaId":"373EEEDA-FAA1-4FB4-B6ED-DB4DD99DBE67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.15:-:*:*:*:*:*:*","matchCriteriaId":"40D9C0D1-0F32-4A2B-9840-1072F5497540"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0ad7a1be44479503dbe5c699759861ef5b8bd70c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/14c3188afbedfd5178bbabb8002487ea14b37b56","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1732053c8a6b360e2d5afb1b34fe9779398b072c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/398e768d1accd1f5645492ab996005d7aa84a5b0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/435d34719db0e130f6f0c621d67ed524cc1a7d10","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/68e32694be231c1cdb99b7637a657314e88e1a96","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b0ea441f44ce64fa514a415d4a9e6e2b06e7946c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2025-71267","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-03-18T11:16:15.720","lastModified":"2026-05-21T18:28:40.587","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nfs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST\n\nWe found an infinite loop bug in the ntfs3 file system that can lead to a\nDenial-of-Service (DoS) condition.\n\nA malformed NTFS image can cause an infinite loop when an ATTR_LIST attribute\nindicates a zero data size while the driver allocates memory for it.\n\nWhen ntfs_load_attr_list() processes a resident ATTR_LIST with data_size set\nto zero, it still allocates memory because of al_aligned(0). This creates an\ninconsistent state where ni->attr_list.size is zero, but ni->attr_list.le is\nnon-null. This causes ni_enum_attr_ex to incorrectly assume that no attribute\nlist exists and enumerates only the primary MFT record. When it finds\nATTR_LIST, the code reloads it and restarts the enumeration, repeating\nindefinitely. The mount operation never completes, hanging the kernel thread.\n\nThis patch adds validation to ensure that data_size is non-zero before memory\nallocation. When a zero-sized ATTR_LIST is detected, the function returns\n-EINVAL, preventing a DoS vulnerability."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nfs: ntfs3: corrige bucle infinito provocado por ATTR_LIST de tamaño cero\n\nSe encontró un error de bucle infinito en el sistema de archivos ntfs3 que puede llevar a una condición de Denegación de Servicio (DoS).\n\nUna imagen NTFS malformada puede causar un bucle infinito cuando un atributo ATTR_LIST indica un tamaño de datos cero mientras el controlador asigna memoria para ello.\n\nCuando ntfs_load_attr_list() procesa un ATTR_LIST residente con data_size establecido en cero, todavía asigna memoria debido a al_aligned(0). Esto crea un estado inconsistente donde ni-&gt;attr_list.size es cero, pero ni-&gt;attr_list.le no es nulo. Esto hace que ni_enum_attr_ex asuma incorrectamente que no existe ninguna lista de atributos y enumere solo el registro MFT primario. Cuando encuentra ATTR_LIST, el código lo recarga y reinicia la enumeración, repitiéndose indefinidamente. La operación de montaje nunca se completa, colgando el hilo del kernel.\n\nEste parche añade validación para asegurar que data_size no sea cero antes de la asignación de memoria. Cuando se detecta un ATTR_LIST de tamaño cero, la función devuelve -EINVAL, previniendo una vulnerabilidad de DoS."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-835"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"5.15.202","matchCriteriaId":"B0330CE4-09CE-43EF-A9C8-CD49FFD1DC98"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.165","matchCriteriaId":"797C7F46-D0BE-4FB8-A502-C5EF8E6B6654"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.128","matchCriteriaId":"851E9353-6C09-4CC9-877E-E09DB164A3C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.16","matchCriteriaId":"B4B8CDA9-BADF-4CF5-8B3B-702DE8EEA40B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.6","matchCriteriaId":"373EEEDA-FAA1-4FB4-B6ED-DB4DD99DBE67"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/06909b2549d631a47fcda249d34be26f7ca1711d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7ef219656febf5ae06ae56b1fce47ebd05f92b68","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8d8c70b57dbeda3eb165c0940b97e85373ca9354","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9267d99fade76d44d4a133599524031fe684156e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/976e6a7c51fabf150478decbe8ef5d9a26039b7c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9779a6eaaabdf47aa57910d352b398ad742e6a5f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fd508939dbca5eceefb2d0c2564beb15469572f2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-23242","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-03-18T11:16:15.887","lastModified":"2026-05-21T15:43:26.673","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/siw: Fix potential NULL pointer dereference in header processing\n\nIf siw_get_hdr() returns -EINVAL before set_rx_fpdu_context(),\nqp->rx_fpdu can be NULL. The error path in siw_tcp_rx_data()\ndereferences qp->rx_fpdu->more_ddp_segs without checking, which\nmay lead to a NULL pointer deref. Only check more_ddp_segs when\nrx_fpdu is present.\n\nKASAN splat:\n[  101.384271] KASAN: null-ptr-deref in range [0x00000000000000c0-0x00000000000000c7]\n[  101.385869] RIP: 0010:siw_tcp_rx_data+0x13ad/0x1e50"},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nRDMA/siw: Soluciona una posible desreferencia de puntero NULL en el procesamiento de encabezados\n\nSi siw_get_hdr() devuelve -EINVAL antes de set_rx_fpdu_context(), qp-&gt;rx_fpdu puede ser NULL. La ruta de error en siw_tcp_rx_data() desreferencia qp-&gt;rx_fpdu-&gt;more_ddp_segs sin verificar, lo que puede llevar a una desreferencia de puntero NULL. Solo verificar more_ddp_segs cuando rx_fpdu está presente.\n\nKASAN splat:\n[ 101.384271] KASAN: desreferencia de puntero nulo en el rango [0x00000000000000c0-0x00000000000000c7]\n[ 101.385869] RIP: 0010:siw_tcp_rx_data+0x13ad/0x1e50"}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3.1","versionEndExcluding":"5.10.252","matchCriteriaId":"76341382-8280-4624-A6BF-BBFD488EEB2F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.202","matchCriteriaId":"4002FC2B-1456-4666-B240-0EBF590C4671"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.165","matchCriteriaId":"797C7F46-D0BE-4FB8-A502-C5EF8E6B6654"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.128","matchCriteriaId":"851E9353-6C09-4CC9-877E-E09DB164A3C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.3:-:*:*:*:*:*:*","matchCriteriaId":"D036D76E-AC69-4382-B4C1-8EDA1ABB2941"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/14ab3da122bd18920ad57428f6cf4fade8385142","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/714c99e1dc8f85f446e05be02ba83972e981a817","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8564dcc12fbb372d984ab45768cae9335777b274","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/87b7a036d2c73d5bb3ae2d47dee23de465db3355","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ab61841633d10e56a58c1493a262f0d02dba2f5e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ab957056192d6bd068b3759cb2077d859cca01f0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ce025f7f5d070596194315eb2e4e89d568b8a755","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ffba40b67663567481fa8a1ed5d2da36897c175d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-23243","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-03-18T11:16:16.090","lastModified":"2026-05-21T15:52:23.883","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/umad: Reject negative data_len in ib_umad_write\n\nib_umad_write computes data_len from user-controlled count and the\nMAD header sizes. With a mismatched user MAD header size and RMPP\nheader length, data_len can become negative and reach ib_create_send_mad().\nThis can make the padding calculation exceed the segment size and trigger\nan out-of-bounds memset in alloc_send_rmpp_list().\n\nAdd an explicit check to reject negative data_len before creating the\nsend buffer.\n\nKASAN splat:\n[  211.363464] BUG: KASAN: slab-out-of-bounds in ib_create_send_mad+0xa01/0x11b0\n[  211.364077] Write of size 220 at addr ffff88800c3fa1f8 by task spray_thread/102\n[  211.365867] ib_create_send_mad+0xa01/0x11b0\n[  211.365887] ib_umad_write+0x853/0x1c80"},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nRDMA/umad: Rechazar data_len negativo en ib_umad_write\n\nib_umad_write calcula data_len a partir de un conteo controlado por el usuario y los tamaños de encabezado MAD. Con un tamaño de encabezado MAD de usuario no coincidente y una longitud de encabezado RMPP, data_len puede volverse negativo y alcanzar ib_create_send_mad(). Esto puede hacer que el cálculo de relleno exceda el tamaño del segmento y desencadenar un memset fuera de límites en alloc_send_rmpp_list().\n\nSe añade una verificación explícita para rechazar data_len negativo antes de crear el búfer de envío.\n\nKASAN splat:\n[ 211.363464] ERROR: KASAN: slab-out-of-bounds en ib_create_send_mad+0xa01/0x11b0\n[ 211.364077] Escritura de tamaño 220 en la dirección ffff88800c3fa1f8 por la tarea spray_thread/102\n[ 211.365867] ib_create_send_mad+0xa01/0x11b0\n[ 211.365887] ib_umad_write+0x853/0x1c80"}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.24.1","versionEndExcluding":"5.10.252","matchCriteriaId":"2373214A-3D90-42DB-82C4-E1879374793C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.202","matchCriteriaId":"4002FC2B-1456-4666-B240-0EBF590C4671"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.165","matchCriteriaId":"797C7F46-D0BE-4FB8-A502-C5EF8E6B6654"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.128","matchCriteriaId":"851E9353-6C09-4CC9-877E-E09DB164A3C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.24:-:*:*:*:*:*:*","matchCriteriaId":"6F3E61F3-1CF1-4176-94CD-89A408BCFC96"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1371ef6b1ecf3676b8942f5dfb3634fb0648128e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/205955f29c26330b1dc7fdeadd5bb97c38e26f56","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/362e45fd9069ffa1523f9f1633b606ebf72060d7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/52ab82cc5cf8ada5c3fb6ffe8f32fdb2fc27a34b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5551b02fdbfd85a325bb857f3a8f9c9f33397ed2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6eb2919474ca105c5b13d19574e25f0ddcf19ca2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9c80d688f402539dfc8f336de1380d6b4ee14316","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a6a3e4af10993cb9e4b8f0548680aba0ab5f3b0d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-23244","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-03-18T11:16:16.270","lastModified":"2026-05-21T15:55:29.250","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: fix memory allocation in nvme_pr_read_keys()\n\nnvme_pr_read_keys() takes num_keys from userspace and uses it to\ncalculate the allocation size for rse via struct_size(). The upper\nlimit is PR_KEYS_MAX (64K).\n\nA malicious or buggy userspace can pass a large num_keys value that\nresults in a 4MB allocation attempt at most, causing a warning in\nthe page allocator when the order exceeds MAX_PAGE_ORDER.\n\nTo fix this, use kvzalloc() instead of kzalloc().\n\nThis bug has the same reasoning and fix with the patch below:\nhttps://lore.kernel.org/linux-block/20251212013510.3576091-1-kartikey406@gmail.com/\n\nWarning log:\nWARNING: mm/page_alloc.c:5216 at __alloc_frozen_pages_noprof+0x5aa/0x2300 mm/page_alloc.c:5216, CPU#1: syz-executor117/272\nModules linked in:\nCPU: 1 UID: 0 PID: 272 Comm: syz-executor117 Not tainted 6.19.0 #1 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nRIP: 0010:__alloc_frozen_pages_noprof+0x5aa/0x2300 mm/page_alloc.c:5216\nCode: ff 83 bd a8 fe ff ff 0a 0f 86 69 fb ff ff 0f b6 1d f9 f9 c4 04 80 fb 01 0f 87 3b 76 30 ff 83 e3 01 75 09 c6 05 e4 f9 c4 04 01 <0f> 0b 48 c7 85 70 fe ff ff 00 00 00 00 e9 8f fd ff ff 31 c0 e9 0d\nRSP: 0018:ffffc90000fcf450 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: 1ffff920001f9ea0\nRDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000040dc0\nRBP: ffffc90000fcf648 R08: ffff88800b6c3380 R09: 0000000000000001\nR10: ffffc90000fcf840 R11: ffff88807ffad280 R12: 0000000000000000\nR13: 0000000000040dc0 R14: 0000000000000001 R15: ffffc90000fcf620\nFS:  0000555565db33c0(0000) GS:ffff8880be26c000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000000002000000c CR3: 0000000003b72000 CR4: 00000000000006f0\nCall Trace:\n <TASK>\n alloc_pages_mpol+0x236/0x4d0 mm/mempolicy.c:2486\n alloc_frozen_pages_noprof+0x149/0x180 mm/mempolicy.c:2557\n ___kmalloc_large_node+0x10c/0x140 mm/slub.c:5598\n __kmalloc_large_node_noprof+0x25/0xc0 mm/slub.c:5629\n __do_kmalloc_node mm/slub.c:5645 [inline]\n __kmalloc_noprof+0x483/0x6f0 mm/slub.c:5669\n kmalloc_noprof include/linux/slab.h:961 [inline]\n kzalloc_noprof include/linux/slab.h:1094 [inline]\n nvme_pr_read_keys+0x8f/0x4c0 drivers/nvme/host/pr.c:245\n blkdev_pr_read_keys block/ioctl.c:456 [inline]\n blkdev_common_ioctl+0x1b71/0x29b0 block/ioctl.c:730\n blkdev_ioctl+0x299/0x700 block/ioctl.c:786\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:597 [inline]\n __se_sys_ioctl fs/ioctl.c:583 [inline]\n __x64_sys_ioctl+0x1bf/0x220 fs/ioctl.c:583\n x64_sys_call+0x1280/0x21b0 mnt/fuzznvme_1/fuzznvme/linux-build/v6.19/./arch/x86/include/generated/asm/syscalls_64.h:17\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0x71/0x330 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7fb893d3108d\nCode: 28 c3 e8 46 1e 00 00 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007ffff61f2f38 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007ffff61f3138 RCX: 00007fb893d3108d\nRDX: 0000000020000040 RSI: 00000000c01070ce RDI: 0000000000000003\nRBP: 0000000000000001 R08: 0000000000000000 R09: 00007ffff61f3138\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001\nR13: 00007ffff61f3128 R14: 00007fb893dae530 R15: 0000000000000001\n </TASK>"},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nnvme: corregir la asignación de memoria en nvme_pr_read_keys()\n\nnvme_pr_read_keys() toma num_keys del espacio de usuario y lo usa para calcular el tamaño de asignación para rse a través de struct_size(). El límite superior es PR_KEYS_MAX (64K).\n\nUn espacio de usuario malicioso o con errores puede pasar un valor grande de num_keys que resulta en un intento de asignación de 4MB como máximo, causando una advertencia en el asignador de páginas cuando el orden excede MAX_PAGE_ORDER.\n\nPara corregir esto, use kvzalloc() en lugar de kzalloc().\n\nEste error tiene el mismo razonamiento y corrección con el parche a continuación:\nhttps://lore.kernel.org/linux-block/20251212013510.3576091-1-kartikey406@gmail.com/\n\nRegistro de advertencia:\nADVERTENCIA: mm/page_alloc.c:5216 en __alloc_frozen_pages_noprof+0x5aa/0x2300 mm/page_alloc.c:5216, CPU#1: syz-executor117/272\nMódulos enlazados:\nCPU: 1 UID: 0 PID: 272 Comm: syz-executor117 No contaminado 6.19.0 #1 PREEMPT(voluntario)\nNombre del hardware: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nRIP: 0010:__alloc_frozen_pages_noprof+0x5aa/0x2300 mm/page_alloc.c:5216\nCódigo: ff 83 bd a8 fe ff ff 0a 0f 86 69 fb ff ff 0f b6 1d f9 f9 c4 04 80 fb 01 0f 87 3b 76 30 ff 83 e3 01 75 09 c6 05 e4 f9 c4 04 01 &lt;0f&gt; 0b 48 c7 85 70 fe ff ff 00 00 00 00 e9 8f fd ff ff 31 c0 e9 0d\nRSP: 0018:ffffc90000fcf450 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: 1ffff920001f9ea0\nRDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000040dc0\nRBP: ffffc90000fcf648 R08: ffff88800b6c3380 R09: 0000000000000001\nR10: ffffc90000fcf840 R11: ffff88807ffad280 R12: 0000000000000000\nR13: 0000000000040dc0 R14: 0000000000000001 R15: ffffc90000fcf620\nFS: 0000555565db33c0(0000) GS:ffff8880be26c000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000000002000000c CR3: 0000000003b72000 CR4: 00000000000006f0\nRastro de llamadas:\n \n alloc_pages_mpol+0x236/0x4d0 mm/mempolicy.c:2486\n alloc_frozen_pages_noprof+0x149/0x180 mm/mempolicy.c:2557\n ___kmalloc_large_node+0x10c/0x140 mm/slub.c:5598\n __kmalloc_large_node_noprof+0x25/0xc0 mm/slub.c:5629\n __do_kmalloc_node mm/slub.c:5645 [inline]\n __kmalloc_noprof+0x483/0x6f0 mm/slub.c:5669\n kmalloc_noprof include/linux/slab.h:961 [inline]\n kzalloc_noprof include/linux/slab.h:1094 [inline]\n nvme_pr_read_keys+0x8f/0x4c0 drivers/nvme/host/pr.c:245\n blkdev_pr_read_keys block/ioctl.c:456 [inline]\n blkdev_common_ioctl+0x1b71/0x29b0 block/ioctl.c:730\n blkdev_ioctl+0x299/0x700 block/ioctl.c:786\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:597 [inline]\n __se_sys_ioctl fs/ioctl.c:583 [inline]\n __x64_sys_ioctl+0x1bf/0x220 fs/ioctl.c:583\n x64_sys_call+0x1280/0x21b0 mnt/fuzznvme_1/fuzznvme/linux-build/v6.19/./arch/x86/include/generated/asm/syscalls_64.h:17\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0x71/0x330 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7fb893d3108d\nCódigo: 28 c3 e8 46 1e 00 00 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 &lt;48&gt; 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007ffff61f2f38 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007ffff61f3138 RCX: 00007fb893d3108d\nRDX: 0000000020000040 RSI: 00000000c01070ce RDI: 0000000000000003\nRBP: 0000000000000001 R08: 0000000000000000 R09: 00007ffff61f3138\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001\nR13: 00007ffff61f3128 R14: 00007fb893dae530 R15: 0000000000000001\n "}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.5.1","versionEndExcluding":"6.6.130","matchCriteriaId":"32772849-BF02-4208-99C1-068667D43F23"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.77","matchCriteriaId":"B3D12E00-E42D-4056-B354-BAD4903C03A5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.17","matchCriteriaId":"A5E006E4-59C7-43C1-9231-62A72219F2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.7","matchCriteriaId":"69245D10-0B71-485E-80C3-A64F077004D3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.5:-:*:*:*:*:*:*","matchCriteriaId":"A2D9420A-9BF4-4C16-B6DA-8A1D279F7384"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/15fb6d627484ee39ed73e202ef4720e1fa5c898e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5a501379a010690ae9ae88bef62a1bae1aca32e6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/baef52d80093bd686e70b3cb7e0512a40ae76705","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c3320153769f05fd7fe9d840cb555dd3080ae424","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e42ff5abbd14927553b624c0e06d24df76156fe6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-23245","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-03-18T11:16:16.437","lastModified":"2026-05-21T18:47:30.370","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_gate: snapshot parameters with RCU on replace\n\nThe gate action can be replaced while the hrtimer callback or dump path is\nwalking the schedule list.\n\nConvert the parameters to an RCU-protected snapshot and swap updates under\ntcf_lock, freeing the previous snapshot via call_rcu(). When REPLACE omits\nthe entry list, preserve the existing schedule so the effective state is\nunchanged."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nnet/sched: act_gate: instantánea de parámetros con RCU al reemplazar\n\nLa acción de puerta puede ser reemplazada mientras la devolución de llamada de hrtimer o la ruta de volcado está recorriendo la lista de programación.\n\nConvertir los parámetros a una instantánea protegida por RCU e intercambiar actualizaciones bajo tcf_lock, liberando la instantánea anterior mediante call_rcu(). Cuando REPLACE omite la lista de entradas, preservar la programación existente para que el estado efectivo permanezca inalterado."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.8.1","versionEndExcluding":"5.10.253","matchCriteriaId":"322D472B-4DA0-4679-9950-28C0EBB5BBA0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"6.1.167","matchCriteriaId":"56D62904-7C85-4BED-9EC0-3982B880F72D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.18","matchCriteriaId":"346AD1FB-0CE8-4D9D-8E56-5EB1A4D06199"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.8","matchCriteriaId":"C65A7D85-C7C6-485E-AC35-66A374C73FAC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.8:-:*:*:*:*:*:*","matchCriteriaId":"0E2DC66F-4A95-475F-B8B6-191DEC1E7EF6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/035d0d09d5ab3ed3e93d18cde2b562a6719eea23","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/04d75529dc0f9be78786162ebab7424af4644df2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/58b162e318d0243ad2d7d92456c0873f2494c351","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/62413a9c3cb183afb9bb6e94dd68caf4e4145f4c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8b1251bbf0f10ac745ed74bad4d3b433caa1eeae","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/dfc314d7c767e350f78a46a8f8b134f80e8ad432","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fc98fd8d214693be91253d9a88cdf8e5e143d124","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-23247","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-03-18T11:16:16.723","lastModified":"2026-05-21T17:35:59.183","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: secure_seq: add back ports to TS offset\n\nThis reverts 28ee1b746f49 (\"secure_seq: downgrade to per-host timestamp offsets\")\n\ntcp_tw_recycle went away in 2017.\n\nZhouyan Deng reported off-path TCP source port leakage via\nSYN cookie side-channel that can be fixed in multiple ways.\n\nOne of them is to bring back TCP ports in TS offset randomization.\n\nAs a bonus, we perform a single siphash() computation\nto provide both an ISN and a TS offset."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\ntcp: secure_seq: añadir de nuevo puertos al desplazamiento TS\n\nEsto revierte 28ee1b746f49 ('secure_seq: degradar a desplazamientos de marca de tiempo por host')\n\ntcp_tw_recycle desapareció en 2017.\n\nZhouyan Deng informó de una fuga de puerto de origen TCP fuera de ruta a través de un canal lateral de SYN cookie que se puede solucionar de múltiples maneras.\n\nUna de ellas es traer de vuelta los puertos TCP en la aleatorización del desplazamiento TS.\n\nComo ventaja adicional, realizamos un único cálculo de siphash() para proporcionar tanto un ISN como un desplazamiento TS."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartExcluding":"4.11","versionEndExcluding":"6.18.17","matchCriteriaId":"93C0B2B1-66EF-41A6-8FCE-4ED37AB02E2A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.7","matchCriteriaId":"69245D10-0B71-485E-80C3-A64F077004D3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:4.10.14:*:*:*:*:*:*:*","matchCriteriaId":"C30F9041-D8C3-4F81-B9F1-08BA07D0AE00"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:4.11:-:*:*:*:*:*:*","matchCriteriaId":"623D643F-123E-4D3E-8CBF-16BF845D734B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:4.11:rc6:*:*:*:*:*:*","matchCriteriaId":"D67BFFD0-1A52-4F5D-98DB-D94B58FD8D30"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:4.11:rc7:*:*:*:*:*:*","matchCriteriaId":"7D996F38-22AC-4059-84FC-F7D69CE0CB9B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:4.11:rc8:*:*:*:*:*:*","matchCriteriaId":"97EFF4F7-E5F9-4FAA-AD58-94A24501AD59"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/165573e41f2f66ef98940cf65f838b2cb575d9d1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/46e5b0d7cf55821527adea471ffe52a5afbd9caf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/eae2f14ab2efccdb7480fae7d42c4b0116ef8805","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-23248","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-03-18T11:16:16.863","lastModified":"2026-05-21T18:45:54.603","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nperf/core: Fix refcount bug and potential UAF in perf_mmap\n\nSyzkaller reported a refcount_t: addition on 0; use-after-free warning\nin perf_mmap.\n\nThe issue is caused by a race condition between a failing mmap() setup\nand a concurrent mmap() on a dependent event (e.g., using output\nredirection).\n\nIn perf_mmap(), the ring_buffer (rb) is allocated and assigned to\nevent->rb with the mmap_mutex held. The mutex is then released to\nperform map_range().\n\nIf map_range() fails, perf_mmap_close() is called to clean up.\nHowever, since the mutex was dropped, another thread attaching to\nthis event (via inherited events or output redirection) can acquire\nthe mutex, observe the valid event->rb pointer, and attempt to\nincrement its reference count. If the cleanup path has already\ndropped the reference count to zero, this results in a\nuse-after-free or refcount saturation warning.\n\nFix this by extending the scope of mmap_mutex to cover the\nmap_range() call. This ensures that the ring buffer initialization\nand mapping (or cleanup on failure) happens atomically effectively,\npreventing other threads from accessing a half-initialized or\ndying ring buffer."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nperf/core: Corrección de error de conteo de referencias y potencial UAF en perf_mmap\n\nSyzkaller informó una advertencia de refcount_t: adición en 0; uso después de liberación en perf_mmap.\n\nEl problema es causado por una condición de carrera entre una configuración de mmap() fallida y un mmap() concurrente en un evento dependiente (por ejemplo, usando redirección de salida).\n\nEn perf_mmap(), el ring_buffer (rb) se asigna y se establece en event-&gt;rb con el mmap_mutex retenido. El mutex es entonces liberado para realizar map_range().\n\nSi map_range() falla, se llama a perf_mmap_close() para limpiar. Sin embargo, dado que el mutex fue liberado, otro hilo que se adjunta a este evento (a través de eventos heredados o redirección de salida) puede adquirir el mutex, observar el puntero event-&gt;rb válido e intentar incrementar su conteo de referencias. Si la ruta de limpieza ya ha reducido el conteo de referencias a cero, esto resulta en un uso después de liberación o una advertencia de saturación de conteo de referencias.\n\nEsto se corrige al extender el alcance de mmap_mutex para cubrir la llamada a map_range(). Esto asegura que la inicialización y el mapeo del búfer de anillo (o la limpieza en caso de fallo) ocurra de manera atómica y efectiva, evitando que otros hilos accedan a un búfer de anillo medio inicializado o en proceso de terminación."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.14","versionEndExcluding":"6.18.17","matchCriteriaId":"E367EC2E-72DB-4555-9BE2-A5B9C97AD4E6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.7","matchCriteriaId":"69245D10-0B71-485E-80C3-A64F077004D3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/77de62ad3de3967818c3dbe656b7336ebee461d2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ac7ecb65af170a7fc193e7bd8be15dac84ec6a56","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c27dea9f50ed525facb62ef647dddc4722456e07","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2025-71268","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-03-18T18:16:21.960","lastModified":"2026-05-21T18:39:30.590","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix reservation leak in some error paths when inserting inline extent\n\nIf we fail to allocate a path or join a transaction, we return from\n__cow_file_range_inline() without freeing the reserved qgroup data,\nresulting in a leak. Fix this by ensuring we call btrfs_qgroup_free_data()\nin such cases."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nbtrfs: corrige una fuga de reserva en algunas rutas de error al insertar una extensión en línea\n\nSi no logramos asignar una ruta o unirnos a una transacción, regresamos de __cow_file_range_inline() sin liberar los datos de qgroup reservados, lo que resulta en una fuga. Soluciona esto asegurando que llamamos a btrfs_qgroup_free_data() en tales casos."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4","versionEndExcluding":"6.1.163","matchCriteriaId":"C030C978-094A-4182-8316-23BD86BEAF8A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.124","matchCriteriaId":"76183B9F-CABE-4E21-A3E3-F0EBF99DC3C7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.70","matchCriteriaId":"F3791390-0628-4808-99EF-1ED8ABF60933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.10","matchCriteriaId":"7156C23F-009E-4D05-838C-A2DA417B5B8D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*","matchCriteriaId":"17B67AA7-40D6-4AFA-8459-F200F3D7CFD1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*","matchCriteriaId":"C47E4CC9-C826-4FA9-B014-7FE3D9B318B2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*","matchCriteriaId":"F71D92C0-C023-48BD-B3B6-70B638EEE298"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*","matchCriteriaId":"13580667-0A98-40CC-B29F-D12790B91BDB"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/28768bd3abf9995a93f6e01bfce01c60622964dd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/28b97fcbbf523779688e8de5fe55bf2dae3859f6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c1c050f92d8f6aac4e17f7f2230160794fceef0c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f3ee1732851aec6fe6b2cec2ef1b32d4e71d9913","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f7156512c8166d385f574b9ec030479aa7b1e8c9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2025-71269","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-03-18T18:16:22.110","lastModified":"2026-05-21T18:38:20.613","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not free data reservation in fallback from inline due to -ENOSPC\n\nIf we fail to create an inline extent due to -ENOSPC, we will attempt to\ngo through the normal COW path, reserve an extent, create an ordered\nextent, etc. However we were always freeing the reserved qgroup data,\nwhich is wrong since we will use data. Fix this by freeing the reserved\nqgroup data in __cow_file_range_inline() only if we are not doing the\nfallback (ret is <= 0)."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nbtrfs: no liberar la reserva de datos en la alternativa de inline debido a -ENOSPC\n\nSi fallamos al crear una extensión inline debido a -ENOSPC, intentaremos seguir la ruta COW normal, reservar una extensión, crear una extensión ordenada, etc. Sin embargo, siempre estábamos liberando los datos qgroup reservados, lo cual es incorrecto ya que usaremos los datos. Corregir esto liberando los datos qgroup reservados en __cow_file_range_inline() solo si no estamos realizando la alternativa (ret es &lt;= 0)."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4","versionEndExcluding":"6.1.168","matchCriteriaId":"726D44CE-6870-4BF2-BF2A-36922E925B14"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.134","matchCriteriaId":"F56F925B-BAF8-4F4B-B62F-1496AF19A307"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.81","matchCriteriaId":"6EF80433-B33B-43C5-8E64-0FA7B8DCE1BC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.10","matchCriteriaId":"7156C23F-009E-4D05-838C-A2DA417B5B8D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*","matchCriteriaId":"17B67AA7-40D6-4AFA-8459-F200F3D7CFD1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*","matchCriteriaId":"C47E4CC9-C826-4FA9-B014-7FE3D9B318B2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*","matchCriteriaId":"F71D92C0-C023-48BD-B3B6-70B638EEE298"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*","matchCriteriaId":"13580667-0A98-40CC-B29F-D12790B91BDB"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0a1fbbd780f04d1b6cf48dd327c866ba937de1c4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3a9fd45afadec1fbfec72057b9473d509fa8b68c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3edd1f6c7c520536b62b2904807033597554dbac","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6de3a371a8b9fd095198b1aa68c22cc10a4c6961","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f8da41de0bff9eb1d774a7253da0c9f637c4470a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2025-71270","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-03-18T18:16:22.230","lastModified":"2026-05-21T18:36:19.740","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: Enable exception fixup for specific ADE subcode\n\nThis patch allows the LoongArch BPF JIT to handle recoverable memory\naccess errors generated by BPF_PROBE_MEM* instructions.\n\nWhen a BPF program performs memory access operations, the instructions\nit executes may trigger ADEM exceptions. The kernel’s built-in BPF\nexception table mechanism (EX_TYPE_BPF) will generate corresponding\nexception fixup entries in the JIT compilation phase; however, the\narchitecture-specific trap handling function needs to proactively call\nthe common fixup routine to achieve exception recovery.\n\ndo_ade(): fix EX_TYPE_BPF memory access exceptions for BPF programs,\nensure safe execution.\n\nRelevant test cases: illegal address access tests in module_attach and\nsubprogs_extable of selftests/bpf."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nLoongArch: Habilitar la corrección de excepciones para un subcódigo ADE específico\n\nEste parche permite al JIT BPF de LoongArch manejar errores de acceso a memoria recuperables generados por instrucciones BPF_PROBE_MEM*.\n\nCuando un programa BPF realiza operaciones de acceso a memoria, las instrucciones que ejecuta pueden desencadenar excepciones ADEM. El mecanismo de tabla de excepciones BPF integrado del kernel (EX_TYPE_BPF) generará entradas de corrección de excepciones correspondientes en la fase de compilación JIT; sin embargo, la función de manejo de trampas específica de la arquitectura necesita llamar proactivamente a la rutina de corrección común para lograr la recuperación de la excepción.\n\ndo_ade(): corrige las excepciones de acceso a memoria EX_TYPE_BPF para programas BPF, asegura la ejecución segura.\n\nCasos de prueba relevantes: pruebas de acceso a direcciones ilegales en module_attach y subprogs_extable de selftests/bpf."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.124","matchCriteriaId":"76183B9F-CABE-4E21-A3E3-F0EBF99DC3C7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.70","matchCriteriaId":"F3791390-0628-4808-99EF-1ED8ABF60933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.10","matchCriteriaId":"7156C23F-009E-4D05-838C-A2DA417B5B8D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*","matchCriteriaId":"17B67AA7-40D6-4AFA-8459-F200F3D7CFD1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*","matchCriteriaId":"C47E4CC9-C826-4FA9-B014-7FE3D9B318B2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*","matchCriteriaId":"F71D92C0-C023-48BD-B3B6-70B638EEE298"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/73ede654d9daa2ee41bdd17bc62946fc5a0258cb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9bdc1ab5e4ce6f066119018d8f69631a46f9c5a0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c2ed4f71e9288f21d5c53ff790270758e60fa5f9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c49a28068363f3dca439aa5fe4d3b1f8159809fe","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-23249","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-03-18T18:16:22.787","lastModified":"2026-05-21T18:34:07.380","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: check for deleted cursors when revalidating two btrees\n\nThe free space and inode btree repair functions will rebuild both btrees\nat the same time, after which it needs to evaluate both btrees to\nconfirm that the corruptions are gone.\n\nHowever, Jiaming Zhang ran syzbot and produced a crash in the second\nxchk_allocbt call.  His root-cause analysis is as follows (with minor\ncorrections):\n\n In xrep_revalidate_allocbt(), xchk_allocbt() is called twice (first\n for BNOBT, second for CNTBT). The cause of this issue is that the\n first call nullified the cursor required by the second call.\n\n Let's first enter xrep_revalidate_allocbt() via following call chain:\n\n xfs_file_ioctl() ->\n xfs_ioc_scrubv_metadata() ->\n xfs_scrub_metadata() ->\n `sc->ops->repair_eval(sc)` ->\n xrep_revalidate_allocbt()\n\n xchk_allocbt() is called twice in this function. In the first call:\n\n /* Note that sc->sm->sm_type is XFS_SCRUB_TYPE_BNOPT now */\n xchk_allocbt() ->\n xchk_btree() ->\n `bs->scrub_rec(bs, recp)` ->\n xchk_allocbt_rec() ->\n xchk_allocbt_xref() ->\n xchk_allocbt_xref_other()\n\n since sm_type is XFS_SCRUB_TYPE_BNOBT, pur is set to &sc->sa.cnt_cur.\n Kernel called xfs_alloc_get_rec() and returned -EFSCORRUPTED. Call\n chain:\n\n xfs_alloc_get_rec() ->\n xfs_btree_get_rec() ->\n xfs_btree_check_block() ->\n (XFS_IS_CORRUPT || XFS_TEST_ERROR), the former is false and the latter\n is true, return -EFSCORRUPTED. This should be caused by\n ioctl$XFS_IOC_ERROR_INJECTION I guess.\n\n Back to xchk_allocbt_xref_other(), after receiving -EFSCORRUPTED from\n xfs_alloc_get_rec(), kernel called xchk_should_check_xref(). In this\n function, *curpp (points to sc->sa.cnt_cur) is nullified.\n\n Back to xrep_revalidate_allocbt(), since sc->sa.cnt_cur has been\n nullified, it then triggered null-ptr-deref via xchk_allocbt() (second\n call) -> xchk_btree().\n\nSo.  The bnobt revalidation failed on a cross-reference attempt, so we\ndeleted the cntbt cursor, and then crashed when we tried to revalidate\nthe cntbt.  Therefore, check for a null cntbt cursor before that\nrevalidation, and mark the repair incomplete.  Also we can ignore the\nsecond tree entirely if the first tree was rebuilt but is already\ncorrupt.\n\nApply the same fix to xrep_revalidate_iallocbt because it has the same\nproblem."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nxfs: verificar cursores eliminados al revalidar dos btrees\n\nLas funciones de reparación de btree de espacio libre e inodo reconstruirán ambos btrees al mismo tiempo, después de lo cual necesita evaluar ambos btrees para confirmar que las corrupciones han desaparecido.\n\nSin embargo, Jiaming Zhang ejecutó syzbot y produjo un fallo en la segunda llamada a xchk_allocbt. Su análisis de causa raíz es el siguiente (con correcciones menores):\n\nEn xrep_revalidate_allocbt(), se llama a xchk_allocbt() dos veces (primero para BNOBT, segundo para CNTBT). La causa de este problema es que la primera llamada anuló el cursor requerido por la segunda llamada.\n\nPrimero entremos en xrep_revalidate_allocbt() a través de la siguiente cadena de llamadas:\n\nxfs_file_ioctl() -&gt;\nxfs_ioc_scrubv_metadata() -&gt;\nxfs_scrub_metadata() -&gt;\n'sc-&gt;ops-&gt;repair_eval(sc)' -&gt;\nxrep_revalidate_allocbt()\n\nSe llama a xchk_allocbt() dos veces en esta función. En la primera llamada:\n\n/* Tenga en cuenta que sc-&gt;sm-&gt;sm_type es XFS_SCRUB_TYPE_BNOPT ahora */\nxchk_allocbt() -&gt;\nxchk_btree() -&gt;\n'bs-&gt;scrub_rec(bs, recp)' -&gt;\nxchk_allocbt_rec() -&gt;\nxchk_allocbt_xref() -&gt;\nxchk_allocbt_xref_other()\n\ndado que sm_type es XFS_SCRUB_TYPE_BNOBT, pur se establece en &amp;sc-&gt;sa.cnt_cur. El kernel llamó a xfs_alloc_get_rec() y devolvió -EFSCORRUPTED. Cadena de llamadas:\n\nxfs_alloc_get_rec() -&gt;\nxfs_btree_get_rec() -&gt;\nxfs_btree_check_block() -&gt;\n(XFS_IS_CORRUPT || XFS_TEST_ERROR), el primero es falso y el segundo es verdadero, devuelve -EFSCORRUPTED. Esto debería ser causado por ioctl$XFS_IOC_ERROR_INJECTION, supongo.\n\nVolviendo a xchk_allocbt_xref_other(), después de recibir -EFSCORRUPTED de xfs_alloc_get_rec(), el kernel llamó a xchk_should_check_xref(). En esta función, *curpp (que apunta a sc-&gt;sa.cnt_cur) es anulado.\n\nVolviendo a xrep_revalidate_allocbt(), dado que sc-&gt;sa.cnt_cur ha sido anulado, entonces activó una desreferencia de puntero nulo a través de xchk_allocbt() (segunda llamada) -&gt; xchk_btree().\n\nAsí que. La revalidación de bnobt falló en un intento de referencia cruzada, por lo que eliminamos el cursor cntbt, y luego fallamos cuando intentamos revalidar el cntbt. Por lo tanto, verifique si hay un cursor cntbt nulo antes de esa revalidación, y marque la reparación como incompleta. También podemos ignorar el segundo árbol por completo si el primer árbol fue reconstruido pero ya está corrupto.\n\nAplique la misma corrección a xrep_revalidate_iallocbt porque tiene el mismo problema."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.8","versionEndExcluding":"6.12.75","matchCriteriaId":"4A94C3E7-EF78-4AF2-8160-DDF77E97D5EE"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.16","matchCriteriaId":"B4B8CDA9-BADF-4CF5-8B3B-702DE8EEA40B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.6","matchCriteriaId":"373EEEDA-FAA1-4FB4-B6ED-DB4DD99DBE67"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/55e03b8cbe2783ec9acfb88e8adb946ed504e117","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5991e96f2ae82df60a3e4ed00f3432d9f3502a99","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b04baa848c0543b240b1bd8aecff470382f6f154","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d69de525bc7ab27713342080bf50826df3f6a68f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-23250","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-03-18T18:16:22.950","lastModified":"2026-05-21T18:32:11.127","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: check return value of xchk_scrub_create_subord\n\nFix this function to return NULL instead of a mangled ENOMEM, then fix\nthe callers to actually check for a null pointer and return ENOMEM.\nMost of the corrections here are for code merged between 6.2 and 6.10."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nxfs: comprobar el valor de retorno de xchk_scrub_create_subord\n\nCorregir esta función para que devuelva NULL en lugar de un ENOMEM corrupto, luego corregir a los llamadores para que realmente comprueben si hay un puntero nulo y devuelvan ENOMEM. La mayoría de las correcciones aquí son para código fusionado entre 6.2 y 6.10."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.10","versionEndExcluding":"6.12.75","matchCriteriaId":"CB67FC73-CF7B-41DB-A5A5-423C53BE93EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.16","matchCriteriaId":"B4B8CDA9-BADF-4CF5-8B3B-702DE8EEA40B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.6","matchCriteriaId":"373EEEDA-FAA1-4FB4-B6ED-DB4DD99DBE67"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2b658d1249666cc55af9484dcf5f45ca438d4ecc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b2df809edd8cb7d1c3e19d9f6aabc2bd55d2bfb6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ca27313fb3f23e4ac18532ede4ec1c7cc5814c4a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d6f3f7d4dd8a179394cef03c00993d57f5f68601","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-23251","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-03-18T18:16:23.090","lastModified":"2026-05-21T18:30:19.560","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: only call xf{array,blob}_destroy if we have a valid pointer\n\nOnly call the xfarray and xfblob destructor if we have a valid pointer,\nand be sure to null out that pointer afterwards.  Note that this patch\nfixes a large number of commits, most of which were merged between 6.9\nand 6.10."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nxfs: solo llamar a xf{array,blob}_destroy si tenemos un puntero válido\n\nSolo llamar al destructor xfarray y xfblob si tenemos un puntero válido, y asegurarse de anular ese puntero después. Tenga en cuenta que este parche soluciona un gran número de commits, la mayoría de los cuales fueron fusionados entre 6.9 y 6.10."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.10","versionEndExcluding":"6.12.75","matchCriteriaId":"CB67FC73-CF7B-41DB-A5A5-423C53BE93EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.16","matchCriteriaId":"B4B8CDA9-BADF-4CF5-8B3B-702DE8EEA40B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.6","matchCriteriaId":"373EEEDA-FAA1-4FB4-B6ED-DB4DD99DBE67"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/5de5be3ed7e7fa4ebde4f4b58fb9a629644f9202","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ba408d299a3bb3c5309f40c5326e4fb83ead4247","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c9ccefacae0d8091683447bc338bd7741417039d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d827612c81a26cc1dd83a211cfcb5ad8765da0c4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-1519","sourceIdentifier":"security-officer@isc.org","published":"2026-03-25T14:16:33.110","lastModified":"2026-05-21T15:24:01.930","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries (see: https://kb.isc.org/docs/why-does-my-authoritative-server-make-recursive-queries).\nThis issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.46, 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.46-S1, and 9.20.9-S1 through 9.20.20-S1."},{"lang":"es","value":"Si un resolvedor BIND está realizando validación DNSSEC y encuentra una zona creada maliciosamente, el resolvedor puede consumir CPU excesiva. Los servidores solo autoritativos generalmente no se ven afectados, aunque hay circunstancias en las que los servidores autoritativos pueden realizar consultas recursivas (ver: https://kb.isc.org/docs/why-does-my-authoritative-server-make-recursive-queries).\nEste problema afecta a las versiones de BIND 9 9.11.0 a 9.16.50, 9.18.0 a 9.18.46, 9.20.0 a 9.20.20, 9.21.0 a 9.21.19, 9.11.3-S1 a 9.16.50-S1, 9.18.11-S1 a 9.18.46-S1, y 9.20.9-S1 a 9.20.20-S1."}],"metrics":{"cvssMetricV31":[{"source":"security-officer@isc.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-officer@isc.org","type":"Secondary","description":[{"lang":"en","value":"CWE-606"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*","versionStartIncluding":"9.11.0","versionEndIncluding":"9.16.50","matchCriteriaId":"9EC5B9B1-25F2-48CA-9E8A-59D8E81D408A"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*","versionStartIncluding":"9.18.0","versionEndExcluding":"9.18.47","matchCriteriaId":"4DC8EC77-8200-45EC-B006-73E48A67A1B8"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*","versionStartIncluding":"9.20.0","versionEndExcluding":"9.20.21","matchCriteriaId":"2C0EF5D0-68A6-4E00-985B-523D9B243E49"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*","versionStartIncluding":"9.21.0","versionEndExcluding":"9.21.20","matchCriteriaId":"B1DD0950-5CBD-49B2-8007-5E96B3C4FB1B"}]}]}],"references":[{"url":"https://downloads.isc.org/isc/bind9/9.18.47","source":"security-officer@isc.org","tags":["Patch"]},{"url":"https://downloads.isc.org/isc/bind9/9.20.21","source":"security-officer@isc.org","tags":["Patch"]},{"url":"https://downloads.isc.org/isc/bind9/9.21.20","source":"security-officer@isc.org","tags":["Patch"]},{"url":"https://kb.isc.org/docs/cve-2026-1519","source":"security-officer@isc.org","tags":["Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2026/04/msg00008.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-3104","sourceIdentifier":"security-officer@isc.org","published":"2026-03-25T14:16:36.890","lastModified":"2026-05-21T15:26:06.317","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain.\nThis issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1.\nBIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected."},{"lang":"es","value":"Un dominio especialmente diseñado puede usarse para causar una fuga de memoria en un resolvedor BIND simplemente al consultar este dominio.\nEste problema afecta a las versiones de BIND 9 desde la 9.20.0 hasta la 9.20.20, desde la 9.21.0 hasta la 9.21.19, y desde la 9.20.9-S1 hasta la 9.20.20-S1.\nLas versiones de BIND 9 desde la 9.18.0 hasta la 9.18.46 y desde la 9.18.11-S1 hasta la 9.18.46-S1 NO se ven afectadas."}],"metrics":{"cvssMetricV31":[{"source":"security-officer@isc.org","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-officer@isc.org","type":"Secondary","description":[{"lang":"en","value":"CWE-772"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*","versionStartIncluding":"9.20.0","versionEndExcluding":"9.20.21","matchCriteriaId":"2C0EF5D0-68A6-4E00-985B-523D9B243E49"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*","versionStartIncluding":"9.21.0","versionEndExcluding":"9.21.20","matchCriteriaId":"B1DD0950-5CBD-49B2-8007-5E96B3C4FB1B"}]}]}],"references":[{"url":"https://downloads.isc.org/isc/bind9/9.20.21","source":"security-officer@isc.org","tags":["Patch"]},{"url":"https://downloads.isc.org/isc/bind9/9.21.20","source":"security-officer@isc.org","tags":["Patch"]},{"url":"https://kb.isc.org/docs/cve-2026-3104","source":"security-officer@isc.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-3119","sourceIdentifier":"security-officer@isc.org","published":"2026-03-25T14:16:37.097","lastModified":"2026-05-21T15:24:39.320","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Under certain conditions, `named` may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction signature (TSIG) from a key declared in the `named` configuration.\nThis issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1.\nBIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected."},{"lang":"es","value":"Bajo ciertas condiciones, 'named' puede colapsar al procesar una consulta correctamente firmada que contiene un registro TKEY. El código afectado solo se puede acceder si una solicitud entrante tiene una firma de transacción (TSIG) válida de una clave declarada en la configuración de 'named'.\nEste problema afecta a las versiones de BIND 9 9.20.0 a 9.20.20, 9.21.0 a 9.21.19, y 9.20.9-S1 a 9.20.20-S1.\nLas versiones de BIND 9 9.18.0 a 9.18.46 y 9.18.11-S1 a 9.18.46-S1 NO están afectadas."}],"metrics":{"cvssMetricV31":[{"source":"security-officer@isc.org","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-officer@isc.org","type":"Secondary","description":[{"lang":"en","value":"CWE-617"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*","versionStartIncluding":"9.20.0","versionEndExcluding":"9.20.21","matchCriteriaId":"2C0EF5D0-68A6-4E00-985B-523D9B243E49"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*","versionStartIncluding":"9.21.0","versionEndExcluding":"9.21.20","matchCriteriaId":"B1DD0950-5CBD-49B2-8007-5E96B3C4FB1B"}]}]}],"references":[{"url":"https://downloads.isc.org/isc/bind9/9.20.21","source":"security-officer@isc.org","tags":["Patch"]},{"url":"https://downloads.isc.org/isc/bind9/9.21.20","source":"security-officer@isc.org","tags":["Patch"]},{"url":"https://kb.isc.org/docs/cve-2026-3119","source":"security-officer@isc.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-3591","sourceIdentifier":"security-officer@isc.org","published":"2026-03-25T14:16:37.297","lastModified":"2026-05-21T15:24:36.363","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A use-after-return vulnerability exists in the `named` server when handling DNS queries signed with SIG(0). Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly (mis)match an IP address. In a default-allow ACL (denying only specific IP addresses), this may lead to unauthorized access. Default-deny ACLs should fail-secure.\nThis issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1.\nBIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected."},{"lang":"es","value":"Una vulnerabilidad de use-after-return existe en el servidor 'named' al manejar consultas DNS firmadas con SIG(0). Usando una solicitud DNS especialmente diseñada, un atacante podría ser capaz de hacer que una ACL haga una coincidencia incorrecta con una dirección IP. En una ACL de permiso predeterminado (negando solo direcciones IP específicas), esto podría llevar a acceso no autorizado. Las ACL de denegación predeterminada deberían fallar de forma segura.\nEste problema afecta a las versiones de BIND 9 9.20.0 a 9.20.20, 9.21.0 a 9.21.19, y 9.20.9-S1 a 9.20.20-S1.\nLas versiones de BIND 9 9.18.0 a 9.18.46 y 9.18.11-S1 a 9.18.46-S1 NO están afectadas."}],"metrics":{"cvssMetricV31":[{"source":"security-officer@isc.org","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}]},"weaknesses":[{"source":"security-officer@isc.org","type":"Secondary","description":[{"lang":"en","value":"CWE-305"},{"lang":"en","value":"CWE-562"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*","versionStartIncluding":"9.20.0","versionEndExcluding":"9.20.21","matchCriteriaId":"2C0EF5D0-68A6-4E00-985B-523D9B243E49"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*","versionStartIncluding":"9.21.0","versionEndExcluding":"9.21.20","matchCriteriaId":"B1DD0950-5CBD-49B2-8007-5E96B3C4FB1B"}]}]}],"references":[{"url":"https://downloads.isc.org/isc/bind9/9.20.21","source":"security-officer@isc.org","tags":["Patch"]},{"url":"https://downloads.isc.org/isc/bind9/9.21.20","source":"security-officer@isc.org","tags":["Patch"]},{"url":"https://kb.isc.org/docs/cve-2026-3591","source":"security-officer@isc.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-33815","sourceIdentifier":"security@golang.org","published":"2026-04-07T16:16:24.813","lastModified":"2026-05-21T19:58:03.360","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Memory-safety vulnerability in github.com/jackc/pgx/v5."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jackc:pgx:*:*:*:*:*:go:*:*","matchCriteriaId":"81D42EBE-044D-46BF-B4CB-F3A92CF837C7"}]}]}],"references":[{"url":"https://pkg.go.dev/vuln/GO-2026-4771","source":"security@golang.org","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-33816","sourceIdentifier":"security@golang.org","published":"2026-04-07T16:16:24.920","lastModified":"2026-05-21T19:58:43.390","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Memory-safety vulnerability in github.com/jackc/pgx/v5."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jackc:pgx:*:*:*:*:*:go:*:*","versionEndExcluding":"5.9.0","matchCriteriaId":"AA69804B-B8E3-4C7D-AD5D-3CB7616C6E4B"}]}]}],"references":[{"url":"https://pkg.go.dev/vuln/GO-2026-4772","source":"security@golang.org","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2025-62718","sourceIdentifier":"security-advisories@github.com","published":"2026-04-09T15:16:08.650","lastModified":"2026-05-21T20:38:54.387","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NO_PROXY rules. Requests to loopback addresses like localhost. (with a trailing dot) or [::1] (IPv6 literal) skip NO_PROXY matching and go through the configured proxy. This goes against what developers expect and lets attackers force requests through a proxy, even if NO_PROXY is set up to protect loopback or internal services. This issue leads to the possibility of proxy bypass and SSRF vulnerabilities allowing attackers to reach sensitive loopback or internal services despite the configured protections. This vulnerability is fixed in 1.15.0 and 0.31.0."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":5.3}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-441"},{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:axios:axios:*:*:*:*:*:node.js:*:*","versionEndExcluding":"0.31.0","matchCriteriaId":"E420AFD0-4C1B-4C44-A578-D6B90BF40F08"},{"vulnerable":true,"criteria":"cpe:2.3:a:axios:axios:*:*:*:*:*:node.js:*:*","versionStartIncluding":"1.0.0","versionEndExcluding":"1.15.0","matchCriteriaId":"E0DF6CEE-CC97-4C5F-A81B-6F1A6D77D4CC"}]}]}],"references":[{"url":"https://datatracker.ietf.org/doc/html/rfc1034#section-3.1","source":"security-advisories@github.com","tags":["Technical Description"]},{"url":"https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2","source":"security-advisories@github.com","tags":["Technical Description"]},{"url":"https://github.com/axios/axios/commit/03cdfc99e8db32a390e12128208b6778492cee9c","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/axios/axios/pull/10661","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/axios/axios/pull/10688","source":"security-advisories@github.com","tags":["Issue Tracking"]},{"url":"https://github.com/axios/axios/releases/tag/v0.31.0","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/axios/axios/releases/tag/v1.15.0","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-40180","sourceIdentifier":"security-advisories@github.com","published":"2026-04-10T20:16:23.260","lastModified":"2026-05-21T19:09:58.943","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs generation. Prior to 2.16.0 and 2.15.0-lts, the unzip() method in ApicurioCodegenWrapper.java extracts ZIP entries without validating that the resolved file path stays within the intended output directory. At line 101, the destination is constructed as new File(toOutputDir, entry.getName()) and the content is written immediately. A malicious ZIP archive containing entries with path traversal sequences (e.g., ../../malicious.java) would write files outside the target directory. This vulnerability is fixed in 2.16.0 and 2.15.0-lts."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:quarkiverse:quarkus_openapi_generator:*:*:*:*:*:*:*:*","versionEndExcluding":"2.15.0","matchCriteriaId":"E2C5131E-CD16-4C82-9C0A-D550F0860575"},{"vulnerable":true,"criteria":"cpe:2.3:a:quarkiverse:quarkus_openapi_generator:2.15.0:*:*:*:-:*:*:*","matchCriteriaId":"4E2B1037-3246-411E-BCF7-E800A6E3DDDD"}]}]}],"references":[{"url":"https://github.com/quarkiverse/quarkus-openapi-generator/commit/08b406414ff30ed192e86c7fa924e57565534ff0","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/quarkiverse/quarkus-openapi-generator/commit/e2a9c629a3df719abc74569a3795c265fd0e1239","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/quarkiverse/quarkus-openapi-generator/security/advisories/GHSA-jx2w-vp7f-456q","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/quarkiverse/quarkus-openapi-generator/security/advisories/GHSA-jx2w-vp7f-456q","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-32146","sourceIdentifier":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","published":"2026-04-11T14:16:03.640","lastModified":"2026-05-21T20:14:02.423","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper path validation vulnerability in the Gleam compiler's handling of git dependencies allows arbitrary file system modification during dependency download.\n\nDependency names from gleam.toml and manifest.toml are incorporated into filesystem paths without sufficient validation or confinement to the intended dependency directory, allowing attacker-controlled paths (via relative traversal such as ../ or absolute paths) to target filesystem locations outside that directory. When resolving git dependencies (e.g. via gleam deps download), the computed path is used for filesystem operations including directory deletion and creation.\n\nThis vulnerability occurs during the dependency resolution and download phase, which is generally expected to be limited to fetching and preparing dependencies within a confined directory. A malicious direct or transitive git dependency can exploit this issue to delete and overwrite arbitrary directories outside the intended dependency directory, including attacker-chosen absolute paths, potentially causing data loss. In some environments, this may be further leveraged to achieve code execution, for example by overwriting git hooks or shell configuration files.\n\nThis issue affects Gleam from 1.9.0-rc1 until 1.15.4."}],"metrics":{"cvssMetricV40":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:lpil:gleam:*:*:*:*:*:*:*:*","versionStartIncluding":"1.9.0","versionEndExcluding":"1.15.4","matchCriteriaId":"A37C4AF3-5B64-4A93-A706-52183AA2EC32"}]}]}],"references":[{"url":"https://cna.erlef.org/cves/CVE-2026-32146.html","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Third Party Advisory"]},{"url":"https://github.com/gleam-lang/gleam/commit/1aa5d8e594b0aa240bb213fce6ee19c65e6d5bcf","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Patch"]},{"url":"https://github.com/gleam-lang/gleam/commit/2dc0467f822c75de94697a912755d172928ee40a","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Patch"]},{"url":"https://github.com/gleam-lang/gleam/security/advisories/GHSA-vq5j-55vx-wq8j","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Exploit","Vendor Advisory"]},{"url":"https://osv.dev/vulnerability/EEF-CVE-2026-32146","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-6192","sourceIdentifier":"cna@vuldb.com","published":"2026-04-13T17:16:32.333","lastModified":"2026-05-21T16:16:23.427","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was identified in uclouvain openjpeg up to 2.5.4. This impacts the function opj_pi_initialise_encode in the library src/lib/openjp2/pi.c. The manipulation leads to integer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The identifier of the patch is 839936aa33eb8899bbbd80fda02796bb65068951. It is suggested to install a patch to address this issue."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:S/C:N/I:N/A:P","baseScore":1.7,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":3.1,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-189"},{"lang":"en","value":"CWE-190"}]}],"references":[{"url":"https://github.com/uclouvain/openjpeg/","source":"cna@vuldb.com"},{"url":"https://github.com/uclouvain/openjpeg/commit/839936aa33eb8899bbbd80fda02796bb65068951","source":"cna@vuldb.com"},{"url":"https://github.com/uclouvain/openjpeg/issues/1619","source":"cna@vuldb.com"},{"url":"https://github.com/uclouvain/openjpeg/pull/1628","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/797385","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/357114","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/357114/cti","source":"cna@vuldb.com"},{"url":"https://lists.debian.org/debian-lts-announce/2026/05/msg00038.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-40316","sourceIdentifier":"security-advisories@github.com","published":"2026-04-15T23:16:10.220","lastModified":"2026-05-21T19:25:30.010","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE vulnerability in the .github/workflows/regenerate-migrations.yml workflow. The workflow uses the pull_request_target trigger to run with full GITHUB_TOKEN write permissions, copies attacker-controlled files from untrusted pull requests into the trusted runner workspace via git show, and then executes python manage.py makemigrations, which imports Django model modules including attacker-controlled website/models.py at runtime. Any module-level Python code in the attacker's models.py is executed during import, enabling arbitrary code execution in the privileged CI environment with access to GITHUB_TOKEN and repository secrets. The attack is triggerable by any external contributor who can open a pull request, provided a maintainer applies the regenerate-migrations label, potentially leading to secret exfiltration, repository compromise, and supply chain attacks. A patch for this issue is expected to be released in version 2.1.1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-94"},{"lang":"en","value":"CWE-95"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:owasp:owasp_blt:*:*:*:*:*:*:*:*","versionEndIncluding":"2.1","matchCriteriaId":"C9D716C3-AC30-4AD0-8BA8-AEBEF29A1980"}]}]}],"references":[{"url":"https://github.com/OWASP-BLT/BLT/security/advisories/GHSA-wxm3-64fx-cmx9","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41035","sourceIdentifier":"cve@mitre.org","published":"2026-04-16T07:16:31.003","lastModified":"2026-05-21T19:23:51.373","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X (aka --xattrs). On Linux, many (but not all) common configurations are vulnerable. Non-Linux platforms are more widely vulnerable."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.1,"impactScore":3.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-130"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.1","versionEndIncluding":"3.4.1","matchCriteriaId":"8D9FD7C2-4EA5-4FB6-9B03-CBEF95B5DB20"}]}]}],"references":[{"url":"https://github.com/RsyncProject/rsync/issues/871","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://github.com/RsyncProject/rsync/releases","source":"cve@mitre.org","tags":["Release Notes"]},{"url":"https://www.openwall.com/lists/oss-security/2026/04/16/2","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/04/16/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/04/22/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-27820","sourceIdentifier":"security-advisories@github.com","published":"2026-04-16T18:16:44.770","lastModified":"2026-05-21T19:31:19.270","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstream_buffer_ungets function prepends caller-provided bytes ahead of previously produced output but fails to guarantee the backing Ruby string has enough capacity before the memmove shifts the existing data. This can lead to memory corruption when the buffer length exceeds capacity. This issue has been fixed in versions 3.0.1, 3.1.2 and 3.2.3."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-120"},{"lang":"en","value":"CWE-131"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ruby-lang:zlib:*:*:*:*:*:ruby:*:*","versionEndExcluding":"3.0.1","matchCriteriaId":"5DE8B341-809F-4E90-AA03-28B264F35B52"},{"vulnerable":true,"criteria":"cpe:2.3:a:ruby-lang:zlib:*:*:*:*:*:ruby:*:*","versionStartIncluding":"3.1.0","versionEndExcluding":"3.1.2","matchCriteriaId":"C9B291C1-492A-4684-BE65-36D10D28679F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ruby-lang:zlib:*:*:*:*:*:ruby:*:*","versionStartIncluding":"3.2.0","versionEndExcluding":"3.2.3","matchCriteriaId":"CD9F2E4A-7F44-43CD-8745-28BC10E5FA04"}]}]}],"references":[{"url":"https://github.com/ruby/zlib/security/advisories/GHSA-g857-hhfv-j68w","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://hackerone.com/reports/3467067","source":"security-advisories@github.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-40476","sourceIdentifier":"security-advisories@github.com","published":"2026-04-17T22:16:33.360","lastModified":"2026-05-21T18:15:59.453","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"graphql-go is a Go implementation of GraphQL. In versions 15.31.4 and below, the OverlappingFieldsCanBeMerged validation rule performs O(n²) pairwise comparisons of fields sharing the same response name. An attacker can send a query with thousands of repeated identical fields, causing excessive CPU usage during validation before execution begins. This is not mitigated by existing QueryDepth or QueryComplexity rules. This issue has been fixed in version 15.31.5."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-407"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:webonyx:graphql-php:*:*:*:*:*:*:*:*","versionEndExcluding":"15.31.5","matchCriteriaId":"DC1E7082-20B8-4812-A566-41D14B1B8B8D"}]}]}],"references":[{"url":"https://github.com/webonyx/graphql-php/releases/tag/v15.31.5","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/webonyx/graphql-php/security/advisories/GHSA-68jq-c3rv-pcrr","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-31430","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-20T10:16:16.877","lastModified":"2026-05-21T15:28:28.623","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nX.509: Fix out-of-bounds access when parsing extensions\n\nLeo reports an out-of-bounds access when parsing a certificate with\nempty Basic Constraints or Key Usage extension because the first byte of\nthe extension is read before checking its length.  Fix it.\n\nThe bug can be triggered by an unprivileged user by submitting a\nspecially crafted certificate to the kernel through the keyrings(7) API.\nLeo has demonstrated this with a proof-of-concept program responsibly\ndisclosed off-list."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4","versionEndExcluding":"6.6.135","matchCriteriaId":"B8EE38E0-A75D-4307-AD02-DBBED5059B12"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.82","matchCriteriaId":"02904CAE-71D2-45B3-9EC3-F6A9D18B6307"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.23","matchCriteriaId":"E9E09FDD-9EE3-4A56-92E2-2B30AFD0072F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.13","matchCriteriaId":"1490EF9B-9080-481C-8D22-1306AAE664E4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*","matchCriteriaId":"512EE3A8-A590-4501-9A94-5D4B268D6138"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/206121294b9cf27f0589857f80d64f87e496ffb2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/30ab358fad0c7daa1d282ec48089901b21b36a20","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/672b526def1f94c1be8eb11b885b803da0d8c2f1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7fb4dadc2734f4020d7543d688b8d49c8e569c61","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d702c3408213bb12bd570bb97204d8340d141c51","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-32147","sourceIdentifier":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","published":"2026-04-21T12:15:58.800","lastModified":"2026-05-21T17:37:07.480","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP ssh (ssh_sftpd module) allows an authenticated SFTP user to modify file attributes outside the configured chroot directory.\n\nThe SFTP daemon (ssh_sftpd) stores the raw, user-supplied path in file handles instead of the chroot-resolved path. When SSH_FXP_FSETSTAT is issued on such a handle, file attributes (permissions, ownership, timestamps) are modified on the real filesystem path, bypassing the root directory boundary entirely.\n\nAny authenticated SFTP user on a server configured with the root option can modify file attributes of files outside the intended chroot boundary. The prerequisite is that a target file must exist on the real filesystem at the same relative path. Note that this vulnerability only allows modification of file attributes; file contents cannot be read or altered through this attack vector.\n\nIf the SSH daemon runs as root, this enables direct privilege escalation: an attacker can set the setuid bit on any binary, change ownership of sensitive files, or make system configuration world-writable.\n\nThis vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl and program routines ssh_sftpd:do_open/4 and ssh_sftpd:handle_op/4.\n\nThis issue affects OTP from OTP 17.0 until OTP 28.4.3, 27.3.4.11, and 26.2.5.20 corresponding to ssh from 3.01 until 5.5.3, 5.2.11.7, and 5.1.4.15."}],"metrics":{"cvssMetricV40":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","versionStartIncluding":"17.0","versionEndExcluding":"26.2.5.20","matchCriteriaId":"E37C60D4-5ECE-43AF-B778-AF1BA602B5F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","versionStartIncluding":"27.0","versionEndExcluding":"27.3.4.11","matchCriteriaId":"53AEBB75-1DCB-4B04-9FA5-2821679CFD52"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","versionStartIncluding":"28.0","versionEndExcluding":"28.4.3","matchCriteriaId":"D216AF1C-362E-4C48-B34E-64278BFBC676"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/ssh:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.1","versionEndExcluding":"5.1.4.15","matchCriteriaId":"AEAA2DA5-E7F4-4C25-AABC-6DEDD0984AE5"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/ssh:*:*:*:*:*:*:*:*","versionStartIncluding":"5.2","versionEndExcluding":"5.2.11.7","matchCriteriaId":"55BBE15D-87F3-4922-AEB8-8A2CAFF0EA6E"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/ssh:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"5.5.2","matchCriteriaId":"964AE32A-19EB-4873-B4E1-E78B2DF3C628"}]}]}],"references":[{"url":"https://cna.erlef.org/cves/CVE-2026-32147.html","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Vendor Advisory"]},{"url":"https://github.com/erlang/otp/commit/28c5d5a6c5f873dc701b597276271763e7d1c004","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Patch"]},{"url":"https://github.com/erlang/otp/security/advisories/GHSA-28jg-mw9x-hpm5","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Vendor Advisory"]},{"url":"https://osv.dev/vulnerability/EEF-CVE-2026-32147","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Third Party Advisory"]},{"url":"https://www.erlang.org/doc/system/versions.html#order-of-versions","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Product"]}]}},{"cve":{"id":"CVE-2026-41144","sourceIdentifier":"security-advisories@github.com","published":"2026-04-22T00:16:29.550","lastModified":"2026-05-21T18:17:35.850","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"F´ (F Prime) is a framework that enables development and deployment of spaceflight and other embedded software applications. Prior to version 4.2.0, the bounds check byteOffset + dataSize > fileSize uses U32 addition that wraps around on overflow. An attacker-crafted DataPacket with byteOffset=0xFFFFFF9C and dataSize=100 overflows to 0, bypassing the check entirely. The subsequent file write proceeds at the original ~4GB offset. Additionally, Svc/FileUplink/File.cpp:20-31 performs no sanitization on the destination file path. Combined, these allow writing arbitrary data to any file at any offset. The impact is arbitrary file write leading to remote code execution on embedded targets. Note that this is a logic bug. ASAN does not detect it because all memory accesses are within valid buffers — the corruption occurs in file I/O. Version 4.2.0 contains a patch. No known workarounds are available."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N","baseScore":0.0,"baseSeverity":"NONE","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":0.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-190"},{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nasa:fprime:4.1.1:*:*:*:*:*:*:*","matchCriteriaId":"32D82320-65FE-412C-9588-FE47713A2D46"}]}]}],"references":[{"url":"https://github.com/nasa/fprime/commit/cacdd555456bd83ab395b521d56c0330470ea798","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/nasa/fprime/security/advisories/GHSA-qmvv-rxh4-ccqh","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-31431","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-22T09:16:21.270","lastModified":"2026-05-21T19:52:35.217","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_aead - Revert to operating out-of-place\n\nThis mostly reverts commit 72548b093ee3 except for the copying of\nthe associated data.\n\nThere is no benefit in operating in-place in algif_aead since the\nsource and destination come from different mappings.  Get rid of\nall the complexity added for in-place operation and just copy the\nAD directly."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"cisaExploitAdd":"2026-05-01","cisaActionDue":"2026-05-15","cisaRequiredAction":"\"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","cisaVulnerabilityName":"Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability","weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-669"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14","versionEndExcluding":"5.10.254","matchCriteriaId":"24B62F9A-357D-465D-97EB-2819B1CD663C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.204","matchCriteriaId":"FA800016-0012-4E3F-A528-2A7F378A0A4A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.170","matchCriteriaId":"E6653854-B188-42DD-B8C5-0143F1956AB1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.137","matchCriteriaId":"3CA3EF52-168A-4348-8F5F-356C9EB69261"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.85","matchCriteriaId":"F17D292D-A9B5-4DC7-8002-51AB95335606"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.22","matchCriteriaId":"C9DF8BCE-36D3-475D-9D21-19E4F02F9029"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.12","matchCriteriaId":"0A2B9540-02D5-41B4-B16A-82AF66FD4F36"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*","matchCriteriaId":"932D137F-528B-4526-9A89-CD59FA1AB0FE"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.1:*:*:*:*:*:*:*","matchCriteriaId":"4A751E0D-F417-4230-9C1F-A9AA43F6D8ED"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:amazon:amazon_linux:-:*:*:*:*:*:*:*","matchCriteriaId":"C8699C74-BF90-4CF8-9285-32576DB1FE2B"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:-:*:*:*:*:*:*:*","matchCriteriaId":"019A2188-0877-45DE-8512-F0BF70DD179C"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","matchCriteriaId":"FA6FEEC2-9F11-4643-8827-749718254FED"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*","matchCriteriaId":"46D69DCC-AE4D-4EA5-861C-D60951444C6C"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:13.0:*:*:*:*:*:*:*","matchCriteriaId":"204FC6CC-9DAC-45FB-8A9F-C9C8EDD29D54"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:15.3:*:*:*:*:*:*:*","matchCriteriaId":"090F0D1A-6BF8-4810-8942-3FFE4FBF7FE0"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:15.4:*:*:*:*:*:*:*","matchCriteriaId":"BE80EB04-7F9D-4C0B-85DB-4A13DEACB5E4"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:15.5:*:*:*:*:*:*:*","matchCriteriaId":"E79D3E16-E284-40C6-916E-2EE78102BF4A"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:15.6:*:*:*:*:*:*:*","matchCriteriaId":"78B4F1C7-A301-4C94-A41C-A51182B83677"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:suse:caas_platform:4.0:*:*:*:*:*:*:*","matchCriteriaId":"5AB27A2D-549C-450E-A09E-B3316895F052"},{"vulnerable":true,"criteria":"cpe:2.3:a:suse:enterprise_storage:6.0:*:*:*:*:*:*:*","matchCriteriaId":"3B20D44D-F87E-4692-8E04-695683F1ECE6"},{"vulnerable":true,"criteria":"cpe:2.3:a:suse:enterprise_storage:7.0:*:*:*:*:*:*:*","matchCriteriaId":"F7305944-AC9C-47A3-AADF-71A8B24830D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:suse:enterprise_storage:7.1:*:*:*:*:*:*:*","matchCriteriaId":"D9A626D2-FF84-40BB-B5A2-053D64992FE5"},{"vulnerable":true,"criteria":"cpe:2.3:a:suse:manager_proxy:4.0:*:*:*:*:*:*:*","matchCriteriaId":"71A42960-17FA-4F96-8CF4-BADAB702EBA4"},{"vulnerable":true,"criteria":"cpe:2.3:a:suse:manager_proxy:4.1:*:*:*:*:*:*:*","matchCriteriaId":"9910C73A-3BCD-4F56-8C7D-79CB289640A2"},{"vulnerable":true,"criteria":"cpe:2.3:a:suse:manager_proxy:4.2:*:*:*:*:*:*:*","matchCriteriaId":"B0156BFA-9E83-43E6-9C73-9711AD054B5A"},{"vulnerable":true,"criteria":"cpe:2.3:a:suse:manager_proxy:4.3:*:*:*:*:*:*:*","matchCriteriaId":"CAC2D0A4-56F8-4ED6-91E2-78434A016C5F"},{"vulnerable":true,"criteria":"cpe:2.3:a:suse:manager_retail_branch_server:4.0:*:*:*:*:*:*:*","matchCriteriaId":"A4F81939-C109-4643-951E-42F8F20F4672"},{"vulnerable":true,"criteria":"cpe:2.3:a:suse:manager_retail_branch_server:4.1:*:*:*:*:*:*:*","matchCriteriaId":"450A3B3F-F26D-4EAB-BF5D-4C906C4A99DD"},{"vulnerable":true,"criteria":"cpe:2.3:a:suse:manager_retail_branch_server:4.2:*:*:*:*:*:*:*","matchCriteriaId":"BD5BDD59-5008-4DDC-B805-BB6B7DE8E1A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:suse:manager_retail_branch_server:4.3:*:*:*:*:*:*:*","matchCriteriaId":"A69D3CCD-6590-46EF-9D3F-E903AB78E3BA"},{"vulnerable":true,"criteria":"cpe:2.3:a:suse:manager_server:4.0:*:*:*:*:*:*:*","matchCriteriaId":"51136B38-5715-49B3-BD8D-91F90632247D"},{"vulnerable":true,"criteria":"cpe:2.3:a:suse:manager_server:4.1:*:*:*:*:*:*:*","matchCriteriaId":"B5810E98-7BF5-42E2-9DE9-661049ABE367"},{"vulnerable":true,"criteria":"cpe:2.3:a:suse:manager_server:4.2:*:*:*:*:*:*:*","matchCriteriaId":"0E46DEFD-659D-4D8F-BCD8-6B8A022F8FB0"},{"vulnerable":true,"criteria":"cpe:2.3:a:suse:manager_server:4.3:*:*:*:*:*:*:*","matchCriteriaId":"A1532304-0EA2-4816-B481-C87C7386DC88"},{"vulnerable":true,"criteria":"cpe:2.3:a:suse:openstack_cloud:9.0:*:*:*:*:*:*:*","matchCriteriaId":"83F8A7D8-FD3E-4C36-AB2A-A61449BF38C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:suse:openstack_cloud_crowbar:9.0:*:*:*:*:*:*:*","matchCriteriaId":"B631400C-0A5A-45A3-9DFA-B419E83D324E"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:suse:basesystem_module:15:sp1:*:*:*:suse_linux_enterprise:*:*","matchCriteriaId":"357F7687-7710-4F51-A655-E02F3A3603FF"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:basesystem_module:15:sp2:*:*:*:suse_linux_enterprise:*:*","matchCriteriaId":"9199A62B-B38B-482D-9557-7E43A6E13774"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:basesystem_module:15:sp3:*:*:*:suse_linux_enterprise:*:*","matchCriteriaId":"02D86BE4-C975-4F28-861D-3313E144BAC3"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:basesystem_module:15:sp4:*:*:*:suse_linux_enterprise:*:*","matchCriteriaId":"2268D43F-6457-4708-AB00-F111B5945016"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:basesystem_module:15:sp5:*:*:*:suse_linux_enterprise:*:*","matchCriteriaId":"990A2271-69DA-4FC9-BD7B-2D1A22BF26E0"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:basesystem_module:15:sp6:*:*:*:suse_linux_enterprise:*:*","matchCriteriaId":"31785EF5-12E3-44EB-9391-B34C9476A075"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:basesystem_module:15:sp7:*:*:*:suse_linux_enterprise:*:*","matchCriteriaId":"2E177376-B887-4D00-BD07-60C1B862901F"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:development_tools_module:15:sp1:*:*:*:suse_linux_enterprise:*:*","matchCriteriaId":"58DEE083-487A-4C64-A269-CD5C63D4A273"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:development_tools_module:15:sp2:*:*:*:suse_linux_enterprise:*:*","matchCriteriaId":"0E65BF75-2DE8-46D3-8A34-BC5EDB9B66D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:development_tools_module:15:sp3:*:*:*:suse_linux_enterprise:*:*","matchCriteriaId":"D15DC0F1-2C7A-45F3-BC08-82A4B925B2B2"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:development_tools_module:15:sp4:*:*:*:suse_linux_enterprise:*:*","matchCriteriaId":"E7DF4886-9D35-4415-A727-A08FEBF7128C"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:development_tools_module:15:sp5:*:*:*:suse_linux_enterprise:*:*","matchCriteriaId":"6997F266-74C0-41A2-B157-F3E09A3A9C5A"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:development_tools_module:15:sp6:*:*:*:suse_linux_enterprise:*:*","matchCriteriaId":"AA273F5C-BE4E-410B-9192-0DD9473E9822"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:development_tools_module:15:sp7:*:*:*:suse_linux_enterprise:*:*","matchCriteriaId":"0A9B8201-C85C-46A9-B597-57711971F402"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:legacy_module:15:sp7:*:*:*:suse_linux_enterprise:*:*","matchCriteriaId":"F60DD081-8FD5-4C2B-96BB-18CED178031F"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*","matchCriteriaId":"17D4B6F2-514D-4BC2-B2C5-4E2FCCAC594C"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_desktop:12:sp4:*:*:*:*:*:*","matchCriteriaId":"55242557-663C-4870-A439-4C8FEEB69E7F"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_desktop:15:sp1:*:*:*:*:*:*","matchCriteriaId":"7BBB0C06-3CCE-40B2-8CEA-F4303D861C9C"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_desktop:15:sp2:*:*:*:*:*:*","matchCriteriaId":"8C4F62C0-4188-433A-8292-559025CA23C0"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_desktop:15:sp3:*:*:*:*:*:*","matchCriteriaId":"ACB76FF0-B939-42E9-842B-171E929F317D"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_desktop:15:sp4:*:*:*:*:*:*","matchCriteriaId":"F648F64B-C3F2-4B14-906D-E48345303F0E"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_desktop:15:sp5:*:*:*:*:*:*","matchCriteriaId":"3298F3F6-F8A1-41CC-AD83-C584CA103757"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_desktop:15:sp6:*:*:*:*:*:*","matchCriteriaId":"B83183BD-A440-4697-8DD8-8A478C428984"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_desktop:15:sp7:*:*:*:*:*:*","matchCriteriaId":"B4388826-A383-4FBA-819A-363EAF6183DE"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_high_availability_extension:15:sp4:*:*:*:*:*:*","matchCriteriaId":"F1FCE4D2-1DEA-47B8-B8E2-28BF9F6B4427"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_high_availability_extension:15:sp6:*:*:*:*:*:*","matchCriteriaId":"CD0E86ED-467D-4904-A264-EA4A3DC43FAE"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_high_availability_extension:15:sp7:*:*:*:*:*:*","matchCriteriaId":"6D4A57E9-3F8E-487B-BAC8-0F85DC776C01"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_high_availability_extension:16.0:-:*:*:*:*:*:*","matchCriteriaId":"E00590A7-67FA-419C-8B98-3B7F7EBA3DC1"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp1:*:*:-:*:*:*","matchCriteriaId":"5EB65449-AE21-4EE9-B0A1-6E7F984BA33F"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp1:*:*:espos:*:*:*","matchCriteriaId":"89C89474-3F7A-499E-8E7C-25952584A68C"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp1:*:*:ltss:*:*:*","matchCriteriaId":"CA2E84A0-A9ED-411B-9963-647D8A95D3D5"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp2:*:*:-:*:*:*","matchCriteriaId":"6426BD94-DEE9-4833-B266-747DAD834366"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp2:*:*:espos:*:*:*","matchCriteriaId":"455B5F70-FDA0-4AE3-9C62-F0BC8E6C3D85"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp2:*:*:ltss:*:*:*","matchCriteriaId":"A0E17861-F7C2-479B-B687-42419ADED014"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp3:*:*:-:*:*:*","matchCriteriaId":"75A0B727-33A9-416B-9E83-5103ABE856B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp3:*:*:espos:*:*:*","matchCriteriaId":"C46EFE88-003E-45C7-9BB3-CCC6B4E5E012"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp3:*:*:ltss:*:*:*","matchCriteriaId":"4B6D6786-D47A-49D3-A368-775417B47AE3"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp4:*:*:-:*:*:*","matchCriteriaId":"D0E679A3-3EAC-4603-BD89-E04EE26845B2"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp4:*:*:espos:*:*:*","matchCriteriaId":"3A766D20-F8F6-47D7-BB8A-298E6D4A557B"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp4:*:*:ltss:*:*:*","matchCriteriaId":"E7C37E18-03E4-4618-A5DF-3B4C307AE262"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp5:*:*:-:*:*:*","matchCriteriaId":"26F5E65A-CC1E-43D7-8181-53ACF3D04D01"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp5:*:*:espos:*:*:*","matchCriteriaId":"AFECB8BB-9BFE-4725-BEF0-D05DC7858E76"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp5:*:*:ltss:*:*:*","matchCriteriaId":"4E3D5431-943A-47E6-9702-BD9FC39FF18E"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp6:*:*:-:*:*:*","matchCriteriaId":"E3F9185F-365B-4DA9-A406-B474792C45A4"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp7:*:*:-:*:*:*","matchCriteriaId":"D1570F75-DBEA-4B52-B499-06E7D100E270"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_live_patching:12:sp5:*:*:*:*:*:*","matchCriteriaId":"1D26195B-07AA-4320-A0C9-D322266DEC68"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_live_patching:15:sp4:*:*:*:*:*:*","matchCriteriaId":"CADD34DE-2694-4F53-9CEE-765A981565DB"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_live_patching:15:sp5:*:*:*:*:*:*","matchCriteriaId":"0F229A3A-A13F-46E7-9A29-3FA43EE44D79"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_live_patching:15:sp6:*:*:*:*:*:*","matchCriteriaId":"B717A471-D104-4D66-9EDB-BF65C96E0A15"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_live_patching:15:sp7:*:*:*:*:*:*","matchCriteriaId":"B59781EB-6D62-4619-AC92-F858BDF0D430"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_micro:5.0:*:*:*:*:-:*:*","matchCriteriaId":"620CB473-D500-49B1-ABD5-A2C6DB641DD9"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_micro:5.1:*:*:*:*:-:*:*","matchCriteriaId":"FE7DC148-F244-4AEA-8803-17ADF8DC4AC7"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_micro:5.2:*:*:*:*:-:*:*","matchCriteriaId":"EACDFD9B-C423-4FD1-B9AA-0D6D7D93CB36"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_micro:5.2:*:*:*:*:rancher:*:*","matchCriteriaId":"825D86FE-87DA-4389-8097-D7CF34718CB2"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_micro:5.3:*:*:*:*:-:*:*","matchCriteriaId":"E037079A-283D-460C-A76D-E436C575352B"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_micro:5.3:*:*:*:*:rancher:*:*","matchCriteriaId":"E1BB6675-DF28-4494-A956-06915DE98A09"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_micro:5.4:*:*:*:*:-:*:*","matchCriteriaId":"0D7CF925-609A-41DD-A76A-4D8F6C05729A"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_micro:5.4:*:*:*:*:rancher:*:*","matchCriteriaId":"E9138B27-95CD-4064-AB74-CD1364DA3D3F"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_micro:5.5:*:*:*:*:-:*:*","matchCriteriaId":"6683D4D9-9647-4C06-A729-8CE2DFE195E8"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_real_time:15.0:sp2:*:*:*:*:*:*","matchCriteriaId":"4B0AC584-5E26-4ACE-BC19-9E69A302F238"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_real_time:15.0:sp3:*:*:*:*:*:*","matchCriteriaId":"17377C9F-F429-47B2-AC4D-17CE243ED949"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_real_time:15.0:sp4:*:*:*:*:*:*","matchCriteriaId":"62DC1612-368F-4D67-AA5E-E4719279DE4A"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_real_time:15.0:sp5:*:*:*:*:*:*","matchCriteriaId":"71E87389-289F-4FF6-928B-9A8E77387F65"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_real_time:15.0:sp6:*:*:*:*:*:*","matchCriteriaId":"E8772290-7B8F-4FF3-8114-0535E84E10F5"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_real_time:15.0:sp7:*:*:*:*:*:*","matchCriteriaId":"BF782A24-9E6B-4897-9402-37DBCA7A7332"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:-:-:*:*","matchCriteriaId":"A25FBA6E-EB0B-4FD3-A0CE-33CA9EB0CD62"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:ltss:-:*:*","matchCriteriaId":"0E13E83D-4249-45C1-8025-491EECA6F9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:ltss_extreme_core:-:*:*","matchCriteriaId":"6BBDE786-4B07-4FD1-817F-948A19F97EE0"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:12:sp4:*:*:-:-:*:*","matchCriteriaId":"38373877-18C5-4CEB-A2F1-A6BCF63C1D79"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:12:sp4:*:*:-:sap:*:*","matchCriteriaId":"E279968E-C62B-4888-899A-2BF57E8F8692"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:12:sp4:*:*:espos:-:*:*","matchCriteriaId":"26CAA62D-796C-45E2-8797-64833C237D27"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:12:sp4:*:*:ltss:-:*:*","matchCriteriaId":"191B0B2D-5A5A-4206-B061-106C22C03C88"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:-:-:*:*","matchCriteriaId":"36E71D0E-6256-45D5-A0B8-518B3DB59718"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:ltss:-:*:*","matchCriteriaId":"FE4A9969-7684-44E0-AF88-437B6F5B2CAA"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:ltss_extended_security:-:*:*","matchCriteriaId":"1202065D-DE5A-4E7F-B01A-4D3915C5112A"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:15:sp1:*:*:-:-:*:*","matchCriteriaId":"60EF8A73-A078-49A9-8FDE-4B7F74B2E17B"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:15:sp1:*:*:-:sap:*:*","matchCriteriaId":"82A16781-8A1D-4FE4-84E8-19B6B8D5E6D0"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:15:sp1:*:*:business_critical_linux:-:*:*","matchCriteriaId":"26FDBC27-D993-4A93-BC70-753FA21F4C11"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:15:sp1:*:*:ltss:-:*:*","matchCriteriaId":"5BC409DF-47A5-4EAF-9DCA-9BA35BB1B2C5"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:-:-:*:*","matchCriteriaId":"2FAAE2BD-4063-4C24-B8C8-9638171A19B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:-:sap:*:*","matchCriteriaId":"1615874B-E07C-4DAB-9F48-34DA42915314"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:business_critical_linux:-:*:*","matchCriteriaId":"A256B5D1-49D2-4363-AAD6-30FD32F0D132"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:ltss:-:*:*","matchCriteriaId":"2AEA8A74-9D7D-410A-983E-7E69443DEA6B"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:15:sp3:*:*:-:-:*:*","matchCriteriaId":"F9771ADC-0560-4146-9CC2-690D3C3CE81F"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:15:sp3:*:*:-:sap:*:*","matchCriteriaId":"76840252-04F1-43C4-9A59-676B179650E0"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:15:sp3:*:*:business_critical_linux:-:*:*","matchCriteriaId":"7456711B-C403-48FC-AD77-92D5177D3175"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:15:sp3:*:*:ltss:-:*:*","matchCriteriaId":"3BE8B253-3C09-48C8-BAE8-3E953AAFA49F"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:15:sp4:*:*:-:-:*:*","matchCriteriaId":"9122256C-13F2-4322-95F1-9D83C9051A45"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:15:sp4:*:*:-:sap:*:*","matchCriteriaId":"CC23D242-B960-40D3-A395-174A1F270D4D"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:15:sp4:*:*:ltss:-:*:*","matchCriteriaId":"7053AA23-E12B-4B91-A641-724887F6A4DF"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:15:sp5:*:*:-:-:*:*","matchCriteriaId":"9E823F48-8554-4590-BC30-CA17ECAE9ED4"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:15:sp5:*:*:-:sap:*:*","matchCriteriaId":"0B02BB2D-5DB9-48DC-AB4F-B006D18234FA"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:15:sp5:*:*:ltss:-:*:*","matchCriteriaId":"8DFA6058-A5C9-4E87-9F34-B083E55A7EA3"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:15:sp6:*:*:-:-:*:*","matchCriteriaId":"BB84120C-48BB-4147-AAD3-39DEF003B57E"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:15:sp6:*:*:-:sap:*:*","matchCriteriaId":"8F9012DD-FFF8-4CED-AEA3-C22CB44C237F"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:15:sp6:*:*:ltss:-:*:*","matchCriteriaId":"B05BFB51-DBF6-4F71-83F8-C32BFB396404"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:15:sp7:*:*:-:-:*:*","matchCriteriaId":"CCE4946A-773A-443D-B5E3-839E637C3360"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:15:sp7:*:*:-:sap:*:*","matchCriteriaId":"C2F7F7D2-6E82-4FB4-8C44-3C7DEF123173"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:16.0:-:*:*:-:-:*:*","matchCriteriaId":"0F61E05F-DD0A-48AB-B7B2-8D84A5517FF2"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:16.0:-:*:*:-:sap:*:*","matchCriteriaId":"7DC085B3-7D3D-4FEB-B778-79FBDD87264A"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:16.1:-:*:*:-:-:*:*","matchCriteriaId":"09803492-7525-4B24-B34E-64BB9FF6FDBD"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:16.1:-:*:*:-:sap:*:*","matchCriteriaId":"56519853-7A3E-412C-A4F6-6921A1742033"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_workstation_extension:15:sp7:*:*:*:*:*:*","matchCriteriaId":"12E15CF5-8517-4AE1-9130-4CFA65C2F7C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_micro:6.0:*:*:*:*:*:*:*","matchCriteriaId":"5A4E809C-2AAD-4E86-A5F4-AB41CA669F40"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_micro:6.1:*:*:*:*:*:*:*","matchCriteriaId":"9DC86A69-74D3-4745-BC7C-BBAF80B2BCBE"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_micro:6.2:*:*:*:*:*:*:*","matchCriteriaId":"E9594AD7-3671-42D1-B07E-D8FE8782EDD7"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:public_cloud_module:15:sp6:*:*:*:suse_linux_enterprise:*:*","matchCriteriaId":"CEB648DC-0111-443B-A728-2D9B01EBC179"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:public_cloud_module:15:sp7:*:*:*:suse_linux_enterprise:*:*","matchCriteriaId":"6C09FB49-F594-4ECD-9686-4EDBC8BD1C1A"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:realtime_module:15:sp3:*:*:*:suse_linux_enterprise:*:*","matchCriteriaId":"9C713704-CEB4-4F44-BD93-77F0586DC518"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:realtime_module:15:sp4:*:*:*:suse_linux_enterprise:*:*","matchCriteriaId":"D7E2A9ED-6E69-46D7-85AC-2DB710AB7A84"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:realtime_module:15:sp5:*:*:*:suse_linux_enterprise:*:*","matchCriteriaId":"6C4BB4DD-2022-479F-8805-70B37E2B224C"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:realtime_module:15:sp6:*:*:*:suse_linux_enterprise:*:*","matchCriteriaId":"ACB1A9AF-E037-4FC1-8A35-E1D128005FA9"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:realtime_module:15:sp7:*:*:*:suse_linux_enterprise:*:*","matchCriteriaId":"DD298056-E8C4-4F7E-8CD5-784C201633D1"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:nixos:nixos:*:*:*:*:*:*:*:*","versionEndExcluding":"25.11","matchCriteriaId":"A1DAD7C2-EBFB-4DF5-A727-0A84F8F31619"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:arista:cloudvision_agni:*:*:*:*:*:-:*:*","versionStartIncluding":"2024.4.0","versionEndIncluding":"2025.2.2","matchCriteriaId":"A4C875E3-0FFA-4806-BA6C-EB2F8EBF76AF"},{"vulnerable":true,"criteria":"cpe:2.3:a:arista:cloudvision_portal:*:*:*:*:*:*:*:*","versionStartIncluding":"2024.2.0","versionEndIncluding":"2026.1.0","matchCriteriaId":"0ADB58FD-7F44-4BA1-9A55-21E220B4FFDF"},{"vulnerable":true,"criteria":"cpe:2.3:a:arista:velocloud_edge:*:*:*:*:*:*:*:*","versionStartIncluding":"4.5.0","versionEndIncluding":"6.4.1","matchCriteriaId":"1A9C5C40-C542-4320-9777-29A0F2D70220"},{"vulnerable":true,"criteria":"cpe:2.3:a:arista:velocloud_gateway:-:*:*:*:*:*:*:*","matchCriteriaId":"88F2CE3D-1529-4A87-BD14-173BF206D7A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:velocloud_orchestrator:-:*:*:*:*:*:*:*","matchCriteriaId":"1CE92745-C5FC-4FDD-B3FB-B712078C1348"},{"vulnerable":true,"criteria":"cpe:2.3:o:arista:netvisor_os:*:*:*:*:*:*:*:*","versionEndExcluding":"7.1.0","matchCriteriaId":"A3349C40-C473-4744-AF72-AB6B0EBDB92F"},{"vulnerable":true,"criteria":"cpe:2.3:o:arista:netvisor_os:7.1.0:-:*:*:*:*:*:*","matchCriteriaId":"447BB72F-95B9-4F2E-8CDD-74664AD045ED"},{"vulnerable":true,"criteria":"cpe:2.3:o:arista:netvisor_os:7.1.0:hotfix7:*:*:*:*:*:*","matchCriteriaId":"82A2BB74-B148-44F1-904E-325E89720073"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518-4_pn\\/dp_mfp_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"3.1.5","matchCriteriaId":"99E36624-A573-47D9-B158-B18A8A822FBA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4_pn\\/dp_mfp:-:*:*:*:*:*:*:*","matchCriteriaId":"3BC4FA01-8DDB-41E4-B759-7B504F78AEBC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518f-4_pn\\/dp_mfp_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"3.1.5","matchCriteriaId":"2A7548B8-3DF7-46D9-8A4F-87C38969D900"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518f-4_pn\\/dp_mfp:-:*:*:*:*:*:*:*","matchCriteriaId":"5B1EE93D-BAD2-4B86-910C-8784FCC9F398"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:siemens:siplus_s7-1500_cpu_1518-4_pn\\/dp_mfp_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"3.1.5","matchCriteriaId":"19F1C257-0EE6-47DE-B4BE-169F801FFDD8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:siemens:siplus_s7-1500_cpu_1518-4_pn\\/dp_mfp:-:*:*:*:*:*:*:*","matchCriteriaId":"E2F63E0A-126D-4A93-8159-45EB5E606F81"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:siemens:simatic_s7-1500_tm_mfp_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.1","matchCriteriaId":"3A84FD25-22C7-47F3-ABC2-413D03AB4648"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:siemens:simatic_s7-1500_tm_mfp:-:*:*:*:*:*:*:*","matchCriteriaId":"754051AB-27D3-41CA-B2C8-79BAD48C8750"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","matchCriteriaId":"B5A6F2F3-4894-4392-8296-3B8DD2679084"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","matchCriteriaId":"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","matchCriteriaId":"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*","matchCriteriaId":"902B8056-9E37-443B-8905-8AA93E2447FB"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*","matchCriteriaId":"359012F1-2C63-415A-88B8-6726A87830DE"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:24.04:*:*:*:lts:*:*:*","matchCriteriaId":"BF90B5A4-6E55-4369-B9D4-E7A061E797D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:25.10:*:*:*:-:*:*:*","matchCriteriaId":"8998BFFF-82EF-4D9E-8DE5-0072064512BC"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/19d43105a97be0810edbda875f2cd03f30dc130c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3115af9644c342b356f3f07a4dd1c8905cd9a6fc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/893d22e0135fa394db81df88697fba6032747667","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8b88d99341f139e23bdeb1027a2a3ae10d341d82","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/961cfa271a918ad4ae452420e7c303149002875b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ce42ee423e58dffa5ec03524054c9d8bfd4f6237","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"http://www.openwall.com/lists/oss-security/2026/04/29/23","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Patch"]},{"url":"http://www.openwall.com/lists/oss-security/2026/04/29/25","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch"]},{"url":"http://www.openwall.com/lists/oss-security/2026/04/29/26","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Patch"]},{"url":"http://www.openwall.com/lists/oss-security/2026/04/30/10","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch"]},{"url":"http://www.openwall.com/lists/oss-security/2026/04/30/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch"]},{"url":"http://www.openwall.com/lists/oss-security/2026/04/30/12","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch"]},{"url":"http://www.openwall.com/lists/oss-security/2026/04/30/14","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch"]},{"url":"http://www.openwall.com/lists/oss-security/2026/04/30/15","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch"]},{"url":"http://www.openwall.com/lists/oss-security/2026/04/30/16","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch"]},{"url":"http://www.openwall.com/lists/oss-security/2026/04/30/17","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/04/30/18","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/04/30/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/04/30/20","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/04/30/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Patch"]},{"url":"http://www.openwall.com/lists/oss-security/2026/04/30/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/01/10","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/01/12","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/01/15","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/01/16","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/01/17","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/01/18","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/01/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/01/22","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/01/23","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/01/24","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/01/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/02/14","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/02/15","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/02/16","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/02/17","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/02/18","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/02/19","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/02/20","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/02/21","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/02/23","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/02/24","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/02/25","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/02/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/02/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/02/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/02/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/02/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/03/10","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/03/12","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/03/13","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/03/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/03/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/03/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/03/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/04/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/04/10","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/04/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/04/12","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/04/13","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/04/14","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/04/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/04/24","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/04/27","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/04/28","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/04/29","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/04/31","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/04/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/04/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/06/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/07/12","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/07/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/08/13","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/18/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"https://copy.fail","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"https://websec.net/blog/cve-2026-31431-linux-algifaead-page-cache-write-to-root-69f38a4ccddd2db1f520f170","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.kb.cert.org/vuls/id/260001","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/security/cve/cve-2026-31431#cve-details-mitigation","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Third Party Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-082556.html","source":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","tags":["Third Party Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-265688.html","source":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","tags":["Third Party Advisory"]},{"url":"https://github.com/theori-io/copy-fail-CVE-2026-31431","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit"]},{"url":"https://lore.kernel.org/linux-cve-announce/2026042214-CVE-2026-31431-3d65@gregkh/","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-31431","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]},{"url":"https://xint.io/blog/copy-fail-linux-distributions#the-fix-6","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-31432","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-22T09:16:21.410","lastModified":"2026-05-21T17:28:57.847","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix OOB write in QUERY_INFO for compound requests\n\nWhen a compound request such as READ + QUERY_INFO(Security) is received,\nand the first command (READ) consumes most of the response buffer,\nksmbd could write beyond the allocated buffer while building a security\ndescriptor.\n\nThe root cause was that smb2_get_info_sec() checked buffer space using\nppntsd_size from xattr, while build_sec_desc() often synthesized a\nsignificantly larger descriptor from POSIX ACLs.\n\nThis patch introduces smb_acl_sec_desc_scratch_len() to accurately\ncompute the final descriptor size beforehand, performs proper buffer\nchecking with smb2_calc_max_out_buf_len(), and uses exact-sized\nallocation + iov pinning."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.145","versionEndExcluding":"5.16","matchCriteriaId":"B98C9201-BF17-4E2C-84FF-75EE2AA94DC5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.71","versionEndExcluding":"6.2","matchCriteriaId":"163E72B5-0F5D-49E2-AAEA-F11E02D730AD"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6","versionEndExcluding":"6.12.81","matchCriteriaId":"D467CA25-2A1E-475C-969E-62759720CE35"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.22","matchCriteriaId":"C9DF8BCE-36D3-475D-9D21-19E4F02F9029"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.12","matchCriteriaId":"0A2B9540-02D5-41B4-B16A-82AF66FD4F36"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/075ea208c648cc2bcd616295b711d3637c61de45","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/515c2daab46021221bdf406bef19bc90a44ec617","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d48c64fb80ad78b3dd29fb7d79b6ec7bd72bfc09","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fda9522ed6afaec45cabc198d8492270c394c7bc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-6857","sourceIdentifier":"secalert@redhat.com","published":"2026-04-22T13:16:22.583","lastModified":"2026-05-21T15:16:30.200","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream remote aggregation repository. A remote attacker with low privileges could exploit this by sending specially crafted data, leading to arbitrary code execution. This allows the attacker to gain full control over the affected system, impacting its confidentiality, integrity, and availability."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:17668","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-6857","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460003","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-32952","sourceIdentifier":"security-advisories@github.com","published":"2026-04-24T03:16:07.833","lastModified":"2026-05-21T18:22:06.247","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using `ntlmssp.Negotiator` as an HTTP transport. Version 0.1.1 patches the issue."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:go-ntlmssp:*:*:*:*:*:go:*:*","versionEndExcluding":"0.1.1","matchCriteriaId":"DD9C4411-621B-4714-A17D-76CF7D65BF49"}]}]}],"references":[{"url":"https://github.com/Azure/go-ntlmssp/releases/tag/v0.1.1","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/Azure/go-ntlmssp/security/advisories/GHSA-pjcq-xvwq-hhpj","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41319","sourceIdentifier":"security-advisories@github.com","published":"2026-04-24T04:16:20.400","lastModified":"2026-05-21T19:39:07.493","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"MailKit is a cross-platform mail client library built on top of MimeKit. A STARTTLS Response Injection vulnerability in versions prior to 4.16.0 allows a Man-in-the-Middle attacker to inject arbitrary protocol responses across the plaintext-to-TLS trust boundary, enabling SASL authentication mechanism downgrade (e.g., forcing PLAIN instead of SCRAM-SHA-256). The internal read buffer in `SmtpStream`, `ImapStream`, and `Pop3Stream` is not flushed when the underlying stream is replaced with `SslStream` during STARTTLS upgrade, causing pre-TLS attacker-injected data to be processed as trusted post-TLS responses. Version 4.16.0 patches the issue."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jstedfast:mailkit:*:*:*:*:*:*:*:*","versionEndExcluding":"4.16.0","matchCriteriaId":"93C4C88D-7A8F-468C-90DE-0BBD8B916D6A"}]}]}],"references":[{"url":"https://github.com/jstedfast/MailKit/security/advisories/GHSA-9j88-vvj5-vhgr","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/jstedfast/MailKit/security/advisories/GHSA-9j88-vvj5-vhgr","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-29514","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-04T17:16:22.880","lastModified":"2026-05-21T16:16:22.337","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"NetBox versions 4.3.5 through 4.5.4 contain a remote code execution vulnerability in the RenderTemplateMixin.get_environment_params() method that allows authenticated users with exporttemplate or configtemplate permissions to execute arbitrary code by specifying malicious Python callables in the environment_params field. Attackers can bypass Jinja2 SandboxedEnvironment protections by setting the finalize parameter to any importable Python callable such as subprocess.getoutput, which is invoked on every rendered expression outside the sandbox's call interception mechanism, achieving remote code execution as the NetBox service user."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-183"}]}],"references":[{"url":"https://chocapikk.com/posts/2026/netbox-export-template-rce/","source":"disclosure@vulncheck.com"},{"url":"https://github.com/netbox-community/netbox/commit/d124c5fe86e12aad61285133c0caf16adcda8f2e","source":"disclosure@vulncheck.com"},{"url":"https://github.com/netbox-community/netbox/issues/22079","source":"disclosure@vulncheck.com"},{"url":"https://github.com/netbox-community/netbox/pull/22078","source":"disclosure@vulncheck.com"},{"url":"https://github.com/netbox-community/netbox/pull/22170","source":"disclosure@vulncheck.com"},{"url":"https://github.com/netbox-community/netbox/releases/tag/v4.6.1","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/netbox-rce-via-rendertemplatemixin","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-43395","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:50.907","lastModified":"2026-05-21T19:34:15.467","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/sync: Cleanup partially initialized sync on parse failure\n\nxe_sync_entry_parse() can allocate references (syncobj, fence, chain fence,\nor user fence) before hitting a later failure path. Several of those paths\nreturned directly, leaving partially initialized state and leaking refs.\n\nRoute these error paths through a common free_sync label and call\nxe_sync_entry_cleanup(sync) before returning the error.\n\n(cherry picked from commit f939bdd9207a5d1fc55cced5459858480686ce22)"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-459"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.8","versionEndExcluding":"6.12.78","matchCriteriaId":"70EDBB86-A33A-44D8-BF14-B806E56D3529"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1bfd7575092420ba5a0b944953c95b74a5646ff8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/91c228f96fcfacc2341a58815b1da8c69da94ebb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/af65cd1853599394b94201c08bed7a46717db478","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f0af63ffa06306f12592cd3919fad6957b425e1b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43396","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:51.010","lastModified":"2026-05-21T19:32:28.120","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/sync: Fix user fence leak on alloc failure\n\nWhen dma_fence_chain_alloc() fails, properly release the user fence\nreference to prevent a memory leak.\n\n(cherry picked from commit a5d5634cde48a9fcd68c8504aa07f89f175074a0)"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.18.1","versionEndExcluding":"6.18.20","matchCriteriaId":"2939340B-318A-4690-9965-6C309EF2A165"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.18:-:*:*:*:*:*:*","matchCriteriaId":"DCE57113-2223-4308-A0F2-5E6ECFBB3C23"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.18:rc5:*:*:*:*:*:*","matchCriteriaId":"2545FB83-C4A6-4F62-9ED1-09F75D2E3C78"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.18:rc6:*:*:*:*:*:*","matchCriteriaId":"E955EC5D-4684-4B5D-AE4D-F2BF9ADDBA1D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.18:rc7:*:*:*:*:*:*","matchCriteriaId":"38C4D89F-9A13-4D29-8645-C9785C142C07"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/05edc78eb4699e8e000a62aaa8dace50a17e19e3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/0879c3f04f67e2a1677c25dcc24669ce21eb6a6c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f8f90b33934b307f6e4599b9fae38aa1ee5441a7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43397","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:51.117","lastModified":"2026-05-21T19:30:31.447","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/bridge: samsung-dsim: Fix memory leak in error path\n\nIn samsung_dsim_host_attach(), drm_bridge_add() is called to add the\nbridge. However, if samsung_dsim_register_te_irq() or\npdata->host_ops->attach() fails afterwards, the function returns\nwithout removing the bridge, causing a memory leak.\n\nFix this by adding proper error handling with goto labels to ensure\ndrm_bridge_remove() is called in all error paths. Also ensure that\nsamsung_dsim_unregister_te_irq() is called if the attach operation\nfails after the TE IRQ has been registered.\n\nsamsung_dsim_unregister_te_irq() function is moved without changes\nto be before samsung_dsim_host_attach() to avoid forward declaration."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4","versionEndExcluding":"6.6.130","matchCriteriaId":"B5DC2349-A344-41CA-9A54-55596F8AD981"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0b07f7d2c5a4078c2f1c11bb36685084fe4e5c95","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/803ec1faf7c1823e6e3b1f2aaa81be18528c9436","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/98310fe3a2a79671b739a5344c1a11d74c503e25","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a40b92fb4b26d4cb1b5e439e55a56db7e79a82d1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e6d779654cda63d632bd8dfcdcabd125057e30a5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43398","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:51.230","lastModified":"2026-05-21T19:29:27.747","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: add upper bound check on user inputs in wait ioctl\n\nHuge input values in amdgpu_userq_wait_ioctl can lead to a OOM and\ncould be exploited.\n\nSo check these input value against AMDGPU_USERQ_MAX_HANDLES\nwhich is big enough value for genuine use cases and could\npotentially avoid OOM.\n\nv2: squash in Srini's fix\n\n(cherry picked from commit fcec012c664247531aed3e662f4280ff804d1476)"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.16","versionEndExcluding":"6.18.19","matchCriteriaId":"F7766422-FDBE-437C-8710-C7F7094B8844"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3cd93bc695b3456f26f5ed52753d9071da26202a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/64ac7c09fc44985ec9bb6a9db740899fa40ca613","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b1d10508da559da2e0ca9cca6505094a7df948e1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43399","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:51.327","lastModified":"2026-05-21T19:28:12.860","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/userq: Fix reference leak in amdgpu_userq_wait_ioctl\n\nDrop reference to syncobj and timeline fence when aborting the ioctl due\noutput array being too small.\n\n(cherry picked from commit 68951e9c3e6bb22396bc42ef2359751c8315dd27)"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.16","versionEndExcluding":"6.18.19","matchCriteriaId":"F7766422-FDBE-437C-8710-C7F7094B8844"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/49abfa812617a7f2d0132c70d23ac98b389c6ec1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5409247d41f372bec5b141ef599f2d9f5e81b746","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/762f47e2b824383d5be65eee2c40a1269b7d50c8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43400","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:51.430","lastModified":"2026-05-21T19:27:02.367","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: add upper bound check on user inputs in signal ioctl\n\nHuge input values in amdgpu_userq_signal_ioctl can lead to a OOM and\ncould be exploited.\n\nSo check these input value against AMDGPU_USERQ_MAX_HANDLES\nwhich is big enough value for genuine use cases and could\npotentially avoid OOM.\n\n(cherry picked from commit be267e15f99bc97cbe202cd556717797cdcf79a5)"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.16","versionEndExcluding":"6.18.19","matchCriteriaId":"F7766422-FDBE-437C-8710-C7F7094B8844"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/46630d966b99b0fc6cb01fef4110587f3375a0c0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6fff5204d8aa26b1be50b6427f833bd3e8899c4f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ea78f8c68f4f6211c557df49174c54d167821962","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43401","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:51.543","lastModified":"2026-05-21T19:26:06.597","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: intel_pstate: Fix NULL pointer dereference in update_cpu_qos_request()\n\nThe update_cpu_qos_request() function attempts to initialize the 'freq'\nvariable by dereferencing 'cpudata' before verifying if the 'policy'\nis valid.\n\nThis issue occurs on systems booted with the \"nosmt\" parameter, where\nall_cpu_data[cpu] is NULL for the SMT sibling threads. As a result,\nany call to update_qos_requests() will result in a NULL pointer\ndereference as the code will attempt to access pstate.turbo_freq using\nthe NULL cpudata pointer.\n\nAlso, pstate.turbo_freq may be updated by intel_pstate_get_hwp_cap()\nafter initializing the 'freq' variable, so it is better to defer the\n'freq' until intel_pstate_get_hwp_cap() has been called.\n\nFix this by deferring the 'freq' assignment until after the policy and\ndriver_data have been validated.\n\n[ rjw: Added one paragraph to the changelog ]"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.18","versionEndExcluding":"6.18.19","matchCriteriaId":"4B3A7D3C-8D62-43DB-ADD2-83F0634E4C23"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/42738dffb7b0766a45882dff7989401d78f66f92","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6bfda7ce56e7d14a677b7bcd6c7a5009cc29aa88","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ab39cc4cb8ceecdc2b61747433e7237f1ac2b789","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43402","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:51.670","lastModified":"2026-05-21T19:24:33.637","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nkthread: consolidate kthread exit paths to prevent use-after-free\n\nGuillaume reported crashes via corrupted RCU callback function pointers\nduring KUnit testing. The crash was traced back to the pidfs rhashtable\nconversion which replaced the 24-byte rb_node with an 8-byte rhash_head\nin struct pid, shrinking it from 160 to 144 bytes.\n\nstruct kthread (without CONFIG_BLK_CGROUP) is also 144 bytes. With\nCONFIG_SLAB_MERGE_DEFAULT and SLAB_HWCACHE_ALIGN both round up to\n192 bytes and share the same slab cache. struct pid.rcu.func and\nstruct kthread.affinity_node both sit at offset 0x78.\n\nWhen a kthread exits via make_task_dead() it bypasses kthread_exit() and\nmisses the affinity_node cleanup. free_kthread_struct() frees the memory\nwhile the node is still linked into the global kthread_affinity_list. A\nsubsequent list_del() by another kthread writes through dangling list\npointers into the freed and reused memory, corrupting the pid's\nrcu.func pointer.\n\nInstead of patching free_kthread_struct() to handle the missed cleanup,\nconsolidate all kthread exit paths. Turn kthread_exit() into a macro\nthat calls do_exit() and add kthread_do_exit() which is called from\ndo_exit() for any task with PF_KTHREAD set. This guarantees that\nkthread-specific cleanup always happens regardless of the exit path -\nmake_task_dead(), direct do_exit(), or kthread_exit().\n\nReplace __to_kthread() with a new tsk_is_kthread() accessor in the\npublic header. Export do_exit() since module code using the\nkthread_exit() macro now needs it directly."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.14","versionEndExcluding":"6.18.19","matchCriteriaId":"7484E98E-61F0-4DCE-9DBF-83D2F75F99EB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/28aaa9c39945b7925a1cc1d513c8f21ed38f5e4f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4729c7b00a347fd37d0cbc265b85f2884c3e06b6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5a591d7a5e48d30100943940a30a6ab41b15c672","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43403","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:51.783","lastModified":"2026-05-21T19:23:20.050","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnsfs: tighten permission checks for ns iteration ioctls\n\nEven privileged services should not necessarily be able to see other\nprivileged service's namespaces so they can't leak information to each\nother. Use may_see_all_namespaces() helper that centralizes this policy\nuntil the nstree adapts."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":6.0}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12","versionEndExcluding":"6.12.78","matchCriteriaId":"CF16B1DB-0D79-4F76-8B3C-57C79AB99F70"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.20","matchCriteriaId":"E5571059-6552-48E7-9BEF-3E358C387171"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0ad650e60150eda789deca5e78a6a09d26bf8fc9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2f3dea284c761c890d676f77d5e55c0c496b4ef4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3376b345df155ca36d8611857b41ff7d5183fc38","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e6b899f08066e744f89df16ceb782e06868bd148","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43404","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:51.887","lastModified":"2026-05-21T19:21:22.460","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm: Fix a hmm_range_fault() livelock / starvation problem\n\nIf hmm_range_fault() fails a folio_trylock() in do_swap_page,\ntrying to acquire the lock of a device-private folio for migration,\nto ram, the function will spin until it succeeds grabbing the lock.\n\nHowever, if the process holding the lock is depending on a work\nitem to be completed, which is scheduled on the same CPU as the\nspinning hmm_range_fault(), that work item might be starved and\nwe end up in a livelock / starvation situation which is never\nresolved.\n\nThis can happen, for example if the process holding the\ndevice-private folio lock is stuck in\n   migrate_device_unmap()->lru_add_drain_all()\nsinc lru_add_drain_all() requires a short work-item\nto be run on all online cpus to complete.\n\nA prerequisite for this to happen is:\na) Both zone device and system memory folios are considered in\n   migrate_device_unmap(), so that there is a reason to call\n   lru_add_drain_all() for a system memory folio while a\n   folio lock is held on a zone device folio.\nb) The zone device folio has an initial mapcount > 1 which causes\n   at least one migration PTE entry insertion to be deferred to\n   try_to_migrate(), which can happen after the call to\n   lru_add_drain_all().\nc) No or voluntary only preemption.\n\nThis all seems pretty unlikely to happen, but indeed is hit by\nthe \"xe_exec_system_allocator\" igt test.\n\nResolve this by waiting for the folio to be unlocked if the\nfolio_trylock() fails in do_swap_page().\n\nRename migration_entry_wait_on_locked() to\nsoftleaf_entry_wait_unlock() and update its documentation to\nindicate the new use-case.\n\nFuture code improvements might consider moving\nthe lru_add_drain_all() call in migrate_device_unmap() to be\ncalled *after* all pages have migration entries inserted.\nThat would eliminate also b) above.\n\nv2:\n- Instead of a cond_resched() in hmm_range_fault(),\n  eliminate the problem by waiting for the folio to be unlocked\n  in do_swap_page() (Alistair Popple, Andrew Morton)\nv3:\n- Add a stub migration_entry_wait_on_locked() for the\n  !CONFIG_MIGRATION case. (Kernel Test Robot)\nv4:\n- Rename migrate_entry_wait_on_locked() to\n  softleaf_entry_wait_on_locked() and update docs (Alistair Popple)\nv5:\n- Add a WARN_ON_ONCE() for the !CONFIG_MIGRATION\n  version of softleaf_entry_wait_on_locked().\n- Modify wording around function names in the commit message\n  (Andrew Morton)\n\n(cherry picked from commit a69d1ab971a624c6f112cea61536569d579c3215)"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-667"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.15","versionEndExcluding":"6.18.19","matchCriteriaId":"D6461E17-9936-4679-8F97-568871A6FBE4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/7e6e2fc91d4b9b12ec6e137019532568ebcf2680","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/94b6d0ba4b640ba23bb6c708a59316e74e5ede63","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b570f37a2ce480be26c665345c5514686a8a0274","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43405","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:52.013","lastModified":"2026-05-21T19:16:09.970","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: Use u32 for non-negative values in ceph_monmap_decode()\n\nThis patch fixes unnecessary implicit conversions that change signedness\nof blob_len and num_mon in ceph_monmap_decode().\nCurrently blob_len and num_mon are (signed) int variables. They are used\nto hold values that are always non-negative and get assigned in\nceph_decode_32_safe(), which is meant to assign u32 values. Both\nvariables are subsequently used as unsigned values, and the value of\nnum_mon is further assigned to monmap->num_mon, which is of type u32.\nTherefore, both variables should be of type u32. This is especially\nrelevant for num_mon. If the value read from the incoming message is\nvery large, it is interpreted as a negative value, and the check for\nnum_mon > CEPH_MAX_MON does not catch it. This leads to the attempt to\nallocate a very large chunk of memory for monmap, which will most likely\nfail. In this case, an unnecessary attempt to allocate memory is\nperformed, and -ENOMEM is returned instead of -EINVAL."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-908"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.167","matchCriteriaId":"2EDC6BAF-B710-4E26-B6AA-D68922EE7B43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/08bc6173fd611ad5a40f472bf5f15b92aea0fe40","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5f2806684b05bd24d05c091083b8e2517ba8ffac","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/770444611f047dbfd4517ec0bc1b179d40c2f346","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/86f7060cd638d6eb042e8ed780fb83a59ca0dcb3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b268984ae88cb0dcd7a8e8263962c748448e26e8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ba0a4df8c563536857dcbf7b4dbd0f2a15f57ace","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ee5588e2bc41acb73f6676c0520420c107cd0140","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43406","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:52.137","lastModified":"2026-05-21T19:09:31.857","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: prevent potential out-of-bounds reads in process_message_header()\n\nIf the message frame is (maliciously) corrupted in a way that the\nlength of the control segment ends up being less than the size of the\nmessage header or a different frame is made to look like a message\nframe, out-of-bounds reads may ensue in process_message_header().\n\nPerform an explicit bounds check before decoding the message header."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.167","matchCriteriaId":"2EDC6BAF-B710-4E26-B6AA-D68922EE7B43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/035867ae6f18df0aeedb2a57a5b74091bd4e3fe8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/50156622eb0888e62541d715a98584480a1bc7cb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/69fb5d91bba44ecf7eb80530b85fa4fb028921d5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/69fe5af33fa3806f398d21c081d73c66e5523bc2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/75582aaa580c11aed4c7731cad6b068b700e7efb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/76ccf21a12c5f6d6790bc32c7da82446d877b2f4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/dbd857a9e1e33ea71eaf3e211877027e533770d1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43407","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:52.250","lastModified":"2026-05-21T19:08:17.987","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: Fix potential out-of-bounds access in ceph_handle_auth_reply()\n\nThis patch fixes an out-of-bounds access in ceph_handle_auth_reply()\nthat can be triggered by a message of type CEPH_MSG_AUTH_REPLY. In\nceph_handle_auth_reply(), the value of the payload_len field of such a\nmessage is stored in a variable of type int. A value greater than\nINT_MAX leads to an integer overflow and is interpreted as a negative\nvalue. This leads to decrementing the pointer address by this value and\nsubsequently accessing it because ceph_decode_need() only checks that\nthe memory access does not exceed the end address of the allocation.\n\nThis patch fixes the issue by changing the data type of payload_len to\nu32. Additionally, the data type of result_msg_len is changed to u32,\nas it is also a variable holding a non-negative length.\n\nAlso, an additional layer of sanity checks is introduced, ensuring that\ndirectly after reading it from the message, payload_len and\nresult_msg_len are not greater than the overall segment length.\n\nBUG: KASAN: slab-out-of-bounds in ceph_handle_auth_reply+0x642/0x7a0 [libceph]\nRead of size 4 at addr ffff88811404df14 by task kworker/20:1/262\n\nCPU: 20 UID: 0 PID: 262 Comm: kworker/20:1 Not tainted 6.19.2 #5 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nWorkqueue: ceph-msgr ceph_con_workfn [libceph]\nCall Trace:\n <TASK>\n dump_stack_lvl+0x76/0xa0\n print_report+0xd1/0x620\n ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n ? kasan_complete_mode_report_info+0x72/0x210\n kasan_report+0xe7/0x130\n ? ceph_handle_auth_reply+0x642/0x7a0 [libceph]\n ? ceph_handle_auth_reply+0x642/0x7a0 [libceph]\n __asan_report_load_n_noabort+0xf/0x20\n ceph_handle_auth_reply+0x642/0x7a0 [libceph]\n mon_dispatch+0x973/0x23d0 [libceph]\n ? apparmor_socket_recvmsg+0x6b/0xa0\n ? __pfx_mon_dispatch+0x10/0x10 [libceph]\n ? __kasan_check_write+0x14/0x30i\n ? mutex_unlock+0x7f/0xd0\n ? __pfx_mutex_unlock+0x10/0x10\n ? __pfx_do_recvmsg+0x10/0x10 [libceph]\n ceph_con_process_message+0x1f1/0x650 [libceph]\n process_message+0x1e/0x450 [libceph]\n ceph_con_v2_try_read+0x2e48/0x6c80 [libceph]\n ? __pfx_ceph_con_v2_try_read+0x10/0x10 [libceph]\n ? save_fpregs_to_fpstate+0xb0/0x230\n ? raw_spin_rq_unlock+0x17/0xa0\n ? finish_task_switch.isra.0+0x13b/0x760\n ? __switch_to+0x385/0xda0\n ? __kasan_check_write+0x14/0x30\n ? mutex_lock+0x8d/0xe0\n ? __pfx_mutex_lock+0x10/0x10\n ceph_con_workfn+0x248/0x10c0 [libceph]\n process_one_work+0x629/0xf80\n ? __kasan_check_write+0x14/0x30\n worker_thread+0x87f/0x1570\n ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n ? __pfx_try_to_wake_up+0x10/0x10\n ? kasan_print_address_stack_frame+0x1f7/0x280\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x396/0x830\n ? __pfx__raw_spin_lock_irq+0x10/0x10\n ? __pfx_kthread+0x10/0x10\n ? __kasan_check_write+0x14/0x30\n ? recalc_sigpending+0x180/0x210\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x3f7/0x610\n ? __pfx_ret_from_fork+0x10/0x10\n ? __switch_to+0x385/0xda0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n </TASK>\n\n[ idryomov: replace if statements with ceph_decode_need() for\n  payload_len and result_msg_len ]"}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.34.1","versionEndExcluding":"5.10.253","matchCriteriaId":"F8124DB0-E974-47F7-A4CE-1F4CEA46F14B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.167","matchCriteriaId":"2EDC6BAF-B710-4E26-B6AA-D68922EE7B43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.34:-:*:*:*:*:*:*","matchCriteriaId":"A3B1BC1D-ED46-4364-A1D9-1FA74182B03A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.34:rc2:*:*:*:*:*:*","matchCriteriaId":"86D3F64C-3F27-43E0-B0D4-62CE1E1F4EFB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.34:rc3:*:*:*:*:*:*","matchCriteriaId":"7927713B-5EB0-41EB-86A9-9935775162E0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.34:rc4:*:*:*:*:*:*","matchCriteriaId":"59037296-3143-4FBB-AFF7-D4FE2C85502F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.34:rc5:*:*:*:*:*:*","matchCriteriaId":"9CA27FD5-7DBF-4C85-80A9-D523B2E4B033"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.34:rc6:*:*:*:*:*:*","matchCriteriaId":"9711E333-A8E7-4F4B-BCFD-2023E889651A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.34:rc7:*:*:*:*:*:*","matchCriteriaId":"E04D3358-973B-42A1-8E08-2E3AE947193C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/6cee34d6669fe176b4259131adb1a145c939b472","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8bb87547e92dcf0928ed763c60e0ac8d733c3656","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9f9e2297f45fc2d2524eb104c289d69ddef95665","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b282c43ed156ae15ea76748fc15cd5c39dc9ab72","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ea080b21092590122c3f971cf588932cdbf47847","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ed024d2f4c79c0eb2464df0fb640610ac301f9a0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/edc678e5cd11730a2834b43071d8923f05bc334d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f9da5c1bbac5c8e33259fe00ed7347438fffa969","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43408","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:52.397","lastModified":"2026-05-21T19:06:34.130","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nceph: add a bunch of missing ceph_path_info initializers\n\nceph_mdsc_build_path() must be called with a zero-initialized\nceph_path_info parameter, or else the following\nceph_mdsc_free_path_info() may crash.\n\nExample crash (on Linux 6.18.12):\n\n  virt_to_cache: Object is not a Slab page!\n  WARNING: CPU: 184 PID: 2871736 at mm/slub.c:6732 kmem_cache_free+0x316/0x400\n  [...]\n  Call Trace:\n   [...]\n   ceph_open+0x13d/0x3e0\n   do_dentry_open+0x134/0x480\n   vfs_open+0x2a/0xe0\n   path_openat+0x9a3/0x1160\n  [...]\n  cache_from_obj: Wrong slab cache. names_cache but object is from ceph_inode_info\n  WARNING: CPU: 184 PID: 2871736 at mm/slub.c:6746 kmem_cache_free+0x2dd/0x400\n  [...]\n  kernel BUG at mm/slub.c:634!\n  Oops: invalid opcode: 0000 [#1] SMP NOPTI\n  RIP: 0010:__slab_free+0x1a4/0x350\n\nSome of the ceph_mdsc_build_path() callers had initializers, but\nothers had not, even though they were all added by commit 15f519e9f883\n(\"ceph: fix race condition validating r_parent before applying state\").\nThe ones without initializer are suspectible to random crashes.  (I can\nimagine it could even be possible to exploit this bug to elevate\nprivileges.)\n\nUnfortunately, these Ceph functions are undocumented and its semantics\ncan only be derived from the code.  I see that ceph_mdsc_build_path()\ninitializes the structure only on success, but not on error.\n\nCalling ceph_mdsc_free_path_info() after a failed\nceph_mdsc_build_path() call does not even make sense, but that's what\nall callers do, and for it to be safe, the structure must be\nzero-initialized.  The least intrusive approach to fix this is\ntherefore to add initializers everywhere."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12.48","versionEndExcluding":"6.12.78","matchCriteriaId":"6EC06A5F-045A-48FD-8863-E8AB8E92B0BE"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.16.8","versionEndExcluding":"6.17","matchCriteriaId":"8C0D11FE-A1CB-4D09-B221-8281514EB44E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.17.1","versionEndExcluding":"6.18.19","matchCriteriaId":"2B44FFCD-31AB-4CB4-8733-63F887DA5E89"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.17:-:*:*:*:*:*:*","matchCriteriaId":"7CC8B11D-82DC-4958-8DC7-BF5CC829A5E9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.17:rc6:*:*:*:*:*:*","matchCriteriaId":"5A4516A6-C12E-42A4-8C0E-68AEF3264504"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.17:rc7:*:*:*:*:*:*","matchCriteriaId":"3963C3A0-CEA1-4F5C-8011-3A593ABB684D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/43323a5934b660afae687e8e4e95ac328615a5c4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/453df1f4535842bf17ff1885a225e153d7ee3374","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/644b47f0574fd82aeb9d00317eca8d1f2a525c8c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8be8911f590813e6f90bc6407ced1b23e50bc5da","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43409","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:52.513","lastModified":"2026-05-21T19:03:05.780","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nkprobes: avoid crash when rmmod/insmod after ftrace killed\n\nAfter we hit ftrace is killed by some errors, the kernel crash if\nwe remove modules in which kprobe probes.\n\nBUG: unable to handle page fault for address: fffffbfff805000d\nPGD 817fcc067 P4D 817fcc067 PUD 817fc8067 PMD 101555067 PTE 0\nOops: Oops: 0000 [#1] SMP KASAN PTI\nCPU: 4 UID: 0 PID: 2012 Comm: rmmod Tainted: G        W  OE\nTainted: [W]=WARN, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\nRIP: 0010:kprobes_module_callback+0x89/0x790\nRSP: 0018:ffff88812e157d30 EFLAGS: 00010a02\nRAX: 1ffffffff805000d RBX: dffffc0000000000 RCX: ffffffff86a8de90\nRDX: ffffed1025c2af9b RSI: 0000000000000008 RDI: ffffffffc0280068\nRBP: 0000000000000000 R08: 0000000000000001 R09: ffffed1025c2af9a\nR10: ffff88812e157cd7 R11: 205d323130325420 R12: 0000000000000002\nR13: ffffffffc0290488 R14: 0000000000000002 R15: ffffffffc0280040\nFS:  00007fbc450dd740(0000) GS:ffff888420331000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: fffffbfff805000d CR3: 000000010f624000 CR4: 00000000000006f0\nCall Trace:\n <TASK>\n notifier_call_chain+0xc6/0x280\n blocking_notifier_call_chain+0x60/0x90\n __do_sys_delete_module.constprop.0+0x32a/0x4e0\n do_syscall_64+0x5d/0xfa0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThis is because the kprobe on ftrace does not correctly handles\nthe kprobe_ftrace_disabled flag set by ftrace_kill().\n\nTo prevent this error, check kprobe_ftrace_disabled in\n__disarm_kprobe_ftrace() and skip all ftrace related operations."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7","versionEndExcluding":"6.6.130","matchCriteriaId":"C5F51C67-AAE9-4581-82CD-44F5AF217183"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/8b6767e4141b2a42745b544d4555cf1614ba1a2d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9edc79d664832a842012ad105b1521c1a3c35ab3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b0ca81616a010807e91fc31db9be242b96326adc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cae928e3178c75602c21d67e21255d73e7e9ed4f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e113f0b46d19626ec15388bcb91432c9a4fd6261","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43410","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:52.633","lastModified":"2026-05-21T18:14:24.140","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: stratix10-rsu: Fix NULL pointer dereference when RSU is disabled\n\nWhen the Remote System Update (RSU) isn't enabled in the First Stage\nBoot Loader (FSBL), the driver encounters a NULL pointer dereference when\nexcute svc_normal_to_secure_thread() thread, resulting in a kernel panic:\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000008\nMem abort info:\n...\nData abort info:\n...\n[0000000000000008] user address but active_mm is swapper\nInternal error: Oops: 0000000096000004 [#1]  SMP\nModules linked in:\nCPU: 0 UID: 0 PID: 79 Comm: svc_smc_hvc_thr Not tainted 6.19.0-rc8-yocto-standard+ #59 PREEMPT\nHardware name: SoCFPGA Stratix 10 SoCDK (DT)\npstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : svc_normal_to_secure_thread+0x38c/0x990\nlr : svc_normal_to_secure_thread+0x144/0x990\n...\nCall trace:\n svc_normal_to_secure_thread+0x38c/0x990 (P)\n kthread+0x150/0x210\n ret_from_fork+0x10/0x20\nCode: 97cfc113 f9400260 aa1403e1 f9400400 (f9400402)\n---[ end trace 0000000000000000 ]---\n\nThe issue occurs because rsu_send_async_msg() fails when RSU is not enabled\nin firmware, causing the channel to be freed via stratix10_svc_free_channel().\nHowever, the probe function continues execution and registers\nsvc_normal_to_secure_thread(), which subsequently attempts to access the\nalready-freed channel, triggering the NULL pointer dereference.\n\nFix this by properly cleaning up the async client and returning early on\nfailure, preventing the thread from being used with an invalid channel."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/aa5739e0c51ad01c6e763ca89c1bfb58fc6ea71a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c45f7263100cece247dd3fa5fe277bd97fdb5687","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43411","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:52.880","lastModified":"2026-05-21T18:13:28.707","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix divide-by-zero in tipc_sk_filter_connect()\n\nA user can set conn_timeout to any value via\nsetsockopt(TIPC_CONN_TIMEOUT), including values less than 4.  When a\nSYN is rejected with TIPC_ERR_OVERLOAD and the retry path in\ntipc_sk_filter_connect() executes:\n\n    delay %= (tsk->conn_timeout / 4);\n\nIf conn_timeout is in the range [0, 3], the integer division yields 0,\nand the modulo operation triggers a divide-by-zero exception, causing a\nkernel oops/panic.\n\nFix this by clamping conn_timeout to a minimum of 4 at the point of use\nin tipc_sk_filter_connect().\n\nOops: divide error: 0000 [#1] SMP KASAN NOPTI\nCPU: 0 UID: 0 PID: 119 Comm: poc-F144 Not tainted 7.0.0-rc2+\nRIP: 0010:tipc_sk_filter_rcv (net/tipc/socket.c:2236 net/tipc/socket.c:2362)\nCall Trace:\n tipc_sk_backlog_rcv (include/linux/instrumented.h:82 include/linux/atomic/atomic-instrumented.h:32 include/net/sock.h:2357 net/tipc/socket.c:2406)\n __release_sock (include/net/sock.h:1185 net/core/sock.c:3213)\n release_sock (net/core/sock.c:3797)\n tipc_connect (net/tipc/socket.c:2570)\n __sys_connect (include/linux/file.h:62 include/linux/file.h:83 net/socket.c:2098)"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-369"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"5.10.253","matchCriteriaId":"95D48ED0-67BC-4B98-8122-F911E04187F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.167","matchCriteriaId":"2EDC6BAF-B710-4E26-B6AA-D68922EE7B43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2754e7b3d64748643df867d1ea6fec522914b635","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/338c5edeb6ae3f12a4b84dff9d71f6f7f8c202c3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3bc9998041076ee05d3f312a22cee6b2ca35527f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/579956f9f297eb1b6a5d24de313f3acccee1f9d5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/600feb0a66a98c6b7f6f02b5f3612e75f9b8540f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6c5a9baa15de240e747263aba435a0951da8d8d2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a360d3815aae1f00dd71b7714a846482e85cc1f7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c2ebfbe63deb7bfd4dc2532bae62a7ed67713272","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43412","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:53.043","lastModified":"2026-05-21T18:12:04.860","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop and start\n\nDuring ADSP stop and start, the kernel crashes due to the order in which\nASoC components are removed.\n\nOn ADSP stop, the q6apm-audio .remove callback unloads topology and removes\nPCM runtimes during ASoC teardown. This deletes the RTDs that contain the\nq6apm DAI components before their removal pass runs, leaving those\ncomponents still linked to the card and causing crashes on the next rebind.\n\nFix this by ensuring that all dependent (child) components are removed\nfirst, and the q6apm component is removed last.\n\n[   48.105720] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0\n[   48.114763] Mem abort info:\n[   48.117650]   ESR = 0x0000000096000004\n[   48.121526]   EC = 0x25: DABT (current EL), IL = 32 bits\n[   48.127010]   SET = 0, FnV = 0\n[   48.130172]   EA = 0, S1PTW = 0\n[   48.133415]   FSC = 0x04: level 0 translation fault\n[   48.138446] Data abort info:\n[   48.141422]   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[   48.147079]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[   48.152354]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[   48.157859] user pgtable: 4k pages, 48-bit VAs, pgdp=00000001173cf000\n[   48.164517] [00000000000000d0] pgd=0000000000000000, p4d=0000000000000000\n[   48.171530] Internal error: Oops: 0000000096000004 [#1]  SMP\n[   48.177348] Modules linked in: q6prm_clocks q6apm_lpass_dais q6apm_dai snd_q6dsp_common q6prm snd_q6apm 8021q garp mrp stp llc snd_soc_hdmi_codec apr pdr_interface phy_qcom_edp fastrpc qcom_pd_mapper rpmsg_ctrl qrtr_smd rpmsg_char qcom_pdr_msg qcom_iris v4l2_mem2mem videobuf2_dma_contig ath11k_pci msm ubwc_config at24 ath11k videobuf2_memops mac80211 ocmem videobuf2_v4l2 libarc4 drm_gpuvm mhi qrtr videodev drm_exec snd_soc_sc8280xp gpu_sched videobuf2_common nvmem_qcom_spmi_sdam snd_soc_qcom_sdw drm_dp_aux_bus qcom_q6v5_pas qcom_spmi_temp_alarm snd_soc_qcom_common rtc_pm8xxx qcom_pon drm_display_helper cec qcom_pil_info qcom_stats soundwire_bus drm_client_lib mc dispcc0_sa8775p videocc_sa8775p qcom_q6v5 camcc_sa8775p snd_soc_dmic phy_qcom_sgmii_eth snd_soc_max98357a i2c_qcom_geni snd_soc_core dwmac_qcom_ethqos llcc_qcom icc_bwmon qcom_sysmon snd_compress qcom_refgen_regulator coresight_stm stmmac_platform snd_pcm_dmaengine qcom_common coresight_tmc stmmac coresight_replicator qcom_glink_smem coresight_cti stm_core\n[   48.177444]  coresight_funnel snd_pcm ufs_qcom phy_qcom_qmp_usb gpi phy_qcom_snps_femto_v2 coresight phy_qcom_qmp_ufs qcom_wdt gpucc_sa8775p pcs_xpcs mdt_loader qcom_ice icc_osm_l3 qmi_helpers snd_timer snd soundcore display_connector qcom_rng nvmem_reboot_mode drm_kms_helper phy_qcom_qmp_pcie sha256 cfg80211 rfkill socinfo fuse drm backlight ipv6\n[   48.301059] CPU: 2 UID: 0 PID: 293 Comm: kworker/u32:2 Not tainted 6.19.0-rc6-dirty #10 PREEMPT\n[   48.310081] Hardware name: Qualcomm Technologies, Inc. Lemans EVK (DT)\n[   48.316782] Workqueue: pdr_notifier_wq pdr_notifier_work [pdr_interface]\n[   48.323672] pstate: 20400005 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[   48.330825] pc : mutex_lock+0xc/0x54\n[   48.334514] lr : soc_dapm_shutdown_dapm+0x44/0x174 [snd_soc_core]\n[   48.340794] sp : ffff800084ddb7b0\n[   48.344207] x29: ffff800084ddb7b0 x28: ffff00009cd9cf30 x27: ffff00009cd9cc00\n[   48.351544] x26: ffff000099610190 x25: ffffa31d2f19c810 x24: ffffa31d2f185098\n[   48.358869] x23: ffff800084ddb7f8 x22: 0000000000000000 x21: 00000000000000d0\n[   48.366198] x20: ffff00009ba6c338 x19: ffff00009ba6c338 x18: 00000000ffffffff\n[   48.373528] x17: 000000040044ffff x16: ffffa31d4ae6dca8 x15: 072007740775076f\n[   48.380853] x14: 0765076d07690774 x13: 00313a323a656369 x12: 767265733a637673\n[   48.388182] x11: 00000000000003f9 x10: ffffa31d4c7dea98 x9 : 0000000000000001\n[   48.395519] x8 : ffff00009a2aadc0 x7 : 0000000000000003 x6 : 0000000000000000\n[   48.402854] x5 : 0000000000000\n---truncated---"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.167","matchCriteriaId":"2EDC6BAF-B710-4E26-B6AA-D68922EE7B43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0da170b9e600da6930cfb8352e4cc036db3b6159","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/22b05abb17e3c6ef45035141fe3d26f815ff9d30","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/897f32cab7945f4662a50b3841ba31c6c3204876","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/94bda21adb2a51f69366b847b4d80dfe50bd9fb9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a8e9cab16771b15160465783507496dc83742d8e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d6db827b430bdcca3976cebca7bd69cca03cde2c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43413","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:53.193","lastModified":"2026-05-21T18:10:24.107","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: hisi_sas: Fix NULL pointer exception during user_scan()\n\nuser_scan() invokes updated sas_user_scan() for channel 0, and if\nsuccessful, iteratively scans remaining channels (1 to shost->max_channel)\nvia scsi_scan_host_selected() in commit 37c4e72b0651 (\"scsi: Fix\nsas_user_scan() to handle wildcard and multi-channel scans\"). However,\nhisi_sas supports only one channel, and the current value of max_channel is\n1. sas_user_scan() for channel 1 will trigger the following NULL pointer\nexception:\n\n[  441.554662] Unable to handle kernel NULL pointer dereference at virtual address 00000000000008b0\n[  441.554699] Mem abort info:\n[  441.554710]   ESR = 0x0000000096000004\n[  441.554718]   EC = 0x25: DABT (current EL), IL = 32 bits\n[  441.554723]   SET = 0, FnV = 0\n[  441.554726]   EA = 0, S1PTW = 0\n[  441.554730]   FSC = 0x04: level 0 translation fault\n[  441.554735] Data abort info:\n[  441.554737]   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[  441.554742]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[  441.554747]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[  441.554752] user pgtable: 4k pages, 48-bit VAs, pgdp=00000828377a6000\n[  441.554757] [00000000000008b0] pgd=0000000000000000, p4d=0000000000000000\n[  441.554769] Internal error: Oops: 0000000096000004 [#1]  SMP\n[  441.629589] Modules linked in: arm_spe_pmu arm_smmuv3_pmu tpm_tis_spi hisi_uncore_sllc_pmu hisi_uncore_pa_pmu hisi_uncore_l3c_pmu hisi_uncore_hha_pmu hisi_uncore_ddrc_pmu hisi_uncore_cpa_pmu hns3_pmu hisi_ptt hisi_pcie_pmu tpm_tis_core spidev spi_hisi_sfc_v3xx hisi_uncore_pmu spi_dw_mmio fuse hclge hclge_common hisi_sec2 hisi_hpre hisi_zip hisi_qm hns3 hisi_sas_v3_hw sm3_ce sbsa_gwdt hnae3 hisi_sas_main uacce hisi_dma i2c_hisi dm_mirror dm_region_hash dm_log dm_mod\n[  441.670819] CPU: 46 UID: 0 PID: 6994 Comm: bash Kdump: loaded Not tainted 7.0.0-rc2+ #84 PREEMPT\n[  441.691327] pstate: 81400009 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n[  441.698277] pc : sas_find_dev_by_rphy+0x44/0x118\n[  441.702896] lr : sas_find_dev_by_rphy+0x3c/0x118\n[  441.707502] sp : ffff80009abbba40\n[  441.710805] x29: ffff80009abbba40 x28: ffff082819a40008 x27: ffff082810c37c08\n[  441.717930] x26: ffff082810c37c28 x25: ffff082819a40290 x24: ffff082810c37c00\n[  441.725054] x23: 0000000000000000 x22: 0000000000000001 x21: ffff082819a40000\n[  441.732179] x20: ffff082819a40290 x19: 0000000000000000 x18: 0000000000000020\n[  441.739304] x17: 0000000000000000 x16: ffffb5dad6bda690 x15: 00000000ffffffff\n[  441.746428] x14: ffff082814c3b26c x13: 00000000ffffffff x12: ffff082814c3b26a\n[  441.753553] x11: 00000000000000c0 x10: 000000000000003a x9 : ffffb5dad5ea94f4\n[  441.760678] x8 : 000000000000003a x7 : ffff80009abbbab0 x6 : 0000000000000030\n[  441.767802] x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000\n[  441.774926] x2 : ffff08280f35a300 x1 : ffffb5dad7127180 x0 : 0000000000000000\n[  441.782053] Call trace:\n[  441.784488]  sas_find_dev_by_rphy+0x44/0x118 (P)\n[  441.789095]  sas_target_alloc+0x24/0xb0\n[  441.792920]  scsi_alloc_target+0x290/0x330\n[  441.797010]  __scsi_scan_target+0x88/0x258\n[  441.801096]  scsi_scan_channel+0x74/0xb8\n[  441.805008]  scsi_scan_host_selected+0x170/0x188\n[  441.809615]  sas_user_scan+0xfc/0x148\n[  441.813267]  store_scan+0x10c/0x180\n[  441.816743]  dev_attr_store+0x20/0x40\n[  441.820398]  sysfs_kf_write+0x84/0xa8\n[  441.824054]  kernfs_fop_write_iter+0x130/0x1c8\n[  441.828487]  vfs_write+0x2c0/0x370\n[  441.831880]  ksys_write+0x74/0x118\n[  441.835271]  __arm64_sys_write+0x24/0x38\n[  441.839182]  invoke_syscall+0x50/0x120\n[  441.842919]  el0_svc_common.constprop.0+0xc8/0xf0\n[  441.847611]  do_el0_svc+0x24/0x38\n[  441.850913]  el0_svc+0x38/0x158\n[  441.854043]  el0t_64_sync_handler+0xa0/0xe8\n[  441.858214]  el0t_64_sync+0x1ac/0x1b0\n[  441.861865] Code: aa1303e0 97ff70a8 34ffff80 d10a4273 (f9445a75)\n[  441.867946] ---[ end trace 0000000000000000 ]---\n\nTherefore\n---truncated---"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"6.6.130","matchCriteriaId":"E509E962-6409-4077-ADC5-35FA47545959"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/21a13db8d449b9c7eda4471da7f12417602dbbc7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/40119a21d9769bf8fdab5c93c6c878296e628abf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/70c78429ef383e35f9c58848994aeeac8083ae35","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8ddc0c26916574395447ebf4cff684314f6873a9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/beadac156610a4f3bb15cb7bb4b07b6ac06f6567","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43415","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:53.477","lastModified":"2026-05-21T18:08:58.593","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Fix SError in ufshcd_rtc_work() during UFS suspend\n\nIn __ufshcd_wl_suspend(), cancel_delayed_work_sync() is called to cancel\nthe UFS RTC work, but it is placed after ufshcd_vops_suspend(hba, pm_op,\nPOST_CHANGE). This creates a race condition where ufshcd_rtc_work() can\nstill be running while ufshcd_vops_suspend() is executing. When\nUFSHCD_CAP_CLK_GATING is not supported, the condition\n!hba->clk_gating.active_reqs is always true, causing ufshcd_update_rtc()\nto be executed. Since ufshcd_vops_suspend() typically performs clock\ngating operations, executing ufshcd_update_rtc() at that moment triggers\nan SError. The kernel panic trace is as follows:\n\nKernel panic - not syncing: Asynchronous SError Interrupt\nCall trace:\n dump_backtrace+0xec/0x128\n show_stack+0x18/0x28\n dump_stack_lvl+0x40/0xa0\n dump_stack+0x18/0x24\n panic+0x148/0x374\n nmi_panic+0x3c/0x8c\n arm64_serror_panic+0x64/0x8c\n do_serror+0xc4/0xc8\n el1h_64_error_handler+0x34/0x4c\n el1h_64_error+0x68/0x6c\n el1_interrupt+0x20/0x58\n el1h_64_irq_handler+0x18/0x24\n el1h_64_irq+0x68/0x6c\n ktime_get+0xc4/0x12c\n ufshcd_mcq_sq_stop+0x4c/0xec\n ufshcd_mcq_sq_cleanup+0x64/0x1dc\n ufshcd_clear_cmd+0x38/0x134\n ufshcd_issue_dev_cmd+0x298/0x4d0\n ufshcd_exec_dev_cmd+0x1a4/0x1c4\n ufshcd_query_attr+0xbc/0x19c\n ufshcd_rtc_work+0x10c/0x1c8\n process_scheduled_works+0x1c4/0x45c\n worker_thread+0x32c/0x3e8\n kthread+0x120/0x1d8\n ret_from_fork+0x10/0x20\n\nFix this by moving cancel_delayed_work_sync() before the call to\nufshcd_vops_suspend(hba, pm_op, PRE_CHANGE), ensuring the UFS RTC work is\nfully completed or cancelled at that point."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-362"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.81","versionEndExcluding":"6.6.130","matchCriteriaId":"74A28D39-502E-4EF7-8DB1-4FB879892C9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.8","versionEndExcluding":"6.12.78","matchCriteriaId":"70EDBB86-A33A-44D8-BF14-B806E56D3529"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2fcc2fc21cae7a0cbe73053f7fc70680ce2a7f69","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a6a894413b043704b77a6294c379c93b1477e48d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b0bd84c39289ef6a6c3827dd52c875659291970a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b17211b512cbf0e07de27e1932428ee6c20df910","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c387a8f1d3713f6b0415ece8485042d0f134b91a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43436","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:55.930","lastModified":"2026-05-21T17:43:14.380","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Check endpoint numbers at parsing Scarlett2 mixer interfaces\n\nThe Scarlett2 mixer quirk in USB-audio driver may hit a NULL\ndereference when a malformed USB descriptor is passed, since it\nassumes the presence of an endpoint in the parsed interface in\nscarlett2_find_fc_interface(), as reported by fuzzer.\n\nFor avoiding the NULL dereference, just add the sanity check of\nbNumEndpoints and skip the invalid interface."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.14","versionEndExcluding":"6.1.167","matchCriteriaId":"F1B70725-A100-4D42-ACBF-5F4D2909497E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3d4f23885e4b90347c9a1d779af6e79a99b5172a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3d542cf3c4c854cdf5d58049771f68926b9eb2b9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b014cc945baba75816cda0cf8934be87c9ed4947","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b267255c15d2a5b90c4e926146aa155e5161e264","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c5c5a6c53cf3b658f1d4512dfa61f3cd25bc34ba","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/df1d8abf36ca3681c21a6809eaa9a1e01ef897a6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43437","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:56.037","lastModified":"2026-05-21T17:41:41.273","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain()\n\nIn the drain loop, the local variable 'runtime' is reassigned to a\nlinked stream's runtime (runtime = s->runtime at line 2157).  After\nreleasing the stream lock at line 2169, the code accesses\nruntime->no_period_wakeup, runtime->rate, and runtime->buffer_size\n(lines 2170-2178) — all referencing the linked stream's runtime without\nany lock or refcount protecting its lifetime.\n\nA concurrent close() on the linked stream's fd triggers\nsnd_pcm_release_substream() → snd_pcm_drop() → pcm_release_private()\n→ snd_pcm_unlink() → snd_pcm_detach_substream() → kfree(runtime).\nNo synchronization prevents kfree(runtime) from completing while the\ndrain path dereferences the stale pointer.\n\nFix by caching the needed runtime fields (no_period_wakeup, rate,\nbuffer_size) into local variables while still holding the stream lock,\nand using the cached values after the lock is released."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0","versionEndExcluding":"5.10.253","matchCriteriaId":"4EA1E395-3D36-46C1-A53B-5DC1BFA1D52E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"6.1.167","matchCriteriaId":"56D62904-7C85-4BED-9EC0-3982B880F72D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/4a758e9a1f5ed722f83c4dd35f867fe811553bcb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/629cf09464cf98670996ea5c191dc9743e6f3f00","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9b1dbd69ba6f8f8c69bc7b77c2ce3b9c6ed05ba6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9baee36e8c5443411c4629afabafaff8a46a23fd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ae8f8d30d334bad5b1b3cdb1eb8a0b771f55e432","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c2f64e05a0587a83ec42dbd6b7a7ded79b2ff694","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fc71f888994569f87d5bee20b1ac6c9c1e3a7a79","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43438","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:56.160","lastModified":"2026-05-21T17:28:08.977","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nsched_ext: Remove redundant css_put() in scx_cgroup_init()\n\nThe iterator css_for_each_descendant_pre() walks the cgroup hierarchy\nunder cgroup_lock(). It does not increment the reference counts on\nyielded css structs.\n\nAccording to the cgroup documentation, css_put() should only be used\nto release a reference obtained via css_get() or css_tryget_online().\nSince the iterator does not use either of these to acquire a reference,\ncalling css_put() in the error path of scx_cgroup_init() causes a\nrefcount underflow.\n\nRemove the unbalanced css_put() to prevent a potential Use-After-Free\n(UAF) vulnerability."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12","versionEndExcluding":"6.12.78","matchCriteriaId":"CF16B1DB-0D79-4F76-8B3C-57C79AB99F70"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1336b579f6079fb8520be03624fcd9ba443c930b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6eaaa67d6998f6c30c462b140db8c062e07ec473","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bf50f3285eda8a0173625fcdb5f183f96e1008cd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cc095cd305fddbe25a968e4a78436ff9476cf0f6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43439","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:56.263","lastModified":"2026-05-21T17:26:45.540","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup: fix race between task migration and iteration\n\nWhen a task is migrated out of a css_set, cgroup_migrate_add_task()\nfirst moves it from cset->tasks to cset->mg_tasks via:\n\n    list_move_tail(&task->cg_list, &cset->mg_tasks);\n\nIf a css_task_iter currently has it->task_pos pointing to this task,\ncss_set_move_task() calls css_task_iter_skip() to keep the iterator\nvalid. However, since the task has already been moved to ->mg_tasks,\nthe iterator is advanced relative to the mg_tasks list instead of the\noriginal tasks list. As a result, remaining tasks on cset->tasks, as\nwell as tasks queued on cset->mg_tasks, can be skipped by iteration.\n\nFix this by calling css_set_skip_task_iters() before unlinking\ntask->cg_list from cset->tasks. This advances all active iterators to\nthe next task on cset->tasks, so iteration continues correctly even\nwhen a task is concurrently being migrated.\n\nThis race is hard to hit in practice without instrumentation, but it\ncan be reproduced by artificially slowing down cgroup_procs_show().\nFor example, on an Android device a temporary\n/sys/kernel/cgroup/cgroup_test knob can be added to inject a delay\ninto cgroup_procs_show(), and then:\n\n  1) Spawn three long-running tasks (PIDs 101, 102, 103).\n  2) Create a test cgroup and move the tasks into it.\n  3) Enable a large delay via /sys/kernel/cgroup/cgroup_test.\n  4) In one shell, read cgroup.procs from the test cgroup.\n  5) Within the delay window, in another shell migrate PID 102 by\n     writing it to a different cgroup.procs file.\n\nUnder this setup, cgroup.procs can intermittently show only PID 101\nwhile skipping PID 103. Once the migration completes, reading the\nfile again shows all tasks as expected.\n\nNote that this change does not allow removing the existing\ncss_set_skip_task_iters() call in css_set_move_task(). The new call\nin cgroup_migrate_add_task() only handles iterators that are racing\nwith migration while the task is still on cset->tasks. Iterators may\nalso start after the task has been moved to cset->mg_tasks. If we\ndropped css_set_skip_task_iters() from css_set_move_task(), such\niterators could keep task_pos pointing to a migrating task, causing\ncss_task_iter_advance() to malfunction on the destination css_set,\nup to and including crashes or infinite loops.\n\nThe race window between migration and iteration is very small, and\ncss_task_iter is not on a hot path. In the worst case, when an\niterator is positioned on the first thread of the migrating process,\ncgroup_migrate_add_task() may have to skip multiple tasks via\ncss_set_skip_task_iters(). However, this only happens when migration\nand iteration actually race, so the performance impact is negligible\ncompared to the correctness fix provided here."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-362"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14.138","versionEndExcluding":"4.15","matchCriteriaId":"78CA4E3F-334F-491E-ADB6-3C747B08A8A7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.66","versionEndExcluding":"4.20","matchCriteriaId":"B7E77755-6955-4016-B730-47CF831C8F4F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.2.1","versionEndExcluding":"5.10.253","matchCriteriaId":"65130A9E-8E4F-498E-8BBC-19CCD46BBEDD"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.167","matchCriteriaId":"2EDC6BAF-B710-4E26-B6AA-D68922EE7B43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.2:-:*:*:*:*:*:*","matchCriteriaId":"76B232EC-BD47-422E-A130-E167DCA55D88"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.2:rc5:*:*:*:*:*:*","matchCriteriaId":"07DDFA29-5893-4B0D-BD66-326DC5D4BE4E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.2:rc6:*:*:*:*:*:*","matchCriteriaId":"4C3DC01D-8A16-42EB-8B3D-D170507ABDF2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.2:rc7:*:*:*:*:*:*","matchCriteriaId":"5D0F8E59-A7FA-4BD7-89C3-4C4DCF11D8C5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3b95abab7369235a37b15eaec6e1a0b443bba7c7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3dfd1328c05234e8d8fa61948b2ba82680594988","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4a9654a2b46cfdaae287fb8995f536245635e467","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5ee01f1a7343d6a3547b6802ca2d4cdce0edacb1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7c85debc35e6d131bd29c64f2ae78c6ede0e55c4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/86ceaccfdfa16dad05addb33dc206e03589bcfd1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9cca530c7cc1b3e02cb8fa7f80060dd4b38562ce","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9dc76f6fc0d28d2382583715bc4ec22f28104845","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43440","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:56.420","lastModified":"2026-05-21T17:18:44.793","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mana: Null service_wq on setup error to prevent double destroy\n\nIn mana_gd_setup() error path, set gc->service_wq to NULL after\ndestroy_workqueue() to match the cleanup in mana_gd_cleanup().\nThis prevents a use-after-free if the workqueue pointer is checked\nafter a failed setup."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.18.16","versionEndExcluding":"6.18.19","matchCriteriaId":"0CED11FB-4FAA-4224-93EC-23FC2358D4C7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19.6","versionEndExcluding":"6.19.9","matchCriteriaId":"2CFC1CE8-19E1-4AFC-BF52-43BDD2561EE6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/59489ce60d7412ed82fb1d8002faa3102dcd4916","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6c92392602b451e3869f15ab685f8f650e942b13","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/87c2302813abc55c46485711a678e3c312b00666","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43441","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:56.523","lastModified":"2026-05-21T17:16:14.133","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bonding: Fix nd_tbl NULL dereference when IPv6 is disabled\n\nWhen booting with the 'ipv6.disable=1' parameter, the nd_tbl is never\ninitialized because inet6_init() exits before ndisc_init() is called\nwhich initializes it. If bonding ARP/NS validation is enabled, an IPv6\nNS/NA packet received on a slave can reach bond_validate_na(), which\ncalls bond_has_this_ip6(). That path calls ipv6_chk_addr() and can\ncrash in __ipv6_chk_addr_and_flags().\n\n BUG: kernel NULL pointer dereference, address: 00000000000005d8\n Oops: Oops: 0000 [#1] SMP NOPTI\n RIP: 0010:__ipv6_chk_addr_and_flags+0x69/0x170\n Call Trace:\n  <IRQ>\n  ipv6_chk_addr+0x1f/0x30\n  bond_validate_na+0x12e/0x1d0 [bonding]\n  ? __pfx_bond_handle_frame+0x10/0x10 [bonding]\n  bond_rcv_validate+0x1a0/0x450 [bonding]\n  bond_handle_frame+0x5e/0x290 [bonding]\n  ? srso_alias_return_thunk+0x5/0xfbef5\n  __netif_receive_skb_core.constprop.0+0x3e8/0xe50\n  ? srso_alias_return_thunk+0x5/0xfbef5\n  ? update_cfs_rq_load_avg+0x1a/0x240\n  ? srso_alias_return_thunk+0x5/0xfbef5\n  ? __enqueue_entity+0x5e/0x240\n  __netif_receive_skb_one_core+0x39/0xa0\n  process_backlog+0x9c/0x150\n  __napi_poll+0x30/0x200\n  ? srso_alias_return_thunk+0x5/0xfbef5\n  net_rx_action+0x338/0x3b0\n  handle_softirqs+0xc9/0x2a0\n  do_softirq+0x42/0x60\n  </IRQ>\n  <TASK>\n  __local_bh_enable_ip+0x62/0x70\n  __dev_queue_xmit+0x2d3/0x1000\n  ? srso_alias_return_thunk+0x5/0xfbef5\n  ? srso_alias_return_thunk+0x5/0xfbef5\n  ? packet_parse_headers+0x10a/0x1a0\n  packet_sendmsg+0x10da/0x1700\n  ? kick_pool+0x5f/0x140\n  ? srso_alias_return_thunk+0x5/0xfbef5\n  ? __queue_work+0x12d/0x4f0\n  __sys_sendto+0x1f3/0x220\n  __x64_sys_sendto+0x24/0x30\n  do_syscall_64+0x101/0xf80\n  ? exc_page_fault+0x6e/0x170\n  ? srso_alias_return_thunk+0x5/0xfbef5\n  entry_SYSCALL_64_after_hwframe+0x77/0x7f\n  </TASK>\n\nFix this by checking ipv6_mod_enabled() before dispatching IPv6 packets to\nbond_na_rcv(). If IPv6 is disabled, return early from bond_rcv_validate()\nand avoid the path to ipv6_chk_addr()."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.18","versionEndExcluding":"6.1.167","matchCriteriaId":"25D24035-467E-4E84-987E-DA8067ECEAC4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/30021e969d48e5819d5ae56936c2f34c0f7ce997","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/49dbfcb70eca5f6f9043594e1e323c74c39e3863","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/95faa1459b83fa544191e82ccc73856f03b7741f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c78f01abe535853f13f0b26cd5b1d2f19bf52e2f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c9c238066fb254dabf65e27379f93c56112c5b96","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cf6099ef493b94e140b0fad52482a78853115318","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43442","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:56.663","lastModified":"2026-05-21T17:10:51.703","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: fix physical SQE bounds check for SQE_MIXED 128-byte ops\n\nWhen IORING_SETUP_SQE_MIXED is used without IORING_SETUP_NO_SQARRAY,\nthe boundary check for 128-byte SQE operations in io_init_req()\nvalidated the logical SQ head position rather than the physical SQE\nindex.\n\nThe existing check:\n\n  !(ctx->cached_sq_head & (ctx->sq_entries - 1))\n\nensures the logical position isn't at the end of the ring, which is\ncorrect for NO_SQARRAY rings where physical == logical. However, when\nsq_array is present, an unprivileged user can remap any logical\nposition to an arbitrary physical index via sq_array. Setting\nsq_array[N] = sq_entries - 1 places a 128-byte operation at the last\nphysical SQE slot, causing the 128-byte memcpy in\nio_uring_cmd_sqe_copy() to read 64 bytes past the end of the SQE\narray.\n\nReplace the cached_sq_head alignment check with a direct validation\nof the physical SQE index, which correctly handles both sq_array and\nNO_SQARRAY cases."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1f794f9bed3e5cf7250a3b4daf112a72ed1513e9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6f02c6b196036dbb6defb4647d8707d29b7fe95b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43443","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:56.780","lastModified":"2026-05-21T17:09:16.520","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: amd: acp-mach-common: Add missing error check for clock acquisition\n\nThe acp_card_rt5682_init() and acp_card_rt5682s_init() functions did not\ncheck the return values of clk_get(). This could lead to a kernel crash\nwhen the invalid pointers are later dereferenced by clock core\nfunctions.\n\nFix this by:\n1. Changing clk_get() to the device-managed devm_clk_get().\n2. Adding IS_ERR() checks immediately after each clock acquisition."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.19.9","matchCriteriaId":"72993C68-4B53-4F53-8505-6A00D983861D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0cee68fb7f4cf1562e067c5a82d25062a973b0d0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/30c64fb9839949f085c8eb55b979cbd8a4c51f00","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43444","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:56.883","lastModified":"2026-05-21T17:08:15.527","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Unreserve bo if queue update failed\n\nError handling path should unreserve bo then return failed.\n\n(cherry picked from commit c24afed7de9ecce341825d8ab55a43a254348b33)"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12","versionEndExcluding":"6.12.78","matchCriteriaId":"CF16B1DB-0D79-4F76-8B3C-57C79AB99F70"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2ce75a0b7e1bfddbcb9bc8aeb2e5e7fa99971acf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/529c985da1b277b36dc99aad660f96dc70f3c467","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/781110700ada22168fbb490dd61432d23a17a5b4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b2b7742c465c8e3b36dc325a48abb4b9f2aaa38b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43445","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:56.983","lastModified":"2026-05-21T16:38:08.130","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ne1000/e1000e: Fix leak in DMA error cleanup\n\nIf an error is encountered while mapping TX buffers, the driver should\nunmap any buffers already mapped for that skb.\n\nBecause count is incremented after a successful mapping, it will always\nmatch the correct number of unmappings needed when dma_error is reached.\nDecrementing count before the while loop in dma_error causes an\noff-by-one error. If any mapping was successful before an unsuccessful\nmapping, exactly one DMA mapping would leak.\n\nIn these commits, a faulty while condition caused an infinite loop in\ndma_error:\nCommit 03b1320dfcee (\"e1000e: remove use of skb_dma_map from e1000e\ndriver\")\nCommit 602c0554d7b0 (\"e1000: remove use of skb_dma_map from e1000 driver\")\n\nCommit c1fa347f20f1 (\"e1000/e1000e/igb/igbvf/ixgb/ixgbe: Fix tests of\nunsigned in *_tx_map()\") fixed the infinite loop, but introduced the\noff-by-one error.\n\nThis issue may still exist in the igbvf driver, but I did not address it\nin this patch."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.33.1","versionEndExcluding":"5.10.253","matchCriteriaId":"9AAED072-B61B-4439-8F12-1FDA964D59DC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.167","matchCriteriaId":"2EDC6BAF-B710-4E26-B6AA-D68922EE7B43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.33:-:*:*:*:*:*:*","matchCriteriaId":"EF818826-D9F2-42F9-9638-9609513561A3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.33:rc6:*:*:*:*:*:*","matchCriteriaId":"B220EA3F-55B3-4B6E-8285-B28ADEF50138"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.33:rc7:*:*:*:*:*:*","matchCriteriaId":"C61AB348-ACF4-4F88-AC9D-BEC63B76399C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.33:rc8:*:*:*:*:*:*","matchCriteriaId":"C3AFD58E-A261-4398-BA11-B62A091261F6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0606c24a745bafd1be5d66c48361638cd9cad74b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/0a1fc25deabab4efce64610e3c449485c4fa8f5f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/10b5e65959e955a1c8894e0a5413944b5a70204a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/30e87ade8d678c25a8546cf38c0b498fa5cb27d3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/519051c711dfd239ef6e4b28878efee400a035f9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7eaeb778bfaa3b2a804f89321c234d59c74569db","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e94eaef11142b01f77bf8ba4d0b59720b7858109","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fa5ba9867a55e640df0dc79bf0199770fb043f03","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43446","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:57.113","lastModified":"2026-05-21T17:03:45.157","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\naccel/amdxdna: Fix runtime suspend deadlock when there is pending job\n\nThe runtime suspend callback drains the running job workqueue before\nsuspending the device. If a job is still executing and calls\npm_runtime_resume_and_get(), it can deadlock with the runtime suspend\npath.\n\nFix this by moving pm_runtime_resume_and_get() from the job execution\nroutine to the job submission routine, ensuring the device is resumed\nbefore the job is queued and avoiding the deadlock during runtime\nsuspend."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-667"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/6b13cb8f48a42ddf6dd98865b673a82e37ff238b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ac72e7385a2c7533dd766de4197134d96230be85","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43447","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:57.217","lastModified":"2026-05-21T17:02:04.870","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\niavf: fix PTP use-after-free during reset\n\nCommit 7c01dbfc8a1c5f (\"iavf: periodically cache PHC time\") introduced a\nworker to cache PHC time, but failed to stop it during reset or disable.\n\nThis creates a race condition where `iavf_reset_task()` or\n`iavf_disable_vf()` free adapter resources (AQ) while the worker is still\nrunning. If the worker triggers `iavf_queue_ptp_cmd()` during teardown, it\naccesses freed memory/locks, leading to a crash.\n\nFix this by calling `iavf_ptp_release()` before tearing down the adapter.\nThis ensures `ptp_clock_unregister()` synchronously cancels the worker and\ncleans up the chardev before the backing resources are destroyed."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.15","versionEndExcluding":"6.18.19","matchCriteriaId":"D6461E17-9936-4679-8F97-568871A6FBE4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1b034f2429ce6b45ce74dc266175d277acafc5c4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/90cc8b2add29b57288025b51c70bc647e7cccb12","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/efc54fb13d79117a825fef17364315a58682c7ec","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43448","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:57.323","lastModified":"2026-05-21T17:00:53.657","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-pci: Fix race bug in nvme_poll_irqdisable()\n\nIn the following scenario, pdev can be disabled between (1) and (3) by\n(2). This sets pdev->msix_enabled = 0. Then, pci_irq_vector() will\nreturn MSI-X IRQ(>15) for (1) whereas return INTx IRQ(<=15) for (2).\nThis causes IRQ warning because it tries to enable INTx IRQ that has\nnever been disabled before.\n\nTo fix this, save IRQ number into a local variable and ensure\ndisable_irq() and enable_irq() operate on the same IRQ number.  Even if\npci_free_irq_vectors() frees the IRQ concurrently, disable_irq() and\nenable_irq() on a stale IRQ number is still valid and safe, and the\ndepth accounting reamins balanced.\n\ntask 1:\nnvme_poll_irqdisable()\n  disable_irq(pci_irq_vector(pdev, nvmeq->cq_vector)) ...(1)\n  enable_irq(pci_irq_vector(pdev, nvmeq->cq_vector))  ...(3)\n\ntask 2:\nnvme_reset_work()\n  nvme_dev_disable()\n    pdev->msix_enable = 0;  ...(2)\n\ncrash log:\n\n------------[ cut here ]------------\nUnbalanced enable for IRQ 10\nWARNING: kernel/irq/manage.c:753 at __enable_irq+0x102/0x190 kernel/irq/manage.c:753, CPU#1: kworker/1:0H/26\nModules linked in:\nCPU: 1 UID: 0 PID: 26 Comm: kworker/1:0H Not tainted 6.19.0-dirty #9 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nWorkqueue: kblockd blk_mq_timeout_work\nRIP: 0010:__enable_irq+0x107/0x190 kernel/irq/manage.c:753\nCode: ff df 48 89 fa 48 c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 79 48 8d 3d 2e 7a 3f 05 41 8b 74 24 2c <67> 48 0f b9 3a e8 ef b9 21 00 5b 41 5c 5d e9 46 54 66 03 e8 e1 b9\nRSP: 0018:ffffc900001bf550 EFLAGS: 00010046\nRAX: 0000000000000007 RBX: 0000000000000000 RCX: ffffffffb20c0e90\nRDX: 0000000000000000 RSI: 000000000000000a RDI: ffffffffb74b88f0\nRBP: ffffc900001bf560 R08: ffff88800197cf00 R09: 0000000000000001\nR10: 0000000000000003 R11: 0000000000000003 R12: ffff8880012a6000\nR13: 1ffff92000037eae R14: 000000000000000a R15: 0000000000000293\nFS:  0000000000000000(0000) GS:ffff8880b49f7000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000555da4a25fa8 CR3: 00000000208e8000 CR4: 00000000000006f0\nCall Trace:\n <TASK>\n enable_irq+0x121/0x1e0 kernel/irq/manage.c:797\n nvme_poll_irqdisable+0x162/0x1c0 drivers/nvme/host/pci.c:1494\n nvme_timeout+0x965/0x14b0 drivers/nvme/host/pci.c:1744\n blk_mq_rq_timed_out block/blk-mq.c:1653 [inline]\n blk_mq_handle_expired+0x227/0x2d0 block/blk-mq.c:1721\n bt_iter+0x2fc/0x3a0 block/blk-mq-tag.c:292\n __sbitmap_for_each_set include/linux/sbitmap.h:269 [inline]\n sbitmap_for_each_set include/linux/sbitmap.h:290 [inline]\n bt_for_each block/blk-mq-tag.c:324 [inline]\n blk_mq_queue_tag_busy_iter+0x969/0x1e80 block/blk-mq-tag.c:536\n blk_mq_timeout_work+0x627/0x870 block/blk-mq.c:1763\n process_one_work+0x956/0x1aa0 kernel/workqueue.c:3257\n process_scheduled_works kernel/workqueue.c:3340 [inline]\n worker_thread+0x65c/0xe60 kernel/workqueue.c:3421\n kthread+0x41a/0x930 kernel/kthread.c:463\n ret_from_fork+0x6f8/0x8c0 arch/x86/kernel/process.c:158\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246\n </TASK>\nirq event stamp: 74478\nhardirqs last  enabled at (74477): [<ffffffffb5720a9c>] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:159 [inline]\nhardirqs last  enabled at (74477): [<ffffffffb5720a9c>] _raw_spin_unlock_irq+0x2c/0x60 kernel/locking/spinlock.c:202\nhardirqs last disabled at (74478): [<ffffffffb57207b5>] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline]\nhardirqs last disabled at (74478): [<ffffffffb57207b5>] _raw_spin_lock_irqsave+0x85/0xa0 kernel/locking/spinlock.c:162\nsoftirqs last  enabled at (74304): [<ffffffffb1e9466c>] __do_softirq kernel/softirq.c:656 [inline]\nsoftirqs last  enabled at (74304): [<ffffffffb1e9466c>] invoke_softirq kernel/softirq.c:496 [inline]\nsoftirqs last  enabled at (74304): [<ffffffffb1e9466c>] __irq_exit_rcu+0xdc/0x120\n---truncated---"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-362"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7","versionEndExcluding":"6.1.167","matchCriteriaId":"B5CE982A-7BCF-4A25-8247-C00806377AA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/265dbc9bc33c29f60f90be3e0afe1c4067ebb70b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/628773eba024d1107cc9ec157a682cbb42ac912a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/843e913cef4e33723663a899727f685a95ab53fe","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b56c49897bdac5cb49e3495ef421c391628ee9bb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e311d84c62eb76e025e11a44155b402e55950b83","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fc71f409b22ca831a9f87a2712eaa09ef2bb4a5e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43449","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:57.477","lastModified":"2026-05-21T16:59:20.160","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-pci: Fix slab-out-of-bounds in nvme_dbbuf_set\n\ndev->online_queues is a count incremented in nvme_init_queue. Thus,\nvalid indices are 0 through dev->online_queues − 1.\n\nThis patch fixes the loop condition to ensure the index stays within the\nvalid range. Index 0 is excluded because it is the admin queue.\n\nKASAN splat:\n\n==================================================================\nBUG: KASAN: slab-out-of-bounds in nvme_dbbuf_free drivers/nvme/host/pci.c:377 [inline]\nBUG: KASAN: slab-out-of-bounds in nvme_dbbuf_set+0x39c/0x400 drivers/nvme/host/pci.c:404\nRead of size 2 at addr ffff88800592a574 by task kworker/u8:5/74\n\nCPU: 0 UID: 0 PID: 74 Comm: kworker/u8:5 Not tainted 6.19.0-dirty #10 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nWorkqueue: nvme-reset-wq nvme_reset_work\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0xea/0x150 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xce/0x5d0 mm/kasan/report.c:482\n kasan_report+0xdc/0x110 mm/kasan/report.c:595\n __asan_report_load2_noabort+0x18/0x20 mm/kasan/report_generic.c:379\n nvme_dbbuf_free drivers/nvme/host/pci.c:377 [inline]\n nvme_dbbuf_set+0x39c/0x400 drivers/nvme/host/pci.c:404\n nvme_reset_work+0x36b/0x8c0 drivers/nvme/host/pci.c:3252\n process_one_work+0x956/0x1aa0 kernel/workqueue.c:3257\n process_scheduled_works kernel/workqueue.c:3340 [inline]\n worker_thread+0x65c/0xe60 kernel/workqueue.c:3421\n kthread+0x41a/0x930 kernel/kthread.c:463\n ret_from_fork+0x6f8/0x8c0 arch/x86/kernel/process.c:158\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246\n </TASK>\n\nAllocated by task 34 on cpu 1 at 4.241550s:\n kasan_save_stack+0x2c/0x60 mm/kasan/common.c:57\n kasan_save_track+0x1c/0x70 mm/kasan/common.c:78\n kasan_save_alloc_info+0x3c/0x50 mm/kasan/generic.c:570\n poison_kmalloc_redzone mm/kasan/common.c:398 [inline]\n __kasan_kmalloc+0xb5/0xc0 mm/kasan/common.c:415\n kasan_kmalloc include/linux/kasan.h:263 [inline]\n __do_kmalloc_node mm/slub.c:5657 [inline]\n __kmalloc_node_noprof+0x2bf/0x8d0 mm/slub.c:5663\n kmalloc_array_node_noprof include/linux/slab.h:1075 [inline]\n nvme_pci_alloc_dev drivers/nvme/host/pci.c:3479 [inline]\n nvme_probe+0x2f1/0x1820 drivers/nvme/host/pci.c:3534\n local_pci_probe+0xef/0x1c0 drivers/pci/pci-driver.c:324\n pci_call_probe drivers/pci/pci-driver.c:392 [inline]\n __pci_device_probe drivers/pci/pci-driver.c:417 [inline]\n pci_device_probe+0x743/0x920 drivers/pci/pci-driver.c:451\n call_driver_probe drivers/base/dd.c:583 [inline]\n really_probe+0x29b/0xb70 drivers/base/dd.c:661\n __driver_probe_device+0x3b0/0x4a0 drivers/base/dd.c:803\n driver_probe_device+0x56/0x1f0 drivers/base/dd.c:833\n __driver_attach_async_helper+0x155/0x340 drivers/base/dd.c:1159\n async_run_entry_fn+0xa6/0x4b0 kernel/async.c:129\n process_one_work+0x956/0x1aa0 kernel/workqueue.c:3257\n process_scheduled_works kernel/workqueue.c:3340 [inline]\n worker_thread+0x65c/0xe60 kernel/workqueue.c:3421\n kthread+0x41a/0x930 kernel/kthread.c:463\n ret_from_fork+0x6f8/0x8c0 arch/x86/kernel/process.c:158\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246\n\nThe buggy address belongs to the object at ffff88800592a000\n which belongs to the cache kmalloc-2k of size 2048\nThe buggy address is located 244 bytes to the right of\n allocated 1152-byte region [ffff88800592a000, ffff88800592a480)\n\nThe buggy address belongs to the physical page:\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5928\nhead: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0\nanon flags: 0xfffffc0000040(head|node=0|zone=1|lastcpupid=0x1fffff)\npage_type: f5(slab)\nraw: 000fffffc0000040 ffff888001042000 0000000000000000 dead000000000001\nraw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000\nhead: 000fffffc0000040 ffff888001042000 00000\n---truncated---"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14.210","versionEndExcluding":"4.15","matchCriteriaId":"8850B628-46E3-4E83-8136-9AFC8965A13E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.161","versionEndExcluding":"4.20","matchCriteriaId":"368AA3A3-6A4A-492B-99FB-E804FFEBF173"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.81","versionEndExcluding":"5.5","matchCriteriaId":"71E14FFC-F203-4E2A-81C4-D67CF14E2327"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.9.12","versionEndExcluding":"5.10","matchCriteriaId":"7D05D36D-2D49-4012-BD61-E167762C92E0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.1","versionEndExcluding":"5.10.253","matchCriteriaId":"B87BA2E9-4271-421C-B198-37987F5E3B98"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.167","matchCriteriaId":"2EDC6BAF-B710-4E26-B6AA-D68922EE7B43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.10:-:*:*:*:*:*:*","matchCriteriaId":"B29EBB93-107F-4ED6-8DE3-C2732BC659C3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.10:rc5:*:*:*:*:*:*","matchCriteriaId":"F0390D83-6C17-4557-BE8D-B659E04F565A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.10:rc6:*:*:*:*:*:*","matchCriteriaId":"4120E4B3-B66D-4ACE-8570-1DD4DF20A324"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.10:rc7:*:*:*:*:*:*","matchCriteriaId":"73D60343-647D-4B5D-AA6D-CE87C462E368"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2b9d605c3f0d3262142f196249cd3bd58c857c71","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/328c551f0cc81ee776b186b86cc6e5253bb6fda7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/50bad78f03a02d3c0f228edf9912b494d3e7acb9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/78279d2d74c58a0ed64e43cf601a02649771182e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/83e6edd6358326c9c2de31a54bb4a1ec50703f1f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/86183d550559e45e07059bbdf17331fea469e38c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b4e78f1427c7d6859229ae9616df54e1fc05a516","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d7990c936e25f484b61a5adeeadc1d290a9fd16e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43450","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:57.643","lastModified":"2026-05-21T16:57:23.840","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nfnetlink_cthelper: fix OOB read in nfnl_cthelper_dump_table()\n\nnfnl_cthelper_dump_table() has a 'goto restart' that jumps to a label\ninside the for loop body.  When the \"last\" helper saved in cb->args[1]\nis deleted between dump rounds, every entry fails the (cur != last)\ncheck, so cb->args[1] is never cleared.  The for loop finishes with\ncb->args[0] == nf_ct_helper_hsize, and the 'goto restart' jumps back\ninto the loop body bypassing the bounds check, causing an 8-byte\nout-of-bounds read on nf_ct_helper_hash[nf_ct_helper_hsize].\n\nThe 'goto restart' block was meant to re-traverse the current bucket\nwhen \"last\" is no longer found, but it was placed after the for loop\ninstead of inside it.  Move the block into the for loop body so that\nthe restart only occurs while cb->args[0] is still within bounds.\n\n BUG: KASAN: slab-out-of-bounds in nfnl_cthelper_dump_table+0x9f/0x1b0\n Read of size 8 at addr ffff888104ca3000 by task poc_cthelper/131\n Call Trace:\n  nfnl_cthelper_dump_table+0x9f/0x1b0\n  netlink_dump+0x333/0x880\n  netlink_recvmsg+0x3e2/0x4b0\n  sock_recvmsg+0xde/0xf0\n  __sys_recvfrom+0x150/0x200\n  __x64_sys_recvfrom+0x76/0x90\n  do_syscall_64+0xc3/0x6e0\n\n Allocated by task 1:\n  __kvmalloc_node_noprof+0x21b/0x700\n  nf_ct_alloc_hashtable+0x65/0xd0\n  nf_conntrack_helper_init+0x21/0x60\n  nf_conntrack_init_start+0x18d/0x300\n  nf_conntrack_standalone_init+0x12/0xc0"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.6","versionEndExcluding":"5.10.253","matchCriteriaId":"B1E56B8D-E2CC-46E7-96DE-E547DE8E1A45"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.167","matchCriteriaId":"2EDC6BAF-B710-4E26-B6AA-D68922EE7B43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/05018cd9370f77bb18fbf6e15ff33c7a06f10b3c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/0605e1985a95d4334a67869aee45a47e82301abf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3cc328ffc32ddb389cba7b78b6aa95d995c2876e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4a1f6ee69267a5f524102c028981410eeacfa3da","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/61b3a1f8621df1a5928118313f133996f6a786db","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6dcee8496d53165b2d8a5909b3050b62ae71fe89","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/894c5780ddadd5fde0e16f66587918e6be1504c4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/92441f6d9405a0c18d03f278b395e782f79a4a30","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43451","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:57.773","lastModified":"2026-05-21T16:55:59.700","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nfnetlink_queue: fix entry leak in bridge verdict error path\n\nnfqnl_recv_verdict() calls find_dequeue_entry() to remove the queue\nentry from the queue data structures, taking ownership of the entry.\nFor PF_BRIDGE packets, it then calls nfqa_parse_bridge() to parse VLAN\nattributes.  If nfqa_parse_bridge() returns an error (e.g. NFQA_VLAN\npresent but NFQA_VLAN_TCI missing), the function returns immediately\nwithout freeing the dequeued entry or its sk_buff.\n\nThis leaks the nf_queue_entry, its associated sk_buff, and all held\nreferences (net_device refcounts, struct net refcount).  Repeated\ntriggering exhausts kernel memory.\n\nFix this by dropping the entry via nfqnl_reinject() with NF_DROP verdict\non the error path, consistent with other error handling in this file."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.7","versionEndExcluding":"5.10.253","matchCriteriaId":"ECAE2C71-1F96-4C4B-95AA-E231486990AB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.167","matchCriteriaId":"2EDC6BAF-B710-4E26-B6AA-D68922EE7B43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0b18d1b834ab5a5009be70b530f978d7989e445b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/208669df703a25a601f45822b10c413f258bf275","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/47b1c5d1b0944aa88299f55a846fabaefc756982","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9853d94b82d303fc4ac37d592a23a154096ecd41","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a907bea273b60d3e604ec4e8e1f6c49954805794","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b38d2b4603fd3dda24eb8b3dd81c18a0930be97b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cf4a4df38d1747e06fc54f9879bd7a6f4178032f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f1ba83755d81c6fc66ac7acd723d238f974091e9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43452","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:57.900","lastModified":"2026-05-21T16:54:50.030","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: x_tables: guard option walkers against 1-byte tail reads\n\nWhen the last byte of options is a non-single-byte option kind, walkers\nthat advance with i += op[i + 1] ? : 1 can read op[i + 1] past the end\nof the option area.\n\nAdd an explicit i == optlen - 1 check before dereferencing op[i + 1]\nin xt_tcpudp and xt_dccp option walkers."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":4.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.16","versionEndExcluding":"5.10.253","matchCriteriaId":"A30D1FAD-2809-4789-8667-0C7920265E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.167","matchCriteriaId":"2EDC6BAF-B710-4E26-B6AA-D68922EE7B43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/5b18b8b35c7cded2d17b2b2604c9b0694ff48d1c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9b94f0e42ed248eb31929da84ed9f5310d7ff540","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ae1e1267650638136b84c23f2b31250f0ccb6823","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bc18551c6169eac5ed813778d3e3e484002dbbe5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c2a445367a496a3c25dbc940c10c8bd1cfd4c14a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c39f84e4be1be63fc60ca7141ea7b76edcea5907","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cfe770220ac2dbd3e104c6b45094037455da81d4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d04800323336eebf441d153f43234eac9b833d36","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43453","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:58.027","lastModified":"2026-05-21T16:52:05.013","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_pipapo: fix stack out-of-bounds read in pipapo_drop()\n\npipapo_drop() passes rulemap[i + 1].n to pipapo_unmap() as the\nto_offset argument on every iteration, including the last one where\ni == m->field_count - 1. This reads one element past the end of the\nstack-allocated rulemap array (declared as rulemap[NFT_PIPAPO_MAX_FIELDS]\nwith NFT_PIPAPO_MAX_FIELDS == 16).\n\nAlthough pipapo_unmap() returns early when is_last is true without\nusing the to_offset value, the argument is evaluated at the call site\nbefore the function body executes, making this a genuine out-of-bounds\nstack read confirmed by KASAN:\n\n  BUG: KASAN: stack-out-of-bounds in pipapo_drop+0x50c/0x57c [nf_tables]\n  Read of size 4 at addr ffff8000810e71a4\n\n  This frame has 1 object:\n   [32, 160) 'rulemap'\n\n  The buggy address is at offset 164 -- exactly 4 bytes past the end\n  of the rulemap array.\n\nPass 0 instead of rulemap[i + 1].n on the last iteration to avoid\nthe out-of-bounds read."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"5.10.253","matchCriteriaId":"A46EE847-2B8F-4145-AB46-8D057B48AFC9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.167","matchCriteriaId":"2EDC6BAF-B710-4E26-B6AA-D68922EE7B43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0a55d62cdb628923d8a21724374a70c76ac7d19d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1957e793196e7f8557374fd4eda53abcbb42e1c0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/324b749aa5b2d516ccfab933df9d3f56e7807f5f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/57fb87ca095d5127cd7a27583b8ec43dcf7c9e9e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/60c1d18781e37bfb96290b86510eb01c5fa24d75","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d6d8cd2db236a9dd13dbc2d05843b3445cc964b5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/dfbdac719198778b581bc0dd055df2542edb8c62","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e047f6fbb975f685d6c9fcef95b3b7787a79b46d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43457","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:58.517","lastModified":"2026-05-21T16:50:46.697","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmctp: i2c: fix skb memory leak in receive path\n\nWhen 'midev->allow_rx' is false, the newly allocated skb isn't consumed\nby netif_rx(), it needs to free the skb directly."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.18","versionEndExcluding":"6.1.167","matchCriteriaId":"25D24035-467E-4E84-987E-DA8067ECEAC4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0fb2adbdd5c03e8c9ebcdc48afd414b2724c85eb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1b1be322342a6b0085bf6ee52235e5ac9834ec25","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1ec54187e1aa40a4cfa2b265e9a311179f24b98d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9f81be2ab9d8e4744871bfb3e868ef413413829f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d7900a43b0a314a645ca0a2adf45928dbc7001f4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e3f5e0f22cfc2371e7471c9fd5b4da78f9df7c69","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43458","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:58.630","lastModified":"2026-05-21T16:47:42.210","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nserial: caif: hold tty->link reference in ldisc_open and ser_release\n\nA reproducer triggers a KASAN slab-use-after-free in pty_write_room()\nwhen caif_serial's TX path calls tty_write_room(). The faulting access\nis on tty->link->port.\n\nHold an extra kref on tty->link for the lifetime of the caif_serial line\ndiscipline: get it in ldisc_open() and drop it in ser_release(), and\nalso drop it on the ldisc_open() error path.\n\nWith this change applied, the reproducer no longer triggers the UAF in\nmy testing."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.35","versionEndExcluding":"5.10.253","matchCriteriaId":"01B7CC59-B567-4F40-ABCE-0E98C6B3D80D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.167","matchCriteriaId":"2EDC6BAF-B710-4E26-B6AA-D68922EE7B43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/23a3ac2e2262a291498567418227b99e1f3606b1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/27e43356d0defb9fc7fa25265219a3ffeb7b3e98","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/288598d80a068a0e9281de35bcb4ce495f189e2a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/35b58d3bc716ebb9ebd10fe1cac8c1177242511c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/52135420e9f75853ea0c6cea7b736e3e98495f7d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8460187b4852fd00bd1c76394358053f3fa4d089","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/97a0bb491cae39478c6225381f14e9ac67b7bba7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ca2ceba983bb23ea0202c2882d963253416654a3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43459","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:58.753","lastModified":"2026-05-21T16:45:58.407","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: soc-core: flush delayed work before removing DAIs and widgets\n\nWhen a sound card is unbound while a PCM stream is open, a\nuse-after-free can occur in snd_soc_dapm_stream_event(), called from\nthe close_delayed_work workqueue handler.\n\nDuring unbind, snd_soc_unbind_card() flushes delayed work and then\ncalls soc_cleanup_card_resources(). Inside cleanup,\nsnd_card_disconnect_sync() releases all PCM file descriptors, and\nthe resulting PCM close path can call snd_soc_dapm_stream_stop()\nwhich schedules new delayed work with a pmdown_time timer delay.\nSince this happens after the flush in snd_soc_unbind_card(), the\nnew work is not caught. soc_remove_link_components() then frees\nDAPM widgets before this work fires, leading to the use-after-free.\n\nThe existing flush in soc_free_pcm_runtime() also cannot help as it\nruns after soc_remove_link_components() has already freed the widgets.\n\nAdd a flush in soc_cleanup_card_resources() after\nsnd_card_disconnect_sync() (after which no new PCM closes can\nschedule further delayed work) and before soc_remove_link_dais()\nand soc_remove_link_components() (which tear down the structures the\ndelayed work accesses)."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"5.10.253","matchCriteriaId":"95D48ED0-67BC-4B98-8122-F911E04187F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.167","matchCriteriaId":"2EDC6BAF-B710-4E26-B6AA-D68922EE7B43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/231568afbc0cd25b8fb2a94ebf9738eabe1cf007","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/317a9298c54bb00319da73e5a7179f00e67fcbdf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3887e514978d28216246360b46a9cb534969eb5a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7d33e6140945482a07f8089ee86e13e02553ffdb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/95bc5c225513fc3c4ce169563fb5e3929fbb938b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bf80a89da97285d9b877e0c6995e870d46b8025c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c054f0607c8bb1b1aa529bc109e4149298a1cccd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/eab71e11ce2447c1e01809cbc11eab4234cf8dc8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43466","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:59.543","lastModified":"2026-05-21T15:39:39.883","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix DMA FIFO desync on error CQE SQ recovery\n\nIn case of a TX error CQE, a recovery flow is triggered,\nmlx5e_reset_txqsq_cc_pc() resets dma_fifo_cc to 0 but not dma_fifo_pc,\ndesyncing the DMA FIFO producer and consumer.\n\nAfter recovery, the producer pushes new DMA entries at the old\ndma_fifo_pc, while the consumer reads from position 0.\nThis causes us to unmap stale DMA addresses from before the recovery.\n\nThe DMA FIFO is a purely software construct with no HW counterpart.\nAt the point of reset, all WQEs have been flushed so dma_fifo_cc is\nalready equal to dma_fifo_pc. There is no need to reset either counter,\nsimilar to how skb_fifo pc/cc are untouched.\n\nRemove the 'dma_fifo_cc = 0' reset.\n\nThis fixes the following WARNING:\n    WARNING: CPU: 0 PID: 0 at drivers/iommu/dma-iommu.c:1240 iommu_dma_unmap_page+0x79/0x90\n    Modules linked in: mlx5_vdpa vringh vdpa bonding mlx5_ib mlx5_vfio_pci ipip mlx5_fwctl tunnel4 mlx5_core ib_ipoib geneve ip6_gre ip_gre gre nf_tables ip6_tunnel rdma_ucm ib_uverbs ib_umad vfio_pci vfio_pci_core act_mirred act_skbedit act_vlan vhost_net vhost tap ip6table_mangle ip6table_nat ip6table_filter ip6_tables iptable_mangle cls_matchall nfnetlink_cttimeout act_gact cls_flower sch_ingress vhost_iotlb iptable_raw tunnel6 vfio_iommu_type1 vfio openvswitch nsh rpcsec_gss_krb5 auth_rpcgss oid_registry xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink iptable_nat nf_nat xt_addrtype br_netfilter overlay zram zsmalloc rpcrdma ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_cm ib_core fuse [last unloaded: nf_tables]\n    CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.13.0-rc5_for_upstream_min_debug_2024_12_30_21_33 #1\n    Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n    RIP: 0010:iommu_dma_unmap_page+0x79/0x90\n    Code: 2b 4d 3b 21 72 26 4d 3b 61 08 73 20 49 89 d8 44 89 f9 5b 4c 89 f2 4c 89 e6 48 89 ef 5d 41 5c 41 5d 41 5e 41 5f e9 c7 ae 9e ff <0f> 0b 5b 5d 41 5c 41 5d 41 5e 41 5f c3 66 2e 0f 1f 84 00 00 00 00\n    Call Trace:\n     <IRQ>\n     ? __warn+0x7d/0x110\n     ? iommu_dma_unmap_page+0x79/0x90\n     ? report_bug+0x16d/0x180\n     ? handle_bug+0x4f/0x90\n     ? exc_invalid_op+0x14/0x70\n     ? asm_exc_invalid_op+0x16/0x20\n     ? iommu_dma_unmap_page+0x79/0x90\n     ? iommu_dma_unmap_page+0x2e/0x90\n     dma_unmap_page_attrs+0x10d/0x1b0\n     mlx5e_tx_wi_dma_unmap+0xbe/0x120 [mlx5_core]\n     mlx5e_poll_tx_cq+0x16d/0x690 [mlx5_core]\n     mlx5e_napi_poll+0x8b/0xac0 [mlx5_core]\n     __napi_poll+0x24/0x190\n     net_rx_action+0x32a/0x3b0\n     ? mlx5_eq_comp_int+0x7e/0x270 [mlx5_core]\n     ? notifier_call_chain+0x35/0xa0\n     handle_softirqs+0xc9/0x270\n     irq_exit_rcu+0x71/0xd0\n     common_interrupt+0x7f/0xa0\n     </IRQ>\n     <TASK>\n     asm_common_interrupt+0x22/0x40"}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":4.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.17","versionEndExcluding":"5.10.253","matchCriteriaId":"DEE6D861-833E-4A69-98AC-2743228E5BAF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.167","matchCriteriaId":"2EDC6BAF-B710-4E26-B6AA-D68922EE7B43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1633111d69053512d099658d4a05fc736fab36b0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/383b37c04a4827ba60b2bafc1a6cdfd995aed58f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6eb68ecc5acc3b319986566c595990b8a7265b23","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6f41f7812bfa7f991b732a4b45c5c52fc4be3b4e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/821f85d619f7f22cda7b9d7de89cf5eeb1d11544","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/829efcccfa8f69db5dc8332961295587d218cee6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9c5ee9b981ee050b73fdf3f4a2464d6f1a8e10a8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ce1b19dd0684eeb68a124c11085bd611260b36d9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43467","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:59.690","lastModified":"2026-05-21T15:31:25.243","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix crash when moving to switchdev mode\n\nWhen moving to switchdev mode when the device doesn't support IPsec,\nwe try to clean up the IPsec resources anyway which causes the crash\nbelow, fix that by correctly checking for IPsec support before trying\nto clean up its resources.\n\n[27642.515799] WARNING: arch/x86/mm/fault.c:1276 at\ndo_user_addr_fault+0x18a/0x680, CPU#4: devlink/6490\n[27642.517159] Modules linked in: xt_conntrack xt_MASQUERADE\nip6table_nat ip6table_filter ip6_tables iptable_nat nf_nat xt_addrtype\nrpcsec_gss_krb5 auth_rpcgss oid_registry overlay mlx5_fwctl nfnetlink\nzram zsmalloc mlx5_ib fuse rpcrdma rdma_ucm ib_uverbs ib_iser libiscsi\nscsi_transport_iscsi ib_umad rdma_cm ib_ipoib iw_cm ib_cm mlx5_core\nib_core\n[27642.521358] CPU: 4 UID: 0 PID: 6490 Comm: devlink Not tainted\n6.19.0-rc5_for_upstream_min_debug_2026_01_14_16_47 #1 NONE\n[27642.522923] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS\nrel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\n[27642.524528] RIP: 0010:do_user_addr_fault+0x18a/0x680\n[27642.525362] Code: ff 0f 84 75 03 00 00 48 89 ee 4c 89 e7 e8 5e b9 22\n00 49 89 c0 48 85 c0 0f 84 a8 02 00 00 f7 c3 60 80 00 00 74 22 31 c9 eb\n   ae <0f> 0b 48 83 c4 10 48 89 ea 48 89 de 4c 89 f7 5b 5d 41 5c 41 5d\n41\n[27642.528166] RSP: 0018:ffff88810770f6b8 EFLAGS: 00010046\n[27642.529038] RAX: 0000000000000000 RBX: 0000000000000002 RCX:\nffff88810b980f00\n[27642.530158] RDX: 00000000000000a0 RSI: 0000000000000002 RDI:\nffff88810770f728\n[27642.531270] RBP: 00000000000000a0 R08: 0000000000000000 R09:\n0000000000000000\n[27642.532383] R10: 0000000000000000 R11: 0000000000000000 R12:\nffff888103f3c4c0\n[27642.533499] R13: 0000000000000000 R14: ffff88810770f728 R15:\n0000000000000000\n[27642.534614] FS:  00007f197c741740(0000) GS:ffff88856a94c000(0000)\nknlGS:0000000000000000\n[27642.535915] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[27642.536858] CR2: 00000000000000a0 CR3: 000000011334c003 CR4:\n0000000000172eb0\n[27642.537982] Call Trace:\n[27642.538466]  <TASK>\n[27642.538907]  exc_page_fault+0x76/0x140\n[27642.539583]  asm_exc_page_fault+0x22/0x30\n[27642.540282] RIP: 0010:_raw_spin_lock_irqsave+0x10/0x30\n[27642.541134] Code: 07 85 c0 75 11 ba ff 00 00 00 f0 0f b1 17 75 06 b8\n01 00 00 00 c3 31 c0 c3 90 0f 1f 44 00 00 53 9c 5b fa 31 c0 ba 01 00 00\n   00 <f0> 0f b1 17 75 05 48 89 d8 5b c3 89 c6 e8 7e 02 00 00 48 89 d8\n      5b\n[27642.543936] RSP: 0018:ffff88810770f7d8 EFLAGS: 00010046\n[27642.544803] RAX: 0000000000000000 RBX: 0000000000000202 RCX:\nffff888113ad96d8\n[27642.545916] RDX: 0000000000000001 RSI: ffff88810770f818 RDI:\n00000000000000a0\n[27642.547027] RBP: 0000000000000098 R08: 0000000000000400 R09:\nffff88810b980f00\n[27642.548140] R10: 0000000000000001 R11: ffff888101845a80 R12:\n00000000000000a8\n[27642.549263] R13: ffffffffa02a9060 R14: 00000000000000a0 R15:\nffff8881130d8a40\n[27642.550379]  complete_all+0x20/0x90\n[27642.551010]  mlx5e_ipsec_disable_events+0xb6/0xf0 [mlx5_core]\n[27642.552022]  mlx5e_nic_disable+0x12d/0x220 [mlx5_core]\n[27642.552929]  mlx5e_detach_netdev+0x66/0xf0 [mlx5_core]\n[27642.553822]  mlx5e_netdev_change_profile+0x5b/0x120 [mlx5_core]\n[27642.554821]  mlx5e_vport_rep_load+0x419/0x590 [mlx5_core]\n[27642.555757]  ? xa_load+0x53/0x90\n[27642.556361]  __esw_offloads_load_rep+0x54/0x70 [mlx5_core]\n[27642.557328]  mlx5_esw_offloads_rep_load+0x45/0xd0 [mlx5_core]\n[27642.558320]  esw_offloads_enable+0xb4b/0xc90 [mlx5_core]\n[27642.559247]  mlx5_eswitch_enable_locked+0x34e/0x4f0 [mlx5_core]\n[27642.560257]  ? mlx5_rescan_drivers_locked+0x222/0x2d0 [mlx5_core]\n[27642.561284]  mlx5_devlink_eswitch_mode_set+0x5ac/0x9c0 [mlx5_core]\n[27642.562334]  ? devlink_rate_set_ops_supported+0x21/0x3a0\n[27642.563220]  devlink_nl_eswitch_set_doit+0x67/0xe0\n[27642.564026]  genl_family_rcv_msg_doit+0xe0/0x130\n[27642.564816]  genl_rcv_msg+0x183/0x290\n[27642.565466]  ? __devlink_nl_pre_doit.isra.0+0x160/0x160\n[27642.566329]  ? d\n---truncated---"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12.56","versionEndExcluding":"6.12.78","matchCriteriaId":"5134072B-2DAF-4DF0-A3FB-176C79025940"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.17.6","versionEndExcluding":"6.18","matchCriteriaId":"8B7EFF9F-4A45-4CD5-85D2-F68BD7D7F5B3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.18.1","versionEndExcluding":"6.18.19","matchCriteriaId":"6F718F75-20D5-4D17-B698-1D1BD5FDE294"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.18:-:*:*:*:*:*:*","matchCriteriaId":"DCE57113-2223-4308-A0F2-5E6ECFBB3C23"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.18:rc3:*:*:*:*:*:*","matchCriteriaId":"26CA425A-E44F-49D2-92D9-1DDD56398440"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.18:rc4:*:*:*:*:*:*","matchCriteriaId":"BEEBB43A-4C9F-46BE-AA6D-9DBFD2244E55"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.18:rc5:*:*:*:*:*:*","matchCriteriaId":"2545FB83-C4A6-4F62-9ED1-09F75D2E3C78"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.18:rc6:*:*:*:*:*:*","matchCriteriaId":"E955EC5D-4684-4B5D-AE4D-F2BF9ADDBA1D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.18:rc7:*:*:*:*:*:*","matchCriteriaId":"38C4D89F-9A13-4D29-8645-C9785C142C07"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/05c9a6df3646cdd25e0e10e6ef2d20cdba3ed8f9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/24b2795f9683e092dc22a68f487e7aaaf2ddafea","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/835778685f157b4fd4683b670cfe4010265bac60","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bc72f739f398d9d2e4f3d06f3f75fe98876d5579","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43468","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:59.830","lastModified":"2026-05-21T15:00:34.340","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix deadlock between devlink lock and esw->wq\n\nesw->work_queue executes esw_functions_changed_event_handler ->\nesw_vfs_changed_event_handler and acquires the devlink lock.\n\n.eswitch_mode_set (acquires devlink lock in devlink_nl_pre_doit) ->\nmlx5_devlink_eswitch_mode_set -> mlx5_eswitch_disable_locked ->\nmlx5_eswitch_event_handler_unregister -> flush_workqueue deadlocks\nwhen esw_vfs_changed_event_handler executes.\n\nFix that by no longer flushing the work to avoid the deadlock, and using\na generation counter to keep track of work relevance. This avoids an old\nhandler manipulating an esw that has undergone one or more mode changes:\n- the counter is incremented in mlx5_eswitch_event_handler_unregister.\n- the counter is read and passed to the ephemeral mlx5_host_work struct.\n- the work handler takes the devlink lock and bails out if the current\n  generation is different than the one it was scheduled to operate on.\n- mlx5_eswitch_cleanup does the final draining before destroying the wq.\n\nNo longer flushing the workqueue has the side effect of maybe no longer\ncancelling pending vport_change_handler work items, but that's ok since\nthose are disabled elsewhere:\n- mlx5_eswitch_disable_locked disables the vport eq notifier.\n- mlx5_esw_vport_disable disarms the HW EQ notification and marks\n  vport->enabled under state_lock to false to prevent pending vport\n  handler from doing anything.\n- mlx5_eswitch_cleanup destroys the workqueue and makes sure all events\n  are disabled/finished."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-667"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"6.1.167","matchCriteriaId":"E1965CA7-37DE-412B-919C-4794C1259363"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0de867f6e34eae6907b367fd152c55e61cb98608","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3c7313cb41b1b427078440364d2f042c276a1c0b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4a7838bebc38374f74baaf88bf2cf8d439a92923","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/90e7e5d14d0bd25ffd019a3aa39d9f1c05fedbe1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/957d2a58f7f8ebcbdd0a85935e0d2675134b890d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/aed763abf0e905b4b8d747d1ba9e172961572f57","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43469","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:59.957","lastModified":"2026-05-21T14:58:32.127","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nxprtrdma: Decrement re_receiving on the early exit paths\n\nIn the event that rpcrdma_post_recvs() fails to create a work request\n(due to memory allocation failure, say) or otherwise exits early, we\nshould decrement ep->re_receiving before returning. Otherwise we will\nhang in rpcrdma_xprt_drain() as re_receiving will never reach zero and\nthe completion will never be triggered.\n\nOn a system with high memory pressure, this can appear as the following\nhung task:\n\n    INFO: task kworker/u385:17:8393 blocked for more than 122 seconds.\n          Tainted: G S          E       6.19.0 #3\n    \"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n    task:kworker/u385:17 state:D stack:0     pid:8393  tgid:8393  ppid:2      task_flags:0x4248060 flags:0x00080000\n    Workqueue: xprtiod xprt_autoclose [sunrpc]\n    Call Trace:\n     <TASK>\n     __schedule+0x48b/0x18b0\n     ? ib_post_send_mad+0x247/0xae0 [ib_core]\n     schedule+0x27/0xf0\n     schedule_timeout+0x104/0x110\n     __wait_for_common+0x98/0x180\n     ? __pfx_schedule_timeout+0x10/0x10\n     wait_for_completion+0x24/0x40\n     rpcrdma_xprt_disconnect+0x444/0x460 [rpcrdma]\n     xprt_rdma_close+0x12/0x40 [rpcrdma]\n     xprt_autoclose+0x5f/0x120 [sunrpc]\n     process_one_work+0x191/0x3e0\n     worker_thread+0x2e3/0x420\n     ? __pfx_worker_thread+0x10/0x10\n     kthread+0x10d/0x230\n     ? __pfx_kthread+0x10/0x10\n     ret_from_fork+0x273/0x2b0\n     ? __pfx_kthread+0x10/0x10\n     ret_from_fork_asm+0x1a/0x30"}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.13","versionEndExcluding":"5.15.203","matchCriteriaId":"985804EB-66D2-4D4A-AF5D-D7A87E940EEE"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.167","matchCriteriaId":"2EDC6BAF-B710-4E26-B6AA-D68922EE7B43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/49f53ee4e25297d886f14e31f355ad1c2735ddfb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/74c39a47856bddcde7874f2196a00143b5cd0af9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7b6275c80a0c81c5f8943272292dfe67730ce849","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7ea69259a60a364f56cf4aa9e2eafb588d1c762b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8127b5fec04757c2a41ed65bca0b3266968efd3b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8cb6b5d8296b1f99a8d36849901ebabfe3f749db","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/dc3ebd7e2d73dbd4d317785735ffa6c4a6384ddf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43472","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:17:00.313","lastModified":"2026-05-21T14:59:05.957","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nunshare: fix unshare_fs() handling\n\nThere's an unpleasant corner case in unshare(2), when we have a\nCLONE_NEWNS in flags and current->fs hadn't been shared at all; in that\ncase copy_mnt_ns() gets passed current->fs instead of a private copy,\nwhich causes interesting warts in proof of correctness]\n\n> I guess if private means fs->users == 1, the condition could still be true.\n\nUnfortunately, it's worse than just a convoluted proof of correctness.\nConsider the case when we have CLONE_NEWCGROUP in addition to CLONE_NEWNS\n(and current->fs->users == 1).\n\nWe pass current->fs to copy_mnt_ns(), all right.  Suppose it succeeds and\nflips current->fs->{pwd,root} to corresponding locations in the new namespace.\nNow we proceed to copy_cgroup_ns(), which fails (e.g. with -ENOMEM).\nWe call put_mnt_ns() on the namespace created by copy_mnt_ns(), it's\ndestroyed and its mount tree is dissolved, but...  current->fs->root and\ncurrent->fs->pwd are both left pointing to now detached mounts.\n\nThey are pinning those, so it's not a UAF, but it leaves the calling\nprocess with unshare(2) failing with -ENOMEM _and_ leaving it with\npwd and root on detached isolated mounts.  The last part is clearly a bug.\n\nThere is other fun related to that mess (races with pivot_root(), including\nthe one between pivot_root() and fork(), of all things), but this one\nis easy to isolate and fix - treat CLONE_NEWNS as \"allocate a new\nfs_struct even if it hadn't been shared in the first place\".  Sure, we could\ngo for something like \"if both CLONE_NEWNS *and* one of the things that might\nend up failing after copy_mnt_ns() call in create_new_namespaces() are set,\nforce allocation of new fs_struct\", but let's keep it simple - the cost\nof copy_fs_struct() is trivial.\n\nAnother benefit is that copy_mnt_ns() with CLONE_NEWNS *always* gets\na freshly allocated fs_struct, yet to be attached to anything.  That\nseriously simplifies the analysis...\n\nFWIW, that bug had been there since the introduction of unshare(2) ;-/"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-908"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.16.1","versionEndExcluding":"5.10.253","matchCriteriaId":"C527DFD3-87E2-45E8-8722-B18DC25946EE"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.167","matchCriteriaId":"2EDC6BAF-B710-4E26-B6AA-D68922EE7B43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.16:-:*:*:*:*:*:*","matchCriteriaId":"EBF2513D-8F4F-4ED5-ADCE-9933F34F1BFB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.16:rc3:*:*:*:*:*:*","matchCriteriaId":"54393D69-B368-4296-9798-D81570495C6C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.16:rc4:*:*:*:*:*:*","matchCriteriaId":"6791A801-9E06-47DD-912F-D8594E2F6B3F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.16:rc5:*:*:*:*:*:*","matchCriteriaId":"AE90CCED-3A5B-46E3-A6B0-4865AB786289"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.16:rc6:*:*:*:*:*:*","matchCriteriaId":"CBFF6DE7-6D7C-469A-9B2D-2F6E915F55B0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.16:rc7:*:*:*:*:*:*","matchCriteriaId":"D0CD4E4B-E756-4401-A352-871EBA5B8680"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/42e21e74061b0ebbd859839f81acf10efad02a27","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6c4b2243cb6c0755159bd567130d5e12e7b10d9f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/845bf3c6963a52096d0d3866e4a92db77a0c03d8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/aa9ebc084505fb26dd90f4d7a249045aad152043","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/af8f4be3b68ac8caa41c8e5ead0eeaf5e85e42d0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d0d99f60538ddb4a62ccaac2168d8f448965f083","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d3ffc8f13034af895531a02c30b1fe3a34b46432","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d7963d6997fea86a6def242ac36198b86655f912","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43473","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:17:00.453","lastModified":"2026-05-21T14:59:03.313","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Add NULL checks when resetting request and reply queues\n\nThe driver encountered a crash during resource cleanup when the reply and\nrequest queues were NULL due to freed memory.  This issue occurred when the\ncreation of reply or request queues failed, and the driver freed the memory\nfirst, but attempted to mem set the content of the freed memory, leading to\na system crash.\n\nAdd NULL pointer checks for reply and request queues before accessing the\nreply/request memory during cleanup"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.17","versionEndExcluding":"6.1.167","matchCriteriaId":"E7A9A910-FB79-4BDA-9F21-34A651CE6253"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/220d7ca70611a73d50ef8e9edac630ed1ececb7c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/78d3f201f8b609928eade53cf03a52df5415aaf7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7da755e0d02e9ca035065127e108d1fed8950dc8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7df0296ad4e9253d12c6dbe7f120044dddc95600","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e978a36f332ede78eb4de037b517db16265d420d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fa96392ebebc8fade2b878acb14cce0f71016503","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43474","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:17:00.577","lastModified":"2026-05-21T14:59:00.757","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nfs: init flags_valid before calling vfs_fileattr_get\n\nsyzbot reported a uninit-value bug in [1].\n\nSimilar to the \"*get\" context where the kernel's internal file_kattr\nstructure is initialized before calling vfs_fileattr_get(), we should\nuse the same mechanism when using fa.\n\n[1]\nBUG: KMSAN: uninit-value in fuse_fileattr_get+0xeb4/0x1450 fs/fuse/ioctl.c:517\n fuse_fileattr_get+0xeb4/0x1450 fs/fuse/ioctl.c:517\n vfs_fileattr_get fs/file_attr.c:94 [inline]\n __do_sys_file_getattr fs/file_attr.c:416 [inline]\n\nLocal variable fa.i created at:\n __do_sys_file_getattr fs/file_attr.c:380 [inline]\n __se_sys_file_getattr+0x8c/0xbd0 fs/file_attr.c:372"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-908"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.17","versionEndExcluding":"6.18.19","matchCriteriaId":"25416534-40E3-4D42-9162-AB375255352E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/379e19e820dd1c6145426b97467728b3b89c0b42","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b8c182b2c8c44c6016b11d8af61715ad7ef958a1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cb184dd19154fc486fa3d9e02afe70a97e54e055","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43475","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:17:00.687","lastModified":"2026-05-21T14:58:56.503","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: storvsc: Fix scheduling while atomic on PREEMPT_RT\n\nThis resolves the follow splat and lock-up when running with PREEMPT_RT\nenabled on Hyper-V:\n\n[  415.140818] BUG: scheduling while atomic: stress-ng-iomix/1048/0x00000002\n[  415.140822] INFO: lockdep is turned off.\n[  415.140823] Modules linked in: intel_rapl_msr intel_rapl_common intel_uncore_frequency_common intel_pmc_core pmt_telemetry pmt_discovery pmt_class intel_pmc_ssram_telemetry intel_vsec ghash_clmulni_intel aesni_intel rapl binfmt_misc nls_ascii nls_cp437 vfat fat snd_pcm hyperv_drm snd_timer drm_client_lib drm_shmem_helper snd sg soundcore drm_kms_helper pcspkr hv_balloon hv_utils evdev joydev drm configfs efi_pstore nfnetlink vsock_loopback vmw_vsock_virtio_transport_common hv_sock vmw_vsock_vmci_transport vsock vmw_vmci efivarfs autofs4 ext4 crc16 mbcache jbd2 sr_mod sd_mod cdrom hv_storvsc serio_raw hid_generic scsi_transport_fc hid_hyperv scsi_mod hid hv_netvsc hyperv_keyboard scsi_common\n[  415.140846] Preemption disabled at:\n[  415.140847] [<ffffffffc0656171>] storvsc_queuecommand+0x2e1/0xbe0 [hv_storvsc]\n[  415.140854] CPU: 8 UID: 0 PID: 1048 Comm: stress-ng-iomix Not tainted 6.19.0-rc7 #30 PREEMPT_{RT,(full)}\n[  415.140856] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 09/04/2024\n[  415.140857] Call Trace:\n[  415.140861]  <TASK>\n[  415.140861]  ? storvsc_queuecommand+0x2e1/0xbe0 [hv_storvsc]\n[  415.140863]  dump_stack_lvl+0x91/0xb0\n[  415.140870]  __schedule_bug+0x9c/0xc0\n[  415.140875]  __schedule+0xdf6/0x1300\n[  415.140877]  ? rtlock_slowlock_locked+0x56c/0x1980\n[  415.140879]  ? rcu_is_watching+0x12/0x60\n[  415.140883]  schedule_rtlock+0x21/0x40\n[  415.140885]  rtlock_slowlock_locked+0x502/0x1980\n[  415.140891]  rt_spin_lock+0x89/0x1e0\n[  415.140893]  hv_ringbuffer_write+0x87/0x2a0\n[  415.140899]  vmbus_sendpacket_mpb_desc+0xb6/0xe0\n[  415.140900]  ? rcu_is_watching+0x12/0x60\n[  415.140902]  storvsc_queuecommand+0x669/0xbe0 [hv_storvsc]\n[  415.140904]  ? HARDIRQ_verbose+0x10/0x10\n[  415.140908]  ? __rq_qos_issue+0x28/0x40\n[  415.140911]  scsi_queue_rq+0x760/0xd80 [scsi_mod]\n[  415.140926]  __blk_mq_issue_directly+0x4a/0xc0\n[  415.140928]  blk_mq_issue_direct+0x87/0x2b0\n[  415.140931]  blk_mq_dispatch_queue_requests+0x120/0x440\n[  415.140933]  blk_mq_flush_plug_list+0x7a/0x1a0\n[  415.140935]  __blk_flush_plug+0xf4/0x150\n[  415.140940]  __submit_bio+0x2b2/0x5c0\n[  415.140944]  ? submit_bio_noacct_nocheck+0x272/0x360\n[  415.140946]  submit_bio_noacct_nocheck+0x272/0x360\n[  415.140951]  ext4_read_bh_lock+0x3e/0x60 [ext4]\n[  415.140995]  ext4_block_write_begin+0x396/0x650 [ext4]\n[  415.141018]  ? __pfx_ext4_da_get_block_prep+0x10/0x10 [ext4]\n[  415.141038]  ext4_da_write_begin+0x1c4/0x350 [ext4]\n[  415.141060]  generic_perform_write+0x14e/0x2c0\n[  415.141065]  ext4_buffered_write_iter+0x6b/0x120 [ext4]\n[  415.141083]  vfs_write+0x2ca/0x570\n[  415.141087]  ksys_write+0x76/0xf0\n[  415.141089]  do_syscall_64+0x99/0x1490\n[  415.141093]  ? rcu_is_watching+0x12/0x60\n[  415.141095]  ? finish_task_switch.isra.0+0xdf/0x3d0\n[  415.141097]  ? rcu_is_watching+0x12/0x60\n[  415.141098]  ? lock_release+0x1f0/0x2a0\n[  415.141100]  ? rcu_is_watching+0x12/0x60\n[  415.141101]  ? finish_task_switch.isra.0+0xe4/0x3d0\n[  415.141103]  ? rcu_is_watching+0x12/0x60\n[  415.141104]  ? __schedule+0xb34/0x1300\n[  415.141106]  ? hrtimer_try_to_cancel+0x1d/0x170\n[  415.141109]  ? do_nanosleep+0x8b/0x160\n[  415.141111]  ? hrtimer_nanosleep+0x89/0x100\n[  415.141114]  ? __pfx_hrtimer_wakeup+0x10/0x10\n[  415.141116]  ? xfd_validate_state+0x26/0x90\n[  415.141118]  ? rcu_is_watching+0x12/0x60\n[  415.141120]  ? do_syscall_64+0x1e0/0x1490\n[  415.141121]  ? do_syscall_64+0x1e0/0x1490\n[  415.141123]  ? rcu_is_watching+0x12/0x60\n[  415.141124]  ? do_syscall_64+0x1e0/0x1490\n[  415.141125]  ? do_syscall_64+0x1e0/0x1490\n[  415.141127]  ? irqentry_exit+0x140/0\n---truncated---"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"5.10.253","matchCriteriaId":"0F72276A-F3E2-4130-8677-3AA5521A3C83"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.167","matchCriteriaId":"2EDC6BAF-B710-4E26-B6AA-D68922EE7B43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/57297736c08233987e5d29ce6584c6ca2a831b12","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/91ab59f76d0866079420ebff1c7959fcd87a242e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b82462af23e45e066dd56d2736ea70159a6ad647","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c2e73d8acd056347a70047e6be7cd98e0e811dfa","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c7984d196476adcbd51c0ce386d7e90277198d57","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cf00cb15f2515e38d3b7571bf6800b7c6ce70a84","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e7919a293f9b6101e38bde0d8613daea6c9955df","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f8db760f4f52a73a022a3d6c84c488ead952a9b5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-42794","sourceIdentifier":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","published":"2026-05-08T16:16:12.750","lastModified":"2026-05-21T18:51:38.287","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation (XSS) vulnerability in absinthe-graphql absinthe_plug allows reflected cross-site scripting via the GraphiQL interface.\n\n'Elixir.Absinthe.Plug.GraphiQL':js_escape/1 in lib/absinthe/plug/graphiql.ex escapes single quotes and newlines in the query GET parameter before embedding it in an inline JavaScript string, but does not escape backslashes. An attacker can bypass the escaping by prefixing a quote with a backslash (e.g. \\'), breaking out of the string context and executing arbitrary JavaScript in the victim's browser.\n\nThis issue affects absinthe_plug: from 1.2.0 before 1.5.10."}],"metrics":{"cvssMetricV40":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:absinthe-graphql:absinthe.plug:*:*:*:*:*:*:*:*","versionStartIncluding":"1.2.0","versionEndExcluding":"1.5.10","matchCriteriaId":"3EF9F187-A4F5-4D86-A3BF-7774F698CFED"}]}]}],"references":[{"url":"https://cna.erlef.org/cves/CVE-2026-42794.html","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Third Party Advisory"]},{"url":"https://github.com/absinthe-graphql/absinthe_plug/commit/23a0d5658d32420086711adf4ce8f05febb09963","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Patch"]},{"url":"https://github.com/absinthe-graphql/absinthe_plug/issues/275","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Issue Tracking"]},{"url":"https://osv.dev/vulnerability/EEF-CVE-2026-42794","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Third Party Advisory"]},{"url":"https://github.com/absinthe-graphql/absinthe_plug/issues/275","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Issue Tracking"]}]}},{"cve":{"id":"CVE-2026-41889","sourceIdentifier":"security-advisories@github.com","published":"2026-05-08T17:16:31.040","lastModified":"2026-05-21T19:58:12.450","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a placeholder outside of a string literal, and the value of that placeholder is controllable by the attacker. This issue has been patched in version 5.9.2."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jackc:pgx:*:*:*:*:*:go:*:*","versionEndExcluding":"5.9.2","matchCriteriaId":"3183A68D-CD63-4678-9310-13BEB97F3112"}]}]}],"references":[{"url":"https://github.com/jackc/pgx/commit/60644f84918a8af66d14a4b0d865d4edafd955da","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/jackc/pgx/releases/tag/v5.9.2","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/jackc/pgx/security/advisories/GHSA-j88v-2chj-qfwx","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8257","sourceIdentifier":"cna@vuldb.com","published":"2026-05-11T02:16:27.090","lastModified":"2026-05-21T17:59:57.330","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was detected in WebAssembly Binaryen up to 117. This issue affects the function IRBuilder::makeBrOn of the file src/wasm/wasm-ir-builder.cpp of the component BrOn Parser. Performing a manipulation results in reachable assertion. The attack needs to be approached locally. The exploit is now public and may be used. The patch is named 1251efbc1ea471c1311d2726b2bbe061ff2a291c. It is suggested to install a patch to address this issue."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:S/C:N/I:N/A:P","baseScore":1.7,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":3.1,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-617"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:webassembly:binaryen:*:*:*:*:*:*:*:*","versionEndIncluding":"117","matchCriteriaId":"1393C215-C0AA-4989-85C4-7ED61B35A855"}]}]}],"references":[{"url":"https://github.com/HackC0der/CVE-Repos/blob/main/wasm-binaryen/Assertion_Failure_isRef_wasm_Type_getHeapType_commit_3ef8d19","source":"cna@vuldb.com","tags":["Exploit"]},{"url":"https://github.com/WebAssembly/binaryen/","source":"cna@vuldb.com","tags":["Product"]},{"url":"https://github.com/WebAssembly/binaryen/commit/1251efbc1ea471c1311d2726b2bbe061ff2a291c","source":"cna@vuldb.com","tags":["Patch"]},{"url":"https://github.com/WebAssembly/binaryen/issues/8633","source":"cna@vuldb.com","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/WebAssembly/binaryen/pull/8635","source":"cna@vuldb.com","tags":["Mitigation","Patch"]},{"url":"https://vuldb.com/submit/809552","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/362554","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/362554/cti","source":"cna@vuldb.com","tags":["Permissions Required","VDB Entry"]}]}},{"cve":{"id":"CVE-2026-42865","sourceIdentifier":"security-advisories@github.com","published":"2026-05-11T18:16:36.683","lastModified":"2026-05-21T18:03:57.447","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Inbox Zero is an AI personal assistant for email. Prior to 2.29.3, the cleaner email stream endpoint used a shared Redis subscription listener, which could deliver thread events for one authenticated account to another authenticated account using the cleaner feature at the same time. This vulnerability is fixed in 2.29.3."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:getinboxzero:inbox_zero:*:*:*:*:*:*:*:*","versionEndExcluding":"2.29.3","matchCriteriaId":"96735CCB-CCC9-487F-A5F4-EC379B6CC9D5"}]}]}],"references":[{"url":"https://github.com/elie222/inbox-zero/commit/02341923b5460ce9630c4681a9b6461ba466688a","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/elie222/inbox-zero/security/advisories/GHSA-f3gp-v7cj-2569","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-32687","sourceIdentifier":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","published":"2026-05-12T15:16:12.810","lastModified":"2026-05-21T18:54:59.587","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in elixir-ecto postgrex ('Elixir.Postgrex.Notifications' module) allows SQL Injection.\n\nThe channel argument passed to 'Elixir.Postgrex.Notifications':listen/3 and 'Elixir.Postgrex.Notifications':unlisten/3 is interpolated directly into LISTEN \"...\" / UNLISTEN \"...\" SQL statements without escaping the \" character. An attacker who can influence the channel name can inject a \" to break out of the quoted identifier and append arbitrary SQL. Because the notifications connection uses the PostgreSQL simple query protocol, multi-statement payloads are accepted, allowing DDL and DML commands to be chained (e.g. ; DROP TABLE ...; --). The same unsanitized interpolation also occurs in handle_connect/1 when replaying LISTEN commands after a reconnect.\n\nThis vulnerability is associated with program file lib/postgrex/notifications.ex and program routines 'Elixir.Postgrex.Notifications':listen/3, 'Elixir.Postgrex.Notifications':unlisten/3, 'Elixir.Postgrex.Notifications':handle_connect/1.\n\nThis issue affects postgrex: from 0.16.0 before 0.22.2, from pkg:github/elixir-ecto/postgrex@266b530faf9bde094e31e0e4ab851f933fadc0f5 before 0.22.2."}],"metrics":{"cvssMetricV40":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:elixir-ecto:postgrex:*:*:*:*:*:*:*:*","versionStartIncluding":"0.16.0","versionEndExcluding":"0.22.0","matchCriteriaId":"40050434-50AF-4ADC-AEE9-9374ECB91F30"}]}]}],"references":[{"url":"https://cna.erlef.org/cves/CVE-2026-32687.html","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Third Party Advisory"]},{"url":"https://github.com/elixir-ecto/ecto/security/advisories/GHSA-r73h-97w8-m54h","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Vendor Advisory"]},{"url":"https://github.com/elixir-ecto/postgrex/commit/7cdedbd4316bb65f82e6a9a4f922c0ac491cb770","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Patch"]},{"url":"https://osv.dev/vulnerability/EEF-CVE-2026-32687","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-40379","sourceIdentifier":"secure@microsoft.com","published":"2026-05-12T18:17:16.663","lastModified":"2026-05-21T18:48:48.500","vulnStatus":"Analyzed","cveTags":[{"sourceIdentifier":"secure@microsoft.com","tags":["exclusively-hosted-service"]}],"descriptions":[{"lang":"en","value":"Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized attacker to perform spoofing over a network."}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.8},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:entra_id:-:*:*:*:*:*:*:*","matchCriteriaId":"D09E509F-AFF3-4991-877A-D197388E7AD4"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40379","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44301","sourceIdentifier":"security-advisories@github.com","published":"2026-05-12T22:16:36.843","lastModified":"2026-05-21T20:21:56.627","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses Node-based asset pipelines (PostCSS, Babel, TailwindCSS), Hugo invoked the configured Node tools without restrictions on file system access. As a result, executing hugo against an untrusted site could allow code running through these tools to read or write files outside the project's working directory. Users who do not use PostCSS, Babel, or TailwindCSS, or who only build trusted sites, are not affected. This vulnerability is fixed in 0.161.0."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gohugo:hugo:*:*:*:*:*:*:*:*","versionStartIncluding":"0.43","versionEndExcluding":"0.161.0","matchCriteriaId":"87D8FE05-004B-415E-B5C5-51ABC92D6D2A"}]}]}],"references":[{"url":"https://github.com/gohugoio/hugo/security/advisories/GHSA-x597-9fr4-5857","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-39803","sourceIdentifier":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","published":"2026-05-13T14:17:32.633","lastModified":"2026-05-21T15:23:12.223","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion.\n\nThe chunked clause of 'Elixir.Bandit.HTTP1.Socket':read_data/2 in lib/bandit/http1/socket.ex ignores the caller-supplied :length option when reading HTTP/1 chunked request bodies. Instead of capping the accumulated body at the configured limit (e.g. Plug.Parsers' default 8 MB), do_read_chunked_data!/5 buffers every received chunk into an iolist unconditionally and materializes the entire body as a single binary. The function always returns {:ok, body, ...}, so callers cannot interpose a 413 response.\n\nBecause Plug.Parsers runs before routing and authentication in the standard Phoenix endpoint, an unauthenticated attacker needs no valid route or credentials. Sending a single Transfer-Encoding: chunked POST request with an arbitrarily large body to any path causes the BEAM process to exhaust available memory and be terminated by the OS OOM killer.\n\nThe content-length path in the same function correctly enforces the limit and is not affected.\n\nThis issue affects bandit: from 1.4.0 before 1.11.1."}],"metrics":{"cvssMetricV40":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mtrudel:bandit:*:*:*:*:*:*:*:*","versionStartIncluding":"1.4.0","versionEndExcluding":"1.11.1","matchCriteriaId":"74E94987-90D9-47B7-9473-24ABB26B8EB7"}]}]}],"references":[{"url":"https://cna.erlef.org/cves/CVE-2026-39803.html","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Third Party Advisory"]},{"url":"https://github.com/mtrudel/bandit/commit/ae3520dfdbfab115c638f8c7f6f6b805db34e1ab","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Patch"]},{"url":"https://github.com/mtrudel/bandit/security/advisories/GHSA-9q9q-324x-93r2","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Exploit","Vendor Advisory"]},{"url":"https://osv.dev/vulnerability/EEF-CVE-2026-39803","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Third Party Advisory"]},{"url":"https://github.com/mtrudel/bandit/security/advisories/GHSA-9q9q-324x-93r2","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-39806","sourceIdentifier":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","published":"2026-05-13T14:17:35.700","lastModified":"2026-05-21T15:23:08.653","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in mtrudel bandit allows unauthenticated remote denial of service via worker process exhaustion.\n\n'Elixir.Bandit.HTTP1.Socket':do_read_chunked_data!/5 in lib/bandit/http1/socket.ex terminates only when the last-chunk line 0\\r\\n is followed immediately by the empty trailer line \\r\\n. RFC 9112 §7.1.2 permits zero or more trailer fields between them. When trailers are present, none of the match clauses fit: the catch-all arm computes a negative to_read, calls read_available!/2, receives <<>> on timeout, and tail-recurses with unchanged state. The worker process is pinned for the lifetime of the TCP connection.\n\nA handful of concurrent connections sending RFC-conformant chunked requests with trailer fields is sufficient to exhaust the Bandit worker pool and render the server unresponsive to all further traffic. No authentication, special headers, or large payload is required. Proxies such as NGINX and HAProxy legitimately forward trailer-bearing requests, so servers behind such proxies may be affected without any malicious client involvement.\n\nThis issue affects bandit: from 1.6.1 before 1.11.1."}],"metrics":{"cvssMetricV40":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","description":[{"lang":"en","value":"CWE-835"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mtrudel:bandit:*:*:*:*:*:*:*:*","versionStartIncluding":"1.6.1","versionEndExcluding":"1.11.1","matchCriteriaId":"4C7F13C2-7993-4309-BCAE-8548A08F9D5E"}]}]}],"references":[{"url":"https://cna.erlef.org/cves/CVE-2026-39806.html","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Third Party Advisory"]},{"url":"https://github.com/mtrudel/bandit/commit/ae3520dfdbfab115c638f8c7f6f6b805db34e1ab","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Patch"]},{"url":"https://github.com/mtrudel/bandit/security/advisories/GHSA-rf5q-vwxw-gmrf","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Exploit","Vendor Advisory"]},{"url":"https://osv.dev/vulnerability/EEF-CVE-2026-39806","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Third Party Advisory"]},{"url":"https://github.com/mtrudel/bandit/security/advisories/GHSA-rf5q-vwxw-gmrf","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-42945","sourceIdentifier":"f5sirt@f5.com","published":"2026-05-13T16:16:50.190","lastModified":"2026-05-21T19:16:53.100","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}],"metrics":{"cvssMetricV40":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}]},"weaknesses":[{"source":"f5sirt@f5.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]}],"references":[{"url":"https://my.f5.com/manage/s/article/K000161019","source":"f5sirt@f5.com"},{"url":"https://depthfirst.com/nginx-rift","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/DepthFirstDisclosures/Nginx-Rift","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-44484","sourceIdentifier":"security-advisories@github.com","published":"2026-05-14T15:16:48.933","lastModified":"2026-05-21T20:22:17.007","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a credential harvesting mechanism."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-506"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:lightningai:pytorch_lightning:2.6.2:*:*:*:*:python:*:*","matchCriteriaId":"033E2BB1-1BC0-4525-BF4F-36BD96BC6DDA"},{"vulnerable":true,"criteria":"cpe:2.3:a:lightningai:pytorch_lightning:2.6.3:*:*:*:*:python:*:*","matchCriteriaId":"73EFF010-C81E-4B13-9B49-F682502AD1A1"}]}]}],"references":[{"url":"https://github.com/Lightning-AI/pytorch-lightning/security/advisories/GHSA-w37p-236h-pfx3","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-42159","sourceIdentifier":"security-advisories@github.com","published":"2026-05-14T16:16:20.993","lastModified":"2026-05-21T20:22:50.920","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, Flowsint allows a user to create investigations, which are used to manage sketches and analyses. Sketches have controllable graphs, which are comprised of nodes and relationships. The sketches contain information on an OSINT target (usernames, websites, etc) within these nodes and relationships. A remote attacker can create a node with a malicious description that contains arbitrary HTML. When the node is selected, it will render the arbitrary HTML, potentially triggering stored XSS. This vulnerability is fixed in 1.2.3."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:flowsint:flowsint:*:*:*:*:*:*:*:*","versionEndExcluding":"1.2.3","matchCriteriaId":"F591F762-C713-4537-B0F5-8438229D2650"}]}]}],"references":[{"url":"https://github.com/reconurge/flowsint/security/advisories/GHSA-w233-5mmx-cr7x","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/reconurge/flowsint/security/advisories/GHSA-w233-5mmx-cr7x","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-42281","sourceIdentifier":"security-advisories@github.com","published":"2026-05-14T16:16:21.200","lastModified":"2026-05-21T20:12:03.110","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"MagicMirror² is an open source modular smart mirror platform. Prior to 2.36.0, an unauthenticated Server-Side Request Forgery (SSRF) vulnerability in the /cors endpoint allows any remote attacker to force the MagicMirror² server to perform arbitrary HTTP requests to internal networks, cloud metadata services, and localhost services. The endpoint also expands environment variable placeholders (**VAR_NAME**), enabling exfiltration of server-side secrets. This vulnerability is fixed in 2.36.0."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:magicmirror:magicmirror:*:*:*:*:*:node.js:*:*","versionEndExcluding":"2.36.0","matchCriteriaId":"1719EFE4-4CCB-4E6E-8CA7-7131F1F98345"}]}]}],"references":[{"url":"https://github.com/MagicMirrorOrg/MagicMirror/security/advisories/GHSA-ph6f-2cvq-79hq","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/MagicMirrorOrg/MagicMirror/security/advisories/GHSA-ph6f-2cvq-79hq","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-42283","sourceIdentifier":"security-advisories@github.com","published":"2026-05-14T16:16:21.347","lastModified":"2026-05-21T20:01:02.087","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"DevSpace is a client-only developer tool for cloud-native development with Kubernetes. Prior to 6.3.21, DevSpace's UI server WebSocket accepts connections from all origins by default, and therefore several endpoints are exposed via this WebSocket. When a developer runs the DevSpace UI and at the same time uses a browser to access the internet, a malicious website they visit can use their browser to establish a cross-origin WebSocket connection to ws://127.0.0.1:8090. This vulnerability is fixed in 6.3.21."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:devspace:devspace:6.3.20:*:*:*:*:*:*:*","matchCriteriaId":"A49BD27F-301B-4B64-BF14-E5431F196B11"}]}]}],"references":[{"url":"https://github.com/devspace-sh/devspace/security/advisories/GHSA-hqwm-7x7x-8379","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8563","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-14T20:17:18.440","lastModified":"2026-05-21T17:08:10.180","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Insufficient policy enforcement in IFrame Sandbox in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-693"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.168","matchCriteriaId":"86EDE1E0-DF74-4867-802F-A9C2112DD560"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/40061220","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-8564","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-14T20:17:18.550","lastModified":"2026-05-21T17:09:27.923","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect security UI in Downloads in Google Chrome on Android and Mac prior to 148.0.7778.168 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":2.5}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-451"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.168","matchCriteriaId":"86EDE1E0-DF74-4867-802F-A9C2112DD560"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/418273622","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-8565","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-14T20:17:18.663","lastModified":"2026-05-21T17:09:16.417","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Inappropriate implementation in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:L","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":2.7}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-451"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.168","matchCriteriaId":"86EDE1E0-DF74-4867-802F-A9C2112DD560"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/442860473","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-8569","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-14T20:17:19.127","lastModified":"2026-05-21T17:09:04.293","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Out of bounds write in Codecs in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: Medium)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":6.0}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.168","matchCriteriaId":"86EDE1E0-DF74-4867-802F-A9C2112DD560"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/490229299","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-8576","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-14T20:17:19.967","lastModified":"2026-05-21T17:08:51.387","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Inappropriate implementation in CORS in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-942"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.168","matchCriteriaId":"86EDE1E0-DF74-4867-802F-A9C2112DD560"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*","matchCriteriaId":"D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/496231853","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-8578","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-14T20:17:20.160","lastModified":"2026-05-21T17:08:29.657","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Out of bounds read in GPU in Google Chrome on Linux prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.168","matchCriteriaId":"86EDE1E0-DF74-4867-802F-A9C2112DD560"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/496395450","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-8587","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-14T20:17:21.083","lastModified":"2026-05-21T17:08:18.870","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in Extensions in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Medium)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.168","matchCriteriaId":"86EDE1E0-DF74-4867-802F-A9C2112DD560"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/507356235","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2025-65954","sourceIdentifier":"security-advisories@github.com","published":"2026-05-18T20:16:36.980","lastModified":"2026-05-21T21:01:22.977","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. In versions below 6.3.1 and 7.0.0, the logout endpoint accepts a url query parameter to redirect to. casserver treats that url as trusted, and either (depending on configuration) redirects the browser there, or shows a \"you've been logged out\" page with a link to continue to that url. Impacted configs include 'enable_logout' => true, and 'skip_logout_page' -> true. This issue has been resolved in versions 6.3.1 and 7.0.0."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV30":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-601"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:simplesamlphp:simplesamlphp-casserver:*:*:*:*:*:*:*:*","versionEndExcluding":"6.3.1","matchCriteriaId":"A4AEB2D9-BAB0-4631-B59A-7A7EA5AD73CB"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplesamlphp:simplesamlphp-casserver:7.0.0:rc2:*:*:*:*:*:*","matchCriteriaId":"14CB3A7C-1DC2-4691-AB44-59A62256E218"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplesamlphp:simplesamlphp_casserver:7.0.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F110C86E-6377-4FC9-9723-D32402EAF8B5"}]}]}],"references":[{"url":"https://github.com/simplesamlphp/simplesamlphp-module-casserver/commit/0462f50f00b3bb300d83067d11b74146a57bb8e0","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/simplesamlphp/simplesamlphp-module-casserver/commit/fb6c6f1c7b9e757c93c5c306e1d36405e64f6dc5","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/simplesamlphp/simplesamlphp-module-casserver/security/advisories/GHSA-cvrm-5hp6-h523","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/simplesamlphp/simplesamlphp-module-casserver/security/advisories/GHSA-cvrm-5hp6-h523","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-7860","sourceIdentifier":"security@vaadin.com","published":"2026-05-19T12:16:19.960","lastModified":"2026-05-21T19:16:55.610","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A possible information disclosure vulnerability exists in the Vaadin Maven plugin and Vaadin Gradle plugin that exposes the full set of environment variables in build logs whenever the frontend build process exits with a non-zero status. Because the build environment may contain credentials supplied as secrets, any failed frontend build can expose those secrets in clear text in CI logs and archived build artifacts.\n\n\nUsers of affected versions should apply the following mitigation or upgrade. Releases that have fixed this issue include:\n\nProduct version\nVaadin 23.0.0 - 23.6.9\nVaadin 24.0.0 - 24.9.16\nVaadin 24.10.0 - 24.10.3\nVaadin 25.0.0 - 25.0.10\nVaadin 25.1.0 - 25.1.4\n\nMitigation\nUpgrade to 23.6.10\nUpgrade to 24.9.17 or newer\nUpgrade to 24.10.4 or newer\nUpgrade to 25.0.11 or newer\nUpgrade to 25.1.5 or newer\n\nPlease note that Vaadin versions 10-13 and 15-22 are no longer supported and you should update either to the latest 23, 24, or 25 version.\n\nArtifactsMaven coordinatesVulnerable versionsFixed versioncom.vaadin:flow-plugin-base23.0.0 - 23.6.10≥23.6.11com.vaadin:flow-plugin-base24.0.0 - 24.9.17≥24.9.18com.vaadin:flow-plugin-base24.10.0 - 24.10.3≥24.10.4com.vaadin:flow-plugin-base25.0.0 - 25.0.11≥25.0.12com.vaadin:flow-plugin-base25.1.0 - 25.1.4≥25.1.5com.vaadin:flow-maven-plugin23.0.0 - 23.6.10≥23.6.11com.vaadin:flow-maven-plugin24.0.0 - 24.9.17≥24.9.18com.vaadin:flow-maven-plugin24.10.0 - 24.10.3≥24.10.4com.vaadin:flow-maven-plugin25.0.0 - 25.0.11≥25.0.12com.vaadin:flow-maven-plugin25.1.0 - 25.1.4≥25.1.5com.vaadin:flow-gradle-plugin24.0.0 - 24.9.17≥24.9.18com.vaadin:flow-gradle-plugin24.10.0 - 24.10.3≥24.10.4com.vaadin:flow-gradle-plugin25.0.0 - 25.0.11≥25.0.12com.vaadin:flow-gradle-plugin25.1.0 - 25.1.4≥25.1.5"}],"metrics":{"cvssMetricV40":[{"source":"security@vaadin.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:A/V:C/RE:L/U:Green","baseScore":1.6,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NEGLIGIBLE","Automatable":"NO","Recovery":"AUTOMATIC","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"LOW","providerUrgency":"GREEN"}}]},"weaknesses":[{"source":"security@vaadin.com","type":"Secondary","description":[{"lang":"en","value":"CWE-209"}]}],"references":[{"url":"https://github.com/vaadin/flow/pull/24219","source":"security@vaadin.com"},{"url":"https://vaadin.com/security/cve-2026-7860","source":"security@vaadin.com"}]}},{"cve":{"id":"CVE-2026-8945","sourceIdentifier":"security@mozilla.org","published":"2026-05-19T14:16:50.687","lastModified":"2026-05-21T20:56:23.557","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Sandbox escape in Firefox and Firefox Focus for Android. This vulnerability was fixed in Firefox 151."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-693"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*","versionEndExcluding":"151.0.0","matchCriteriaId":"7C197B6D-C48E-4D7E-A1C0-52E081E97DF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox_focus:*:*:*:*:*:android:*:*","versionEndExcluding":"151.0","matchCriteriaId":"3965AA1E-FC2D-47D5-9D3D-3B1E3ECD4399"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2003171","source":"security@mozilla.org","tags":["Permissions Required"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-46/","source":"security@mozilla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8711","sourceIdentifier":"f5sirt@f5.com","published":"2026-05-19T15:16:33.017","lastModified":"2026-05-21T19:16:55.770","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"NGINX JavaScript has a vulnerability when the js_fetch_proxy directive is configured with at least one client-controlled NGINX variable (for example, $http_*, $arg_*, $cookie_*) and a location invoking the ngx.fetch() operation from NGINX JavaScript. An unauthenticated attacker can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}],"metrics":{"cvssMetricV40":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}]},"weaknesses":[{"source":"f5sirt@f5.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]}],"references":[{"url":"https://my.f5.com/manage/s/article/K000161307","source":"f5sirt@f5.com"}]}},{"cve":{"id":"CVE-2026-8602","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-05-19T18:16:31.710","lastModified":"2026-05-21T17:19:21.923","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In ScadaBR version 1.2.0, a Missing Authentication for Critical Function vulnerability could allow an unauthenticated attacker to send a HTTP GET requests to the SCADA system and inject arbitrary sensor readings."}],"metrics":{"cvssMetricV40":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Primary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:scadabr:scadabr:1.2:*:*:*:*:*:*:*","matchCriteriaId":"5D144655-8463-45BF-ACD3-FB5F7D49D2B2"}]}]}],"references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-139-03","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2026-8603","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-05-19T18:16:31.877","lastModified":"2026-05-21T17:17:31.037","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an attacker to execute commands as root on the SCADA system."}],"metrics":{"cvssMetricV40":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:scadabr:scadabr:1.2:*:*:*:*:*:*:*","matchCriteriaId":"5D144655-8463-45BF-ACD3-FB5F7D49D2B2"}]}]}],"references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-139-03","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2026-8604","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-05-19T18:16:32.037","lastModified":"2026-05-21T17:16:54.900","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In ScadaBR version 1.2.0, a CSRF vulnerability could allow an attacker to trigger any authenticated action through a victim's session by luring any logged-in user to a malicious webpage."}],"metrics":{"cvssMetricV40":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:scadabr:scadabr:1.2:*:*:*:*:*:*:*","matchCriteriaId":"5D144655-8463-45BF-ACD3-FB5F7D49D2B2"}]}]}],"references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-139-03","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2026-8605","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-05-19T18:16:32.193","lastModified":"2026-05-21T17:16:07.567","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In ScadaBR version 1.2.0, a Use of Hard-Coded Credentials vulnerability could allow an attacker to access the SCADA system as admin."}],"metrics":{"cvssMetricV40":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Primary","description":[{"lang":"en","value":"CWE-798"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:scadabr:scadabr:1.2:*:*:*:*:*:*:*","matchCriteriaId":"5D144655-8463-45BF-ACD3-FB5F7D49D2B2"}]}]}],"references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-139-03","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2026-33637","sourceIdentifier":"security-advisories@github.com","published":"2026-05-19T19:16:49.113","lastModified":"2026-05-21T20:17:04.260","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Versions 2.0.0 through 2.14.1 still allow protocol-relative host override when the request target is passed as a URI object (rather than a String) to Faraday::Connection#build_exclusive_url. This bypasses the February 2026 fix for GHSA-33mh-2634-fwr2 and enables off-host request forgery: a request built from a fixed-base Faraday::Connection can be redirected to an attacker-controlled host, forwarding connection-scoped values such as Authorization headers and default query parameters. This issue has been fixed in version 2.14.3."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N","baseScore":0.0,"baseSeverity":"NONE","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":0.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:faraday_project:faraday:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.14.2","matchCriteriaId":"B57F79A0-B84B-45A9-8B03-34DF0951519E"}]}]}],"references":[{"url":"https://github.com/advisories/GHSA-33mh-2634-fwr2","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://github.com/lostisland/faraday/security/advisories/GHSA-5rv5-xj5j-3484","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/lostisland/faraday/security/advisories/GHSA-5rv5-xj5j-3484","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-6095","sourceIdentifier":"mlhess@drupal.org","published":"2026-05-19T23:16:57.970","lastModified":"2026-05-21T16:46:48.113","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\") vulnerability in Drupal Orejime allows Cross-Site Scripting (XSS).\n\nThis issue affects Orejime: from 0.0.0 before 2.0.16."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"mlhess@drupal.org","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gaya:orejime:*:*:*:*:*:drupal:*:*","versionEndExcluding":"2.0.16","matchCriteriaId":"04877065-2E6F-4FAB-87AD-034F6C69266E"}]}]}],"references":[{"url":"https://www.drupal.org/sa-contrib-2026-032","source":"mlhess@drupal.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-6871","sourceIdentifier":"mlhess@drupal.org","published":"2026-05-19T23:16:58.467","lastModified":"2026-05-21T16:52:59.880","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\") vulnerability in Drupal Obfuscate allows Cross-Site Scripting (XSS).\n\nThis issue affects Obfuscate: from 0.0.0 before 2.0.2."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"mlhess@drupal.org","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:obfuscate_project:obfuscate:*:*:*:*:*:drupal:*:*","versionEndExcluding":"2.0.2","matchCriteriaId":"8B56A69A-C2FE-4949-9DDE-ADFDE1BD9FAF"}]}]}],"references":[{"url":"https://www.drupal.org/sa-contrib-2026-033","source":"mlhess@drupal.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-43617","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-20T02:16:36.233","lastModified":"2026-05-21T20:54:29.923","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when configured with chroot. Attackers can bypass hostname-based deny rules by controlling the PTR record for their source IP address, allowing connections from hostnames that administrators intended to deny when reverse DNS resolution fails and defaults to UNKNOWN."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":2.5}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-289"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*","versionEndIncluding":"3.4.2","matchCriteriaId":"EC81F4B6-4EC5-433C-9709-E4B9E340C65A"}]}]}],"references":[{"url":"https://github.com/RsyncProject/rsync/releases/tag/v3.4.3","source":"disclosure@vulncheck.com","tags":["Release Notes"]},{"url":"https://github.com/RsyncProject/rsync/security/advisories/GHSA-rjfm-3w2m-jf4f","source":"disclosure@vulncheck.com","tags":["Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/rsync-authorization-bypass-via-hostname-resolution","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-43618","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-20T02:16:36.410","lastModified":"2026-05-21T20:34:38.070","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended buffer bounds. Attackers can exploit this vulnerability to disclose process memory contents including environment variables, passwords, heap and stack data, and library memory pointers, significantly reducing ASLR effectiveness and facilitating further exploitation."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-125"},{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*","versionEndIncluding":"3.4.2","matchCriteriaId":"EC81F4B6-4EC5-433C-9709-E4B9E340C65A"}]}]}],"references":[{"url":"https://github.com/RsyncProject/rsync/releases/tag/v3.4.3","source":"disclosure@vulncheck.com","tags":["Release Notes"]},{"url":"https://github.com/RsyncProject/rsync/security/advisories/GHSA-g37v-g3gj-pmwq","source":"disclosure@vulncheck.com","tags":["Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/rsync-integer-overflow-information-disclosure","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-43619","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-20T02:16:36.577","lastModified":"2026-05-21T20:42:47.623","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat that allow local attackers to redirect operations to files outside the exported rsync module. Attackers with local filesystem access can exploit the timing window between path resolution and syscall execution by swapping symlinks to apply sender-supplied permissions, ownership, timestamps, or filenames to arbitrary files outside the intended module boundary on rsync daemons configured with 'use chroot = no'."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.0,"impactScore":5.2}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-59"},{"lang":"en","value":"CWE-367"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*","versionEndIncluding":"3.4.2","matchCriteriaId":"EC81F4B6-4EC5-433C-9709-E4B9E340C65A"}]}]}],"references":[{"url":"https://github.com/RsyncProject/rsync/releases/tag/v3.4.3","source":"disclosure@vulncheck.com","tags":["Release Notes"]},{"url":"https://github.com/RsyncProject/rsync/security/advisories/GHSA-4h9m-w5ff-j735","source":"disclosure@vulncheck.com","tags":["Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/rsync-symlink-race-condition-via-path-based-syscalls","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-43620","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-20T02:16:36.727","lastModified":"2026-05-21T20:47:19.210","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recv_files() in receiver.c that allows a malicious rsync server to crash the rsync client process. Attackers can exploit the vulnerability by setting CF_INC_RECURSE in compatibility flags and sending a specially crafted file list where the first sorted entry is not the leading dot directory, followed by a transfer record with ndx=0 and an iflag word without ITEM_TRANSFER, causing the receiver to read 8 bytes before the allocated pointer array and dereference an invalid pointer at an unmapped address, resulting in a deterministic SIGSEGV crash of the rsync client."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*","versionEndIncluding":"3.4.2","matchCriteriaId":"EC81F4B6-4EC5-433C-9709-E4B9E340C65A"}]}]}],"references":[{"url":"https://github.com/RsyncProject/rsync/releases/tag/v3.4.3","source":"disclosure@vulncheck.com","tags":["Release Notes"]},{"url":"https://github.com/RsyncProject/rsync/security/advisories/GHSA-28pw-r563-rxvm","source":"disclosure@vulncheck.com","tags":["Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/rsync-out-of-bounds-array-read-via-recv-files","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-45232","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-20T02:16:36.887","lastModified":"2026-05-21T20:52:56.780","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in socket.c that allows network attackers to corrupt stack memory by sending a malformed HTTP proxy response. Attackers can exploit this by positioning themselves between the client and proxy or controlling the proxy server to send a response line of 1023 or more bytes without a newline terminator, causing a null byte to be written to an out-of-bounds stack address when the RSYNC_PROXY environment variable is set."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":1.4}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-193"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*","versionEndExcluding":"3.4.3","matchCriteriaId":"BBA148E3-868F-4A1F-AAD0-16FE15A265DC"}]}]}],"references":[{"url":"https://github.com/RsyncProject/rsync/releases/tag/v3.4.3","source":"disclosure@vulncheck.com","tags":["Release Notes"]},{"url":"https://github.com/RsyncProject/rsync/security/advisories/GHSA-8f85-j2cv-59m8","source":"disclosure@vulncheck.com","tags":["Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/rsync-off-by-one-stack-write-via-http-proxy","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-47783","sourceIdentifier":"cve@mitre.org","published":"2026-05-20T07:16:15.533","lastModified":"2026-05-21T17:06:40.670","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by sasl_server_userdb_checkpass."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}]},"weaknesses":[{"source":"cve@mitre.org","type":"Primary","description":[{"lang":"en","value":"CWE-208"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:memcached:memcached:*:*:*:*:*:*:*:*","versionEndExcluding":"1.6.42","matchCriteriaId":"4EA02C48-8B8D-4F73-9DA2-33B1535B1AF2"}]}]}],"references":[{"url":"https://github.com/memcached/memcached/commit/d13f282b4bce33a9c33b8a1bbf07f12114160fed","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/memcached/memcached/compare/1.6.41...1.6.42","source":"cve@mitre.org","tags":["Release Notes"]},{"url":"https://github.com/memcached/memcached/wiki/ReleaseNotes1642","source":"cve@mitre.org","tags":["Release Notes"]}]}},{"cve":{"id":"CVE-2026-47784","sourceIdentifier":"cve@mitre.org","published":"2026-05-20T07:16:15.733","lastModified":"2026-05-21T17:06:33.240","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by sasl_server_userdb_checkpass."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}]},"weaknesses":[{"source":"cve@mitre.org","type":"Primary","description":[{"lang":"en","value":"CWE-208"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:memcached:memcached:*:*:*:*:*:*:*:*","versionEndExcluding":"1.6.42","matchCriteriaId":"4EA02C48-8B8D-4F73-9DA2-33B1535B1AF2"}]}]}],"references":[{"url":"https://github.com/memcached/memcached/commit/d13f282b4bce33a9c33b8a1bbf07f12114160fed","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/memcached/memcached/compare/1.6.41...1.6.42","source":"cve@mitre.org","tags":["Release Notes"]},{"url":"https://github.com/memcached/memcached/wiki/ReleaseNotes1642","source":"cve@mitre.org","tags":["Release Notes"]}]}},{"cve":{"id":"CVE-2026-29518","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-20T13:16:17.040","lastModified":"2026-05-21T17:05:55.750","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TOCTOU) race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replacing parent directory components with symbolic links. Attackers with write access to a module path can exploit this race condition to create or overwrite arbitrary files, potentially modifying sensitive system files and achieving privilege escalation when the daemon runs with elevated privileges. This vulnerability can only be triggered if the chroot setting is false."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-367"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*","versionEndExcluding":"3.4.3","matchCriteriaId":"BBA148E3-868F-4A1F-AAD0-16FE15A265DC"}]}]}],"references":[{"url":"https://github.com/RsyncProject/rsync/pull/895/changes/8471fdd1561049ef5f58df44a1811a50bd9a531d","source":"disclosure@vulncheck.com","tags":["Patch"]},{"url":"https://github.com/RsyncProject/rsync/releases/tag/v3.4.3","source":"disclosure@vulncheck.com","tags":["Release Notes"]},{"url":"https://www.vulncheck.com/advisories/rsync-toctou-race-condition-allows-symlink-based-arbitrary-file-write","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-3039","sourceIdentifier":"security-officer@isc.org","published":"2026-05-20T13:16:23.647","lastModified":"2026-05-21T15:24:27.340","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets.  Typically these servers will be found in Active Directory integrated DNS deployments and/or Kerberos-secured DNS environments.\nThis issue affects BIND 9 versions 9.0.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, 9.9.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.48-S1, and 9.20.9-S1 through 9.20.22-S1."}],"metrics":{"cvssMetricV31":[{"source":"security-officer@isc.org","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-officer@isc.org","type":"Secondary","description":[{"lang":"en","value":"CWE-771"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*","versionStartIncluding":"9.0.0","versionEndIncluding":"9.16.50","matchCriteriaId":"8C7AB360-9A41-4E0A-B02A-27E3F7F5AB7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*","versionStartIncluding":"9.18.0","versionEndExcluding":"9.18.49","matchCriteriaId":"49533F8C-D7B5-450A-8808-7E1C76F4FAE4"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*","versionStartIncluding":"9.20.0","versionEndExcluding":"9.20.23","matchCriteriaId":"D92461F1-BA01-479E-B740-38855CC216E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*","versionStartIncluding":"9.21.0","versionEndExcluding":"9.21.22","matchCriteriaId":"B254E8E7-3F57-4552-ACBF-623FA481B697"}]}]}],"references":[{"url":"https://downloads.isc.org/isc/bind9/9.18.49","source":"security-officer@isc.org","tags":["Patch"]},{"url":"https://downloads.isc.org/isc/bind9/9.20.23","source":"security-officer@isc.org","tags":["Patch"]},{"url":"https://downloads.isc.org/isc/bind9/9.21.22","source":"security-officer@isc.org","tags":["Patch"]},{"url":"https://kb.isc.org/docs/cve-2026-3039","source":"security-officer@isc.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-3592","sourceIdentifier":"security-officer@isc.org","published":"2026-05-20T13:16:23.790","lastModified":"2026-05-21T15:24:25.007","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack.  If a victim resolver makes a query to a specially crafted zone, the resolver will consume disproportionate resources.\nThis issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.48-S1, and 9.20.9-S1 through 9.20.22-S1."}],"metrics":{"cvssMetricV31":[{"source":"security-officer@isc.org","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security-officer@isc.org","type":"Secondary","description":[{"lang":"en","value":"CWE-408"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*","versionStartIncluding":"9.11.0","versionEndIncluding":"9.16.50","matchCriteriaId":"9EC5B9B1-25F2-48CA-9E8A-59D8E81D408A"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*","versionStartIncluding":"9.18.0","versionEndExcluding":"9.18.49","matchCriteriaId":"49533F8C-D7B5-450A-8808-7E1C76F4FAE4"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*","versionStartIncluding":"9.20.0","versionEndExcluding":"9.20.23","matchCriteriaId":"D92461F1-BA01-479E-B740-38855CC216E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*","versionStartIncluding":"9.21.0","versionEndExcluding":"9.21.22","matchCriteriaId":"B254E8E7-3F57-4552-ACBF-623FA481B697"}]}]}],"references":[{"url":"https://downloads.isc.org/isc/bind9/9.18.49","source":"security-officer@isc.org","tags":["Patch"]},{"url":"https://downloads.isc.org/isc/bind9/9.20.23","source":"security-officer@isc.org","tags":["Patch"]},{"url":"https://downloads.isc.org/isc/bind9/9.21.22","source":"security-officer@isc.org","tags":["Patch"]},{"url":"https://kb.isc.org/docs/cve-2026-3592","source":"security-officer@isc.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-3593","sourceIdentifier":"security-officer@isc.org","published":"2026-05-20T13:16:23.923","lastModified":"2026-05-21T15:24:31.413","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A use-after-free vulnerability exists within the DNS-over-HTTPS implementation.\nThis issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1.\nBIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected."}],"metrics":{"cvssMetricV31":[{"source":"security-officer@isc.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-officer@isc.org","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*","versionStartIncluding":"9.20.0","versionEndExcluding":"9.20.23","matchCriteriaId":"D92461F1-BA01-479E-B740-38855CC216E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*","versionStartIncluding":"9.21.0","versionEndExcluding":"9.21.22","matchCriteriaId":"B254E8E7-3F57-4552-ACBF-623FA481B697"}]}]}],"references":[{"url":"https://downloads.isc.org/isc/bind9/9.20.23","source":"security-officer@isc.org","tags":["Patch"]},{"url":"https://downloads.isc.org/isc/bind9/9.21.22","source":"security-officer@isc.org","tags":["Patch"]},{"url":"https://kb.isc.org/docs/cve-2026-3593","source":"security-officer@isc.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-5946","sourceIdentifier":"security-officer@isc.org","published":"2026-05-20T13:16:40.157","lastModified":"2026-05-21T15:24:29.463","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Internet (`IN`) — for example, `CHAOS` or `HESIOD`, or DNS messages that specify meta-classes (`ANY` or `NONE`) in the question section. Specially crafted requests reaching the affected code paths — recursion, dynamic updates (`UPDATE`), zone change notifications (`NOTIFY`), or processing of `IN`-specific record types in non-`IN` data — can cause assertion failures in `named`.\nThis issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.48-S1, and 9.20.9-S1 through 9.20.22-S1."}],"metrics":{"cvssMetricV31":[{"source":"security-officer@isc.org","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-officer@isc.org","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-125"},{"lang":"en","value":"CWE-617"},{"lang":"en","value":"CWE-754"},{"lang":"en","value":"CWE-843"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*","versionStartIncluding":"9.11.0","versionEndIncluding":"9.16.50","matchCriteriaId":"9EC5B9B1-25F2-48CA-9E8A-59D8E81D408A"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*","versionStartIncluding":"9.18.0","versionEndExcluding":"9.18.49","matchCriteriaId":"49533F8C-D7B5-450A-8808-7E1C76F4FAE4"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*","versionStartIncluding":"9.20.0","versionEndExcluding":"9.20.23","matchCriteriaId":"D92461F1-BA01-479E-B740-38855CC216E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*","versionStartIncluding":"9.21.0","versionEndExcluding":"9.21.22","matchCriteriaId":"B254E8E7-3F57-4552-ACBF-623FA481B697"}]}]}],"references":[{"url":"https://downloads.isc.org/isc/bind9/9.18.49","source":"security-officer@isc.org","tags":["Patch"]},{"url":"https://downloads.isc.org/isc/bind9/9.20.23","source":"security-officer@isc.org","tags":["Patch"]},{"url":"https://downloads.isc.org/isc/bind9/9.21.22","source":"security-officer@isc.org","tags":["Patch"]},{"url":"https://kb.isc.org/docs/cve-2026-5946","source":"security-officer@isc.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-5947","sourceIdentifier":"security-officer@isc.org","published":"2026-05-20T13:16:40.303","lastModified":"2026-05-21T15:24:32.997","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Undefined behavior may result due to a race condition leading to a use-after-free violation.  If BIND receives an incoming DNS message signed with SIG(0), it begins work to validate that signature.  If, during that validation, the \"recursive-clients\" limit is reached (as would occur during a query flood), and that same DNS message is discarded per the limit, there is a brief window of time while the SIG(0) validation may attempt to read the now-discarded DNS message.\nThis issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1.\nBIND 9 versions 9.18.28 through 9.18.49 and 9.18.28-S1 through 9.18.49-S1 are NOT affected."}],"metrics":{"cvssMetricV31":[{"source":"security-officer@isc.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":3.6}]},"weaknesses":[{"source":"security-officer@isc.org","type":"Secondary","description":[{"lang":"en","value":"CWE-362"},{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*","versionStartIncluding":"9.20.0","versionEndExcluding":"9.20.23","matchCriteriaId":"D92461F1-BA01-479E-B740-38855CC216E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*","versionStartIncluding":"9.21.0","versionEndExcluding":"9.21.22","matchCriteriaId":"B254E8E7-3F57-4552-ACBF-623FA481B697"}]}]}],"references":[{"url":"https://downloads.isc.org/isc/bind9/9.20.23","source":"security-officer@isc.org","tags":["Patch"]},{"url":"https://downloads.isc.org/isc/bind9/9.21.22","source":"security-officer@isc.org","tags":["Patch"]},{"url":"https://kb.isc.org/docs/cve-2026-5947","source":"security-officer@isc.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-5950","sourceIdentifier":"security-officer@isc.org","published":"2026-05-20T13:16:40.450","lastModified":"2026-05-21T15:24:34.667","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote unauthenticated attacker to cause severe resource exhaustion by sending queries that trigger specific retry conditions.\nThis issue affects BIND 9 versions 9.18.36 through 9.18.48, 9.20.8 through 9.20.22, 9.21.7 through 9.21.21, 9.18.36-S1 through 9.18.48-S1, and 9.20.9-S1 through 9.20.22-S1."}],"metrics":{"cvssMetricV31":[{"source":"security-officer@isc.org","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security-officer@isc.org","type":"Secondary","description":[{"lang":"en","value":"CWE-606"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*","versionStartIncluding":"9.18.36","versionEndExcluding":"9.18.49","matchCriteriaId":"DB942412-011D-485F-AEB1-5A3F9BA84740"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*","versionStartIncluding":"9.20.8","versionEndExcluding":"9.20.23","matchCriteriaId":"786BBEB0-8B23-45D4-B617-F6AE5BFD8119"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*","versionStartIncluding":"9.21.7","versionEndExcluding":"9.21.21","matchCriteriaId":"CF4032B3-0505-4FC5-AA16-BB2086187785"}]}]}],"references":[{"url":"https://downloads.isc.org/isc/bind9/9.18.49","source":"security-officer@isc.org","tags":["Patch"]},{"url":"https://downloads.isc.org/isc/bind9/9.20.23","source":"security-officer@isc.org","tags":["Patch"]},{"url":"https://downloads.isc.org/isc/bind9/9.21.22","source":"security-officer@isc.org","tags":["Patch"]},{"url":"https://kb.isc.org/docs/cve-2026-5950","source":"security-officer@isc.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-22554","sourceIdentifier":"talos-cna@cisco.com","published":"2026-05-20T14:16:38.763","lastModified":"2026-05-21T18:16:16.243","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"MediaArea MediaInfoLib Channel Splitting heap-based buffer overflow vulnerability"}],"metrics":{"cvssMetricV31":[{"source":"talos-cna@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"talos-cna@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]}],"references":[{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2026-2374","source":"talos-cna@cisco.com"},{"url":"https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2374","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-47068","sourceIdentifier":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","published":"2026-05-20T14:17:01.557","lastModified":"2026-05-21T15:16:28.803","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Authorization Bypass Through User-Controlled Key vulnerability in phenixdigital phoenix_storybook allows cross-session PubSub topic injection via a URL query parameter.\n\n'Elixir.PhoenixStorybook.Story.ComponentIframeLive':handle_params/3 in lib/phoenix_storybook/live/story/component_iframe_live.ex reads a PubSub topic directly from params[\"topic\"] and broadcasts {:component_iframe_pid, self()} on it with no check that the topic belongs to the requesting session. The shared PhoenixStorybook.PubSub is used to coordinate playground LiveViews with their iframes: a playground subscribes to a session-specific topic and uses the received iframe pid to direct subsequent control messages (variation state, theme switches, extra-assign payloads) via send/2. Because the iframe trusts the query parameter, an attacker who loads /storybook/iframe/<story>?topic=<victim_topic> causes their iframe process pid to be announced on the victim's topic. The victim's playground then addresses its private messages to the attacker's iframe process.\n\nThis issue affects phoenix_storybook from 0.4.0 before 1.1.0."}],"metrics":{"cvssMetricV40":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://cna.erlef.org/cves/CVE-2026-47068.html","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/phenixdigital/phoenix_storybook/commit/6ee03f1c738d4436dde1b066cf65c80663d489f5","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/phenixdigital/phoenix_storybook/security/advisories/GHSA-mrhx-6pw9-q5fh","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://osv.dev/vulnerability/EEF-CVE-2026-47068","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/phenixdigital/phoenix_storybook/security/advisories/GHSA-mrhx-6pw9-q5fh","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-8467","sourceIdentifier":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","published":"2026-05-20T14:17:04.283","lastModified":"2026-05-21T15:16:30.463","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Code Injection vulnerability in phenixdigital phoenix_storybook allows unauthenticated remote code execution via unsanitized attribute value interpolation in HEEx template generation.\n\nThe psb-assign WebSocket event handler in 'Elixir.PhoenixStorybook.Story.PlaygroundPreviewLive':handle_event/3 accepts arbitrary attribute names and values from unauthenticated clients. These values are passed to 'Elixir.PhoenixStorybook.Helpers.ExtraAssignsHelpers':handle_set_variation_assign/3, which stores them verbatim. When rendering, 'Elixir.PhoenixStorybook.Rendering.ComponentRenderer':attributes_markup/1 interpolates binary attribute values directly into a HEEx template string as name=\"<val>\" without escaping double quotes or HEEx expression delimiters. An attacker can supply a value containing a closing quote followed by a HEEx expression block (e.g. foo\" injected={EXPR} bar=\"), which causes EXPR to be treated as an inline Elixir expression. The resulting template is compiled via EEx.compile_string/2 and executed via Code.eval_quoted_with_env/3 with full Kernel imports and no sandbox, giving the attacker arbitrary code execution on the server.\n\nThis issue affects phoenix_storybook from 0.5.0 before 1.1.0."}],"metrics":{"cvssMetricV40":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.5,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://cna.erlef.org/cves/CVE-2026-8467.html","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/phenixdigital/phoenix_storybook/commit/56ab8464d4375fa52db806148a06cce126ad481d","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/phenixdigital/phoenix_storybook/security/advisories/GHSA-55hg-8qxv-qj4p","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://osv.dev/vulnerability/EEF-CVE-2026-8467","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/phenixdigital/phoenix_storybook/security/advisories/GHSA-55hg-8qxv-qj4p","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-8469","sourceIdentifier":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","published":"2026-05-20T14:17:04.447","lastModified":"2026-05-21T15:16:30.750","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Allocation of Resources Without Limits or Throttling vulnerability in phenixdigital phoenix_storybook allows unauthenticated denial-of-service via BEAM atom table exhaustion.\n\nMultiple LiveView event handlers convert user-supplied event parameter strings to atoms using String.to_atom/1 without validation: 'Elixir.PhoenixStorybook.ExtraAssignsHelpers':handle_set_variation_assign/3 interns every key of the psb-assign params map; 'Elixir.PhoenixStorybook.ExtraAssignsHelpers':handle_toggle_variation_assign/3 interns the \"attr\" value from psb-toggle events; 'Elixir.PhoenixStorybook.ExtraAssignsHelpers':to_variation_id/2 interns elements of \"variation_id\"; and 'Elixir.PhoenixStorybook.ExtraAssignsHelpers':to_value/4 interns raw string values for attributes declared as :atom or :boolean. BEAM atoms are never garbage-collected, so each unique attacker-controlled string is a permanent allocation. Once the atom table ceiling (~1,048,576 atoms) is reached, the entire BEAM node aborts, taking down all applications running on it.\n\nThis issue affects phoenix_storybook from 0.2.0 before 1.1.0."}],"metrics":{"cvssMetricV40":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://cna.erlef.org/cves/CVE-2026-8469.html","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/phenixdigital/phoenix_storybook/commit/96d524690af0fe197a49f60d18e564a620b9ef81","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/phenixdigital/phoenix_storybook/security/advisories/GHSA-833p-95jq-929q","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://osv.dev/vulnerability/EEF-CVE-2026-8469","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/phenixdigital/phoenix_storybook/security/advisories/GHSA-833p-95jq-929q","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-8486","sourceIdentifier":"security@progress.com","published":"2026-05-20T16:16:27.347","lastModified":"2026-05-21T18:54:37.290","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation allows Flooding.\n\nThis issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7."}],"metrics":{"cvssMetricV31":[{"source":"security@progress.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@progress.com","type":"Primary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:progress:moveit_automation:*:*:*:*:*:*:*:*","versionEndExcluding":"2025.0.11","matchCriteriaId":"0D8444E8-7755-4579-8351-3059BC055832"},{"vulnerable":true,"criteria":"cpe:2.3:a:progress:moveit_automation:*:*:*:*:*:*:*:*","versionStartIncluding":"2025.1.0","versionEndExcluding":"2025.1.7","matchCriteriaId":"F191F99D-6054-4A53-A20E-8181AFD0D483"}]}]}],"references":[{"url":"https://docs.progress.com/bundle/moveit-automation-release-notes-2026/page/Fixed-Issues-2026.html","source":"security@progress.com","tags":["Release Notes"]}]}},{"cve":{"id":"CVE-2026-8487","sourceIdentifier":"security@progress.com","published":"2026-05-20T16:16:27.463","lastModified":"2026-05-21T18:56:07.593","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect default permissions vulnerability in Progress Software MOVEit Automation allows Retrieve Embedded Sensitive Data.\n\nThis issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7."}],"metrics":{"cvssMetricV31":[{"source":"security@progress.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@progress.com","type":"Primary","description":[{"lang":"en","value":"CWE-276"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:progress:moveit_automation:*:*:*:*:*:*:*:*","versionEndExcluding":"2025.0.11","matchCriteriaId":"0D8444E8-7755-4579-8351-3059BC055832"},{"vulnerable":true,"criteria":"cpe:2.3:a:progress:moveit_automation:*:*:*:*:*:*:*:*","versionStartIncluding":"2025.1.0","versionEndExcluding":"2025.1.7","matchCriteriaId":"F191F99D-6054-4A53-A20E-8181AFD0D483"}]}]}],"references":[{"url":"https://docs.progress.com/bundle/moveit-automation-release-notes-2026/page/Fixed-Issues-2026.html","source":"security@progress.com","tags":["Release Notes"]}]}},{"cve":{"id":"CVE-2026-8488","sourceIdentifier":"security@progress.com","published":"2026-05-20T16:16:27.580","lastModified":"2026-05-21T19:00:39.350","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation allows Excessive Allocation.\n\nThis issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7."}],"metrics":{"cvssMetricV31":[{"source":"security@progress.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@progress.com","type":"Primary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:progress:moveit_automation:*:*:*:*:*:*:*:*","versionEndExcluding":"2025.0.11","matchCriteriaId":"0D8444E8-7755-4579-8351-3059BC055832"},{"vulnerable":true,"criteria":"cpe:2.3:a:progress:moveit_automation:*:*:*:*:*:*:*:*","versionStartIncluding":"2025.1.0","versionEndExcluding":"2025.1.7","matchCriteriaId":"F191F99D-6054-4A53-A20E-8181AFD0D483"}]}]}],"references":[{"url":"https://docs.progress.com/bundle/moveit-automation-release-notes-2026/page/Fixed-Issues-2026.html","source":"security@progress.com","tags":["Release Notes"]}]}},{"cve":{"id":"CVE-2026-44923","sourceIdentifier":"cve@mitre.org","published":"2026-05-20T17:16:24.013","lastModified":"2026-05-21T16:57:56.200","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"SQL injection in InfoScale VIOM before v9.1.3 allows remote attackers to escalate privileges."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:veritas:infoscale_operations_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"9.1.3","matchCriteriaId":"6B9304E9-399B-40DD-B806-F8E540AE1A72"}]}]}],"references":[{"url":"https://supportinfoscale.cloud.com/support-home/kbsearch/article?articleNumber=1000766080&articleTitle=InfoScale_Operations_Manager_IOM_web_application_Security_Bulletin_for_CVE_2026_44923_CVE_2026_44924_and_CVE_2026_44925","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://www.veritas.com/support/en_US/doc/120571566-166757640-0/viom_tot_v118836641-166757640","source":"cve@mitre.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44924","sourceIdentifier":"cve@mitre.org","published":"2026-05-20T17:16:24.130","lastModified":"2026-05-21T16:57:47.830","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"InfoScale VIOM 9.1.3 allows XSS."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:veritas:infoscale_operations_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"9.1.3","matchCriteriaId":"6B9304E9-399B-40DD-B806-F8E540AE1A72"}]}]}],"references":[{"url":"https://supportinfoscale.cloud.com/support-home/kbsearch/article?articleNumber=1000766080&articleTitle=InfoScale_Operations_Manager_IOM_web_application_Security_Bulletin_for_CVE_2026_44923_CVE_2026_44924_and_CVE_2026_44925","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://www.veritas.com/support/en_US/doc/120571566-166757640-0/viom_tot_v118836641-166757640","source":"cve@mitre.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44925","sourceIdentifier":"cve@mitre.org","published":"2026-05-20T17:16:24.240","lastModified":"2026-05-21T16:57:27.350","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-Site Request Forgery (CSRF) vulnerability in InfoScale v.9.1.3 Operations Manager (VIOM) allows an attacker to force the user with an active session into clicking a malicious HTML link, which triggers unintended modifications on VIOM web application without the user's knowledge."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:veritas:infoscale_operations_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"9.1.3","matchCriteriaId":"6B9304E9-399B-40DD-B806-F8E540AE1A72"}]}]}],"references":[{"url":"https://supportinfoscale.cloud.com/support-home/kbsearch/article?articleNumber=1000766080&articleTitle=InfoScale_Operations_Manager_IOM_web_application_Security_Bulletin_for_CVE_2026_44923_CVE_2026_44924_and_CVE_2026_44925","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://www.veritas.com/support/en_US/doc/120571566-166757640-0/viom_tot_v118836641-166757640","source":"cve@mitre.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-20238","sourceIdentifier":"psirt@cisco.com","published":"2026-05-20T18:16:26.393","lastModified":"2026-05-21T15:00:46.010","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the 'admin' or 'power' roles could access confidential data that was restricted through `srchFilter` configurations on custom roles.<br><br>The app contains an `authorize.conf` configuration file with a `srchFilter` entry that modifies the built-in ‘user’ role. Because the Splunk platform combines inherited search filters with the `OR` SPL operator, the injected filter overrides more restrictive filters on child roles."}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://advisory.splunk.com/advisories/SVD-2026-0502","source":"psirt@cisco.com"}]}},{"cve":{"id":"CVE-2026-20239","sourceIdentifier":"psirt@cisco.com","published":"2026-05-20T18:16:26.520","lastModified":"2026-05-21T19:42:21.353","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the `_internal` index could view session cookies and response bodies that contain sensitive data."}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Primary","description":[{"lang":"en","value":"CWE-532"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"10.0.0","versionEndExcluding":"10.0.5","matchCriteriaId":"D5A01879-50A5-4266-A08C-F55584F442ED"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"10.2.0","versionEndExcluding":"10.2.2","matchCriteriaId":"9F3A147D-2A67-469A-A223-248DEFB413E0"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0.2503","versionEndExcluding":"10.0.2503.13","matchCriteriaId":"D5C098C2-9ED5-41B4-BE57-984B71027144"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*","versionStartIncluding":"10.1.2507","versionEndExcluding":"10.1.2507.21","matchCriteriaId":"2C302734-E81B-49DE-B3D6-ACD20DD3A57A"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.2510","versionEndExcluding":"10.2.2510.11","matchCriteriaId":"5F7423BE-EADA-4D07-A021-D0F9EBBF966F"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*","versionStartIncluding":"10.3.2512","versionEndExcluding":"10.3.2512.8","matchCriteriaId":"8E24DFCE-B632-49F0-9198-A21636FC3D59"}]}]}],"references":[{"url":"https://advisory.splunk.com/advisories/SVD-2026-0503","source":"psirt@cisco.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-20240","sourceIdentifier":"psirt@cisco.com","published":"2026-05-20T18:16:26.637","lastModified":"2026-05-21T19:40:59.380","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, and 9.3.2411.129, a low-privileged user that does not hold the ‘admin’ or ‘power’ Splunk roles could cause a Denial of Service by exploiting the `coldToFrozen.sh` script in the `splunk_archiver` app to rename critical Splunk directories, making the instance non-functional.<br><br>The Denial of Service is possible because of missing input validation in the `coldToFrozen.sh` script, which accepts arbitrary file paths and renames them without restricting operations to safe directories."}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"9.3.0","versionEndExcluding":"9.3.12","matchCriteriaId":"22F3493D-997F-40A9-A5A9-4B4250603E8B"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"9.4.0","versionEndExcluding":"9.4.11","matchCriteriaId":"41BB20C9-CF42-4222-8664-74104A2D98E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"10.0.0","versionEndExcluding":"10.0.5","matchCriteriaId":"D5A01879-50A5-4266-A08C-F55584F442ED"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"10.2.0","versionEndExcluding":"10.2.2","matchCriteriaId":"9F3A147D-2A67-469A-A223-248DEFB413E0"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*","versionStartIncluding":"9.3.2411","versionEndExcluding":"9.3.2411.129","matchCriteriaId":"ED26E5C7-F23C-4FB8-9B9C-509987065586"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0.2503","versionEndExcluding":"10.0.2503.13","matchCriteriaId":"D5C098C2-9ED5-41B4-BE57-984B71027144"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*","versionStartIncluding":"10.1.2507","versionEndExcluding":"10.1.2507.21","matchCriteriaId":"2C302734-E81B-49DE-B3D6-ACD20DD3A57A"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.2510","versionEndExcluding":"10.2.2510.11","matchCriteriaId":"5F7423BE-EADA-4D07-A021-D0F9EBBF966F"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*","versionStartIncluding":"10.3.2512","versionEndExcluding":"10.3.2512.9","matchCriteriaId":"BECCFE49-3763-435F-B5E2-26A7546E17CB"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk_cloud_platform:10.4.2603:*:*:*:*:*:*:*","matchCriteriaId":"C405F2EE-1E1E-45EA-ACB4-E5F5AE4811EB"}]}]}],"references":[{"url":"https://advisory.splunk.com/advisories/SVD-2026-0504","source":"psirt@cisco.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-30691","sourceIdentifier":"cve@mitre.org","published":"2026-05-20T18:16:26.760","lastModified":"2026-05-21T16:08:18.383","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-Site Scripting (XSS) vulnerability in @cyntler/react-doc-viewer v1.17.1 allows remote attackers to execute arbitrary JavaScript via a crafted .txt file. The TXTRenderer component fails to sanitize file content and explicitly casts raw data as a ReactNode"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/cyntler/react-doc-viewer/issues/317","source":"cve@mitre.org"},{"url":"https://github.com/walidriouah/CVE-2026-30691","source":"cve@mitre.org"},{"url":"https://github.com/walidriouah/CVE-2026-30691","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-23734","sourceIdentifier":"security-advisories@github.com","published":"2026-05-20T20:16:36.027","lastModified":"2026-05-21T16:04:53.813","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"XWiki Platform is a generic wiki platform. Versions prior to 18.1.0-rc-1, 17.10.3, 17.4.9, and 16.10.17 allow access to read configuration files by using URLs such as http://localhost:8080/bin/ssx/Main/WebHome?resource=/../../WEB-INF/xwiki.cfg&minify=false, leading to Path Traversal. The vulnerability is can be exploited via resources parameter the ssx and jsx endpoints by using leading slashes. This issue has been patched in 18.1.0-rc-1, 17.10.3, 17.4.9, 16.10.17."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-23"}]}],"references":[{"url":"https://github.com/xwiki/xwiki-commons/commit/a979cafd89f6a9c9c0b9ab19744d672df64429bf","source":"security-advisories@github.com"},{"url":"https://github.com/xwiki/xwiki-commons/security/advisories/GHSA-xq3r-2qv5-vqqm","source":"security-advisories@github.com"},{"url":"https://jira.xwiki.org/browse/XCOMMONS-3547","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-24188","sourceIdentifier":"psirt@nvidia.com","published":"2026-05-20T20:16:36.203","lastModified":"2026-05-21T15:26:35.653","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"NVIDIA TensorRT contains a vulnerability where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to data tampering."}],"metrics":{"cvssMetricV31":[{"source":"psirt@nvidia.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.2}]},"weaknesses":[{"source":"psirt@nvidia.com","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24188","source":"psirt@nvidia.com"},{"url":"https://nvidia.custhelp.com/app/answers/detail/a_id/5836","source":"psirt@nvidia.com"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-24188","source":"psirt@nvidia.com"}]}},{"cve":{"id":"CVE-2026-24216","sourceIdentifier":"psirt@nvidia.com","published":"2026-05-20T20:16:36.350","lastModified":"2026-05-21T20:08:32.900","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"NVIDIA BioNemo for Linux contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering."}],"metrics":{"cvssMetricV31":[{"source":"psirt@nvidia.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"psirt@nvidia.com","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nvidia:bionemo_framework:*:*:*:*:*:*:*:*","versionEndExcluding":"2026-04-03","matchCriteriaId":"F88658A3-88E0-4972-931D-333FB874CD4F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}]}]}],"references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24216","source":"psirt@nvidia.com","tags":["US Government Resource"]},{"url":"https://nvidia.custhelp.com/app/answers/detail/a_id/5831","source":"psirt@nvidia.com","tags":["Vendor Advisory"]},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-24216","source":"psirt@nvidia.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-24217","sourceIdentifier":"psirt@nvidia.com","published":"2026-05-20T20:16:36.487","lastModified":"2026-05-21T20:08:20.257","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"NVIDIA BioNeMo Core for Linux contains a vulnerability where a user could cause a path traversal by loading a malicious file. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering."}],"metrics":{"cvssMetricV31":[{"source":"psirt@nvidia.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"psirt@nvidia.com","type":"Primary","description":[{"lang":"en","value":"CWE-29"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nvidia:bionemo_framework:*:*:*:*:*:*:*:*","versionEndExcluding":"2026-04-03","matchCriteriaId":"F88658A3-88E0-4972-931D-333FB874CD4F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}]}]}],"references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24217","source":"psirt@nvidia.com","tags":["US Government Resource"]},{"url":"https://nvidia.custhelp.com/app/answers/detail/a_id/5831","source":"psirt@nvidia.com","tags":["Vendor Advisory"]},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-24217","source":"psirt@nvidia.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-26028","sourceIdentifier":"security-advisories@github.com","published":"2026-05-20T20:16:36.760","lastModified":"2026-05-21T16:04:53.813","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"CryptPad is an end-to-end encrypted collaborative office suite. In versions prior to 2026.2.0, the HTML sanitizer in Diffmarked.js can be bypassed due to incomplete attribute filtering on restricted tags. The sanitizer validates only the src attribute of <iframe>, <video>, and <audio> elements, leaving all other attributes unchecked. As a result, an attacker can inject arbitrary HTML through srcdoc, completely defeating CryptPad's intended bounce sandboxing and enabling link injection or other interactive content within user-controlled documents. The root cause lies in how the sanitizer classifies and enforces tag restrictions: although it defines both forbidden and restricted tag lists, <iframe> is treated as \"restricted\" rather than \"forbidden.\" Enforcement then inspects only the src attribute, so pairing a benign blob: src with a malicious srcdoc results in unrestricted rendering. This issue has been fixed in version 2026.2.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-116"}]}],"references":[{"url":"https://github.com/cryptpad/cryptpad/releases/tag/2026.2.0","source":"security-advisories@github.com"},{"url":"https://github.com/cryptpad/cryptpad/security/advisories/GHSA-g2g4-47gv-p72v","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-2812","sourceIdentifier":"psirt@esri.com","published":"2026-05-20T20:16:36.930","lastModified":"2026-05-21T18:56:21.077","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"ArcGIS Server contains an improper authentication vulnerability in an undocumented administrative endpoint. An unauthenticated attacker could exploit this issue by sending a crafted request to the endpoint. Successful exploitation may result in disruption of the web-based browsing interface. This issue affects ArcGIS Server 12.0 and earlier."}],"metrics":{"cvssMetricV31":[{"source":"psirt@esri.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"psirt@esri.com","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:esri:arcgis_server:*:*:*:*:*:*:*:*","versionStartIncluding":"11.1","versionEndIncluding":"12.0","matchCriteriaId":"330075C0-D0B5-40C9-B384-37764EB8D139"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/april2026_security_bulletin","source":"psirt@esri.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-2813","sourceIdentifier":"psirt@esri.com","published":"2026-05-20T20:16:37.087","lastModified":"2026-05-21T18:54:30.093","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"ArcGIS Server contains an input validation weakness in the login redirection workflow. An Authenticated attacker could exploit this issue by sending a specially crafted request, Successful exploitation may result in the application redirecting the browser to an unintended, untrusted site, resulting in a limited confidentiality impact under specific user interaction conditions.\nThe vulnerability affects only the client side navigation logic during authentication and remains confined to the same security boundary. No server side compromise or cross component impact is possible.  This issue affects ArcGIS Server 11.5."}],"metrics":{"cvssMetricV31":[{"source":"psirt@esri.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N","baseScore":4.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":1.4}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-601"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:esri:arcgis_server:11.5:*:*:*:*:*:*:*","matchCriteriaId":"3DA8FA85-B1E7-4474-814F-BA53E386096C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/april2026_security_bulletin","source":"psirt@esri.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-33137","sourceIdentifier":"security-advisories@github.com","published":"2026-05-20T20:16:37.567","lastModified":"2026-05-21T16:04:53.813","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform is a generic wiki platform. In versions prior to 18.1.0-rc-1, 17.10.3, 17.4.9, and 16.10.17, the POST /wikis/{wikiName} API executes a XAR import without performing any authentication or authorization checks, allowing an unauthenticated attacker to create or update documents in the target wiki. This vulnerability has been patched in XWiki 16.10.17, 17.4.9, 17.10.3, 18.0.1 and 18.1.0-rc-1."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/xwiki/xwiki-platform/commit/4b7b95b79256374d487e9ece1dc48f527966990f","source":"security-advisories@github.com"},{"url":"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qrvh-r3f2-9h4r","source":"security-advisories@github.com"},{"url":"https://jira.xwiki.org/browse/XWIKI-23953","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-35007","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-20T20:16:37.743","lastModified":"2026-05-21T15:17:59.850","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in single_unit.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the id GET parameter directly into an HTML attribute. Attackers can craft a malicious URL containing a JavaScript payload in the id parameter that executes in the victim's browser when the URL is visited."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":2.5}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff","source":"disclosure@vulncheck.com"},{"url":"https://github.com/openises/tickets/releases/tag/v3.44.2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/open-ises-tickets-reflected-xss-via-single-unit-php-id-parameter","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-35008","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-20T20:16:37.910","lastModified":"2026-05-21T15:17:59.850","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in single.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticket_id GET parameter directly into an HTML attribute. Attackers can craft a malicious URL containing a JavaScript payload in the id parameter that executes in the victim's browser when the URL is visited."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":2.5}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff","source":"disclosure@vulncheck.com"},{"url":"https://github.com/openises/tickets/releases/tag/v3.44.2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/open-ises-tickets-reflected-xss-via-single-php-ticket-id-parameter","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-35009","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-20T20:16:38.063","lastModified":"2026-05-21T15:17:59.850","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add_note.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticket_id GET parameter directly into a hidden input field VALUE attribute. Attackers can craft a malicious URL containing a JavaScript payload in the ticket_id parameter that executes in the victim's browser when the URL is visited."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":2.5}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff","source":"disclosure@vulncheck.com"},{"url":"https://github.com/openises/tickets/releases/tag/v3.44.2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/open-ises-tickets-reflected-xss-via-add-note-php-ticket-id-parameter","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-35010","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-20T20:16:38.207","lastModified":"2026-05-21T15:17:59.850","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patient_JF.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticket_id GET parameter directly into a JavaScript variable assignment. Attackers can craft a malicious URL containing a JavaScript payload in the ticket_id parameter that executes in the victim's browser when the URL is visited."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":2.5}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff","source":"disclosure@vulncheck.com"},{"url":"https://github.com/openises/tickets/releases/tag/v3.44.2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/open-ises-tickets-reflected-xss-via-patient-jf-php-ticket-id-parameter","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-35011","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-20T20:16:38.350","lastModified":"2026-05-21T15:17:59.850","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in opena.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frm_call GET parameter directly into page output. Attackers can craft a malicious URL containing a JavaScript payload in the frm_call parameter that executes in the victim's browser when the URL is visited."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":2.5}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff","source":"disclosure@vulncheck.com"},{"url":"https://github.com/openises/tickets/releases/tag/v3.44.2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/open-ises-tickets-reflected-xss-via-opena-php-frm-call-parameter","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-35012","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-20T20:16:38.493","lastModified":"2026-05-21T15:17:59.850","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add_facnote.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticket_id GET parameter directly into a hidden input field VALUE attribute. Attackers can craft a malicious URL containing a JavaScript payload in the ticket_id parameter that executes in the victim's browser when the URL is visited."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":2.5}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff","source":"disclosure@vulncheck.com"},{"url":"https://github.com/openises/tickets/releases/tag/v3.44.2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/open-ises-tickets-reflected-xss-via-add-facnote-php-ticket-id-parameter","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-35013","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-20T20:16:38.640","lastModified":"2026-05-21T15:17:59.850","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in street_view.php that allows authenticated attackers to inject arbitrary JavaScript by passing unsanitized values through the thelat and thelng GET parameters directly into JavaScript variable assignments. Attackers can craft a malicious URL containing a JavaScript payload in either parameter that executes in the victim's browser when the URL is visited."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":2.5}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff","source":"disclosure@vulncheck.com"},{"url":"https://github.com/openises/tickets/releases/tag/v3.44.2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/open-ises-tickets-reflected-xss-via-street-view-php-thelat-and-thelng-parameters","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-35014","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-20T20:16:38.780","lastModified":"2026-05-21T15:17:59.850","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in routes_nm.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticket_id GET parameter directly into a hidden input field VALUE attribute. Attackers can craft a malicious URL containing a JavaScript payload in the ticket_id parameter that executes in the victim's browser when the URL is visited."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":2.5}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff","source":"disclosure@vulncheck.com"},{"url":"https://github.com/openises/tickets/releases/tag/v3.44.2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/open-ises-tickets-reflected-xss-via-routes-nm-php-ticket-id-parameter","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-35015","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-20T20:16:38.930","lastModified":"2026-05-21T15:17:59.850","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in do_unit_mail.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the the_ticket GET parameter directly into a JavaScript variable assignment. Attackers can craft a malicious URL containing a JavaScript payload in the the_ticket parameter that executes in the victim's browser when the URL is visited."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":2.5}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff","source":"disclosure@vulncheck.com"},{"url":"https://github.com/openises/tickets/releases/tag/v3.44.2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/open-ises-tickets-reflected-xss-via-do-unit-mail-php-the-ticket-parameter","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-35016","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-20T20:16:39.070","lastModified":"2026-05-21T15:17:59.850","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in search.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frm_query POST parameter directly into an HTML input field VALUE attribute. Attackers can craft a malicious request containing a JavaScript payload in the frm_query parameter that executes in the victim's browser when submitted."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":2.5}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff","source":"disclosure@vulncheck.com"},{"url":"https://github.com/openises/tickets/releases/tag/v3.44.2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/open-ises-tickets-reflected-xss-via-search-php-frm-query-parameter","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-39310","sourceIdentifier":"security-advisories@github.com","published":"2026-05-20T20:16:39.213","lastModified":"2026-05-21T15:24:25.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Clipper API in Trilium Desktop (v0.101.3) allows full authentication bypass when running in an Electron environment. When Trilium detects an Electron environment, it explicitly disables authentication middleware for the Clipper API, exposing endpoints such as /api/clipper/notes to the network with no password, API token, or CSRF protection. An attacker on a shared network (for example, a corporate LAN or public Wi-Fi) can scan for open high-range ports using a tool like nmap, since Trilium often binds to ports such as 37840. Once a candidate port is found, an unauthenticated request to the Clipper handshake endpoint, which also bypasses authentication, confirms a Trilium instance by returning the application name and protocol version. This facilitates unauthorized data access, phishing, and local system compromise. The issue has been fixed in version 0.102.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"},{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://github.com/TriliumNext/Trilium/releases/tag/v0.102.2","source":"security-advisories@github.com"},{"url":"https://github.com/TriliumNext/Trilium/security/advisories/GHSA-jcvx-vc83-cppw","source":"security-advisories@github.com"},{"url":"https://github.com/TriliumNext/Trilium/security/advisories/GHSA-jcvx-vc83-cppw","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-39311","sourceIdentifier":"security-advisories@github.com","published":"2026-05-20T20:16:39.363","lastModified":"2026-05-21T15:24:25.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Versions 0.102.1 and prior contain a critical security flaw where lack of SVG sanitization combined with a disabled Content Security Policy (CSP) and a publicly reachable backend execution API results in an unauthenticated Remote Code Execution (RCE). The vulnerability arises from an insecure-by-design architecture: Trilium serves SVG attachments with the image/svg+xml MIME type without any sanitization, and it explicitly disables Helmet's Content Security Policy middleware, removing the primary defense against script execution in served assets. Because the malicious SVG runs under the Same-Origin Policy, it can issue a fetch('/') to extract the csrfToken from the document body. With that token, it can send a signed request to /api/script/exec to execute arbitrary Node.js code on the server. An attacker can compromise the entire server instance simply by tricking an authenticated user into viewing a shared SVG attachment. The issue has been fixed in version 0.102.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:H","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.3}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/TriliumNext/Trilium/releases/tag/v0.102.2","source":"security-advisories@github.com"},{"url":"https://github.com/TriliumNext/Trilium/security/advisories/GHSA-p837-cxw3-m964","source":"security-advisories@github.com"},{"url":"https://github.com/TriliumNext/Trilium/security/advisories/GHSA-p837-cxw3-m964","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-39352","sourceIdentifier":"security-advisories@github.com","published":"2026-05-20T20:16:39.537","lastModified":"2026-05-21T15:24:25.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Frappe is a full-stack web application framework. Versions prior to 15.105.0 and 16.15.0 contain a possible Arbitrary File Read vulnerability via Path Traversal. The issue is resolved in versions 16.15.0, 15.105.0 and above."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/frappe/frappe/releases/tag/v16.15.0","source":"security-advisories@github.com"},{"url":"https://github.com/frappe/frappe/security/advisories/GHSA-67rf-pxgh-vfqv","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-39405","sourceIdentifier":"security-advisories@github.com","published":"2026-05-20T20:16:39.697","lastModified":"2026-05-21T15:24:25.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Frappe Learning Management System (LMS) is a learning system that helps users structure their content. In versions 2.50.0 and below, a user with course editing role could upload a SCORM ZIP package to write files outside the intended directory. This issue has been resolved in version 2.50.1."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.4,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/frappe/lms/releases/tag/v2.50.1","source":"security-advisories@github.com"},{"url":"https://github.com/frappe/lms/security/advisories/GHSA-mxh7-g3r7-g96h","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-39850","sourceIdentifier":"security-advisories@github.com","published":"2026-05-20T20:16:39.850","lastModified":"2026-05-21T15:24:25.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Yii 2 is a PHP application framework. Versions 2.0.54 and prior contain flawed logic in the core view rendering method View::renderPhpFile() that leads to Local File Inclusion. The function calls extract($_params_, EXTR_OVERWRITE) before the require statement that loads the view file. As a result, a caller-controlled _file_ key in the $params array overwrites the internal local variable specifying which file to include, potentially enabling RCE if an attacker can write PHP files through a separate primitive, as well as information disclosure. This issue has been fixed in version 2.0.55."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://github.com/yiisoft/yii2/commit/109878b491dbffa541032bc99fb5e26d12cd0375","source":"security-advisories@github.com"},{"url":"https://github.com/yiisoft/yii2/security/advisories/GHSA-5vpg-rj7q-qpw2","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-45444","sourceIdentifier":"audit@patchstack.com","published":"2026-05-20T20:16:40.680","lastModified":"2026-05-21T15:19:30.540","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files.\n\nThis issue affects Gift Cards For WooCommerce Pro: from n/a through 4.2.6."}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/giftware/vulnerability/wordpress-gift-cards-for-woocommerce-pro-plugin-4-2-6-arbitrary-file-upload-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-47099","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-20T20:16:41.063","lastModified":"2026-05-21T15:19:30.540","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"TeleJSON prior to 6.0.0 contains a DOM-based cross-site scripting vulnerability in the parse() function that allows attackers to execute arbitrary JavaScript by delivering a crafted JSON payload containing a malicious _constructor-name_ property value. The custom reviver passes the constructor name directly to new Function() without sanitization when recreating object prototypes, enabling attackers to inject arbitrary JavaScript through vectors such as postMessage in cross-frame communication contexts to achieve script execution within the application."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/Niccolo10/Security-Advisories/blob/main/CVE-2026-47099/cve-2026-47099.md","source":"disclosure@vulncheck.com"},{"url":"https://github.com/storybookjs/telejson/security/advisories/GHSA-ccgf-5rwj-j3hv","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/telejson-dom-based-xss-via-parse-function","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-9102","sourceIdentifier":"4760f414-e1ae-4ff1-bdad-c7a9c3538b79","published":"2026-05-20T20:16:41.513","lastModified":"2026-05-21T15:24:25.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A path traversal vulnerability exists in the Altium Enterprise Server ComparisonService due to missing filename sanitization in the Gerber file upload APIs. A regular authenticated workspace user can supply a crafted filename in the multipart Content-Disposition header to escape the intended temporary upload directory and write arbitrary files to any location on the server filesystem.\n\n\n\n\nBecause content-controlled files can be written to web-accessible directories, this can be escalated to remote code execution in the context of the service account. It can also be used to overwrite application binaries or configuration files, leading to service takeover or denial of service."}],"metrics":{"cvssMetricV40":[{"source":"4760f414-e1ae-4ff1-bdad-c7a9c3538b79","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.4,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"4760f414-e1ae-4ff1-bdad-c7a9c3538b79","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://www.altium.com/platform/security-compliance/security-advisories","source":"4760f414-e1ae-4ff1-bdad-c7a9c3538b79"}]}},{"cve":{"id":"CVE-2026-9110","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-20T20:16:41.683","lastModified":"2026-05-21T16:56:51.080","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Inappropriate implementation in UI in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Critical)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":2.5}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-451"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.179","matchCriteriaId":"54547EDD-BD16-4660-95A4-BC69F64E4C3C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0841193308.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/503551154","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-9111","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-20T20:16:41.870","lastModified":"2026-05-21T16:56:46.883","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in WebRTC in Google Chrome on Linux prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.179","matchCriteriaId":"54547EDD-BD16-4660-95A4-BC69F64E4C3C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0841193308.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/504551032","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-9112","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-20T20:16:42.043","lastModified":"2026-05-21T16:56:43.173","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in GPU in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.179","matchCriteriaId":"54547EDD-BD16-4660-95A4-BC69F64E4C3C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0841193308.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/489791425","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-9113","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-20T20:16:42.227","lastModified":"2026-05-21T16:56:38.927","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Out of bounds read in GPU in Google Chrome on Mac prior to 148.0.7778.179 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.179","matchCriteriaId":"54547EDD-BD16-4660-95A4-BC69F64E4C3C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0841193308.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/489585044","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-9114","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-20T20:16:42.427","lastModified":"2026-05-21T16:56:26.853","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in QUIC in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via malicious network traffic. (Chromium security severity: High)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.179","matchCriteriaId":"54547EDD-BD16-4660-95A4-BC69F64E4C3C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0841193308.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/495798630","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-9115","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-20T20:16:42.640","lastModified":"2026-05-21T16:56:21.913","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Insufficient policy enforcement in Service Worker in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-693"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.179","matchCriteriaId":"54547EDD-BD16-4660-95A4-BC69F64E4C3C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0841193308.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/495999481","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-9116","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-20T20:16:42.843","lastModified":"2026-05-21T16:56:15.147","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Insufficient policy enforcement in ServiceWorker in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-693"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.179","matchCriteriaId":"54547EDD-BD16-4660-95A4-BC69F64E4C3C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0841193308.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/497436273","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-9117","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-20T20:16:43.020","lastModified":"2026-05-21T16:45:44.400","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Type Confusion in GFX in Google Chrome on Linux, ChromeOS prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: High)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Primary","description":[{"lang":"en","value":"CWE-843"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.179","matchCriteriaId":"54547EDD-BD16-4660-95A4-BC69F64E4C3C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*","matchCriteriaId":"D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0841193308.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/497542537","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-9118","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-20T20:16:43.200","lastModified":"2026-05-21T16:45:19.020","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in XR in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.178","matchCriteriaId":"714402A1-8826-4172-944F-6F42DABE1B33"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0841193308.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/498702233","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-9119","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-20T20:16:43.387","lastModified":"2026-05-21T16:44:34.153","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Heap buffer overflow in WebRTC in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Primary","description":[{"lang":"en","value":"CWE-122"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.178","matchCriteriaId":"714402A1-8826-4172-944F-6F42DABE1B33"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0841193308.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/502661101","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-9120","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-20T20:16:43.600","lastModified":"2026-05-21T16:41:34.767","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in WebRTC in Google Chrome prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.178","matchCriteriaId":"714402A1-8826-4172-944F-6F42DABE1B33"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0841193308.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/504620824","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-9121","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-20T20:16:44.807","lastModified":"2026-05-21T16:35:19.957","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Out of bounds read in GPU in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.178","matchCriteriaId":"714402A1-8826-4172-944F-6F42DABE1B33"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0841193308.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/488064108","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-9122","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-20T20:16:44.987","lastModified":"2026-05-21T16:32:38.303","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Out of bounds read in GPU in Google Chrome on Mac prior to 148.0.7778.179 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.179","matchCriteriaId":"54547EDD-BD16-4660-95A4-BC69F64E4C3C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0841193308.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/489579953","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-9123","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-20T20:16:45.170","lastModified":"2026-05-21T16:31:56.420","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Heap buffer overflow in Chromecast in Google Chrome on Android, Linux, ChromeOS prior to 148.0.7778.179 allowed a local attacker to execute arbitrary code inside a sandbox via malicious network traffic. (Chromium security severity: Medium)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Primary","description":[{"lang":"en","value":"CWE-122"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.179","matchCriteriaId":"54547EDD-BD16-4660-95A4-BC69F64E4C3C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"},{"vulnerable":false,"criteria":"cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*","matchCriteriaId":"D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0841193308.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/495988507","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-9124","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-20T20:16:45.360","lastModified":"2026-05-21T16:25:53.063","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Insufficient validation of untrusted input in Input in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":3.6}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.179","matchCriteriaId":"54547EDD-BD16-4660-95A4-BC69F64E4C3C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0841193308.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/496375695","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-9126","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-20T20:16:45.540","lastModified":"2026-05-21T16:23:01.260","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in DOM in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.179","matchCriteriaId":"54547EDD-BD16-4660-95A4-BC69F64E4C3C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0841193308.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/496280532","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-9129","sourceIdentifier":"4760f414-e1ae-4ff1-bdad-c7a9c3538b79","published":"2026-05-20T20:16:45.717","lastModified":"2026-05-21T15:24:25.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A path traversal vulnerability exists in the Altium Enterprise Server Viewer StorageController due to improper handling of file path route parameters. On on-premise deployments that use local filesystem storage, a regular authenticated user can supply a URL-encoded absolute path (such as an encoded drive letter) in a Viewer storage API request, causing the configured storage root to be discarded and allowing arbitrary files to be read from the server filesystem.\n\n\n\n\n\n\n\n\nBecause the readable files include the server's master configuration, which stores database credentials, signing key locations, certificate passwords, and OAuth secrets, exploitation can lead to disclosure of all server secrets and full compromise of the server and its data. Cloud deployments are not affected, as they use object storage and do not enable this component."}],"metrics":{"cvssMetricV40":[{"source":"4760f414-e1ae-4ff1-bdad-c7a9c3538b79","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.4,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"4760f414-e1ae-4ff1-bdad-c7a9c3538b79","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://www.altium.com/platform/security-compliance/security-advisories","source":"4760f414-e1ae-4ff1-bdad-c7a9c3538b79"}]}},{"cve":{"id":"CVE-2026-9133","sourceIdentifier":"ff89ba41-3aa1-4d27-914a-91399e9639e5","published":"2026-05-20T20:16:45.860","lastModified":"2026-05-21T15:24:25.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Active debug code exists in the ARN resolver of amazon-mq rabbitmq-aws before version 0.2.1. A debug ARN scheme (arn:aws-debug:file) accepted by the PUT /api/aws/arn/validate validation endpoint might allow remote authenticated users to perform arbitrary file reads on any file accessible to the RabbitMQ process. \n\n\n\nTo remediate this issue, customers should upgrade to version 0.2.1 of rabbitmq-aws. If RabbitMQ is configured to use TLS for connections, we also recommend rotating any associated private certificate keys."}],"metrics":{"cvssMetricV40":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}]},"weaknesses":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","type":"Secondary","description":[{"lang":"en","value":"CWE-489"}]}],"references":[{"url":"https://aws.amazon.com/security/security-bulletins/2026-034-aws/","source":"ff89ba41-3aa1-4d27-914a-91399e9639e5"},{"url":"https://github.com/amazon-mq/rabbitmq-aws/releases/tag/0.2.1","source":"ff89ba41-3aa1-4d27-914a-91399e9639e5"},{"url":"https://github.com/amazon-mq/rabbitmq-aws/security/advisories/GHSA-8554-wg4r-7hxm","source":"ff89ba41-3aa1-4d27-914a-91399e9639e5"}]}},{"cve":{"id":"CVE-2026-9136","sourceIdentifier":"5a6e4751-2f3f-4070-9419-94fb35b644e8","published":"2026-05-20T20:16:46.013","lastModified":"2026-05-21T16:04:33.830","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was identified in the ShadowAttribute proposal creation workflow. The add action accepted user-controlled ShadowAttribute request data without removing the id field before saving the record. Because the underlying framework treats a supplied primary key as an instruction to update an existing record, an authenticated user able to submit shadow attribute proposals could provide the identifier of an existing ShadowAttribute and cause that record to be updated instead of creating a new proposal.\n\n\n\n\nThis can result in unauthorized modification of existing shadow attributes, potentially affecting proposals associated with events the user should not be able to alter. Depending on deployment configuration and accessible API responses, the issue may also expose or move proposal data across event contexts.\n\n\n\n\nThe vulnerability is caused by trusting a client-supplied primary key during object creation. The fix removes the id field from incoming ShadowAttribute data before processing, ensuring that the endpoint always creates a new proposal rather than updating an existing one. This has been fixed in MISP 2.5.38."}],"metrics":{"cvssMetricV40":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/49911b1d4b6e4517d803e50e3d980aaa4d37c16d","source":"5a6e4751-2f3f-4070-9419-94fb35b644e8"}]}},{"cve":{"id":"CVE-2026-9137","sourceIdentifier":"5a6e4751-2f3f-4070-9419-94fb35b644e8","published":"2026-05-20T20:16:46.177","lastModified":"2026-05-21T16:04:33.830","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"The CSP report endpoint intended to limit logged CSP reports to 1 KB but incorrectly allowed reports up to 1 MB before truncation. On deployments where the endpoint is reachable by untrusted clients, this could allow attackers to generate excessive log volume and contribute to resource exhaustion or log flooding."}],"metrics":{"cvssMetricV40":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/02932cccab230b295afcaf5aa05e363d30db0ec9","source":"5a6e4751-2f3f-4070-9419-94fb35b644e8"}]}},{"cve":{"id":"CVE-2026-9139","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-20T20:16:46.323","lastModified":"2026-05-21T15:17:59.850","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration interface where authentication is implemented entirely in client-side JavaScript in login.zhtml, exposing static plaintext credentials in the page source. Unauthenticated attackers with network access can recover administrative credentials directly from the client-side validate() function to obtain full administrative access to the device."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-798"}]}],"references":[{"url":"https://medium.com/@forgetmen0t/multiple-vulnerabilities-in-taiko-ag1000-01a-sms-alert-gateway-82095b1d633e","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/taiko-ag1000-01a-rev-8-hard-coded-credentials-via-login-zhtml","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-9141","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-20T20:16:46.480","lastModified":"2026-05-21T15:17:59.850","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass vulnerability in the embedded web configuration interface that allows unauthenticated attackers to access internal application pages without any session management or server-side authentication checks. Attackers with network access can directly request internal resources such as index.zhtml, point.zhtml, and log.shtml to gain full administrative read and write access, enabling unauthorized modification of alarm routing, device configuration, and disruption of monitoring and control functions."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://medium.com/@forgetmen0t/multiple-vulnerabilities-in-taiko-ag1000-01a-sms-alert-gateway-82095b1d633e","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/taiko-ag1000-01a-rev-8-authentication-bypass-via-web-interface","source":"disclosure@vulncheck.com"},{"url":"https://medium.com/@forgetmen0t/multiple-vulnerabilities-in-taiko-ag1000-01a-sms-alert-gateway-82095b1d633e","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-9144","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-20T20:16:46.640","lastModified":"2026-05-21T15:17:59.850","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a stored cross-site scripting vulnerability in the embedded web configuration interface that allows authenticated attackers to execute persistent JavaScript by fragmenting malicious payloads across multiple administrative form fields. Attackers can bypass front-end length restrictions using JavaScript comments and template literals to concatenate executable script fragments that are rendered in administrative dashboard views such as index.zhtml, resulting in persistent script execution within administrative sessions."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.1,"impactScore":5.5}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://medium.com/@forgetmen0t/multiple-vulnerabilities-in-taiko-ag1000-01a-sms-alert-gateway-82095b1d633e","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/taiko-ag1000-01a-rev-8-stored-xss-via-web-configuration-interface","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-47373","sourceIdentifier":"9b29abf9-4ab0-4765-b253-1875cd9b441e","published":"2026-05-20T21:16:17.853","lastModified":"2026-05-21T16:04:53.813","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks.\n\nThese versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","type":"Secondary","description":[{"lang":"en","value":"CWE-208"}]}],"references":[{"url":"https://github.com/robrwo/perl-Crypt-SaltedHash/commit/c07bfc5c23185b0667233d0f2e1252d81f1f027a.patch","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://metacpan.org/release/RRWO/Crypt-SaltedHash-0.10/changes","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"http://www.openwall.com/lists/oss-security/2026/05/20/21","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-8631","sourceIdentifier":"hp-security-alert@hp.com","published":"2026-05-20T21:16:18.090","lastModified":"2026-05-21T18:58:41.297","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution via an integer overflow in the hpcups processing path when handling crafted print data."}],"metrics":{"cvssMetricV40":[{"source":"hp-security-alert@hp.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"hp-security-alert@hp.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hp:linux_imaging_and_printing:*:*:*:*:*:*:*:*","versionEndExcluding":"3.26.4","matchCriteriaId":"3970DF91-7CF0-4C50-9CA9-C4CB6C4EF403"}]}]}],"references":[{"url":"https://support.hp.com/us-en/document/ish_14942099-14942126-16/hpsbpi04118","source":"hp-security-alert@hp.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8632","sourceIdentifier":"hp-security-alert@hp.com","published":"2026-05-20T21:16:18.233","lastModified":"2026-05-21T18:58:59.447","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution via operating system command injection."}],"metrics":{"cvssMetricV40":[{"source":"hp-security-alert@hp.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"hp-security-alert@hp.com","type":"Secondary","description":[{"lang":"en","value":"CWE-77"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hp:linux_imaging_and_printing:*:*:*:*:*:*:*:*","versionEndExcluding":"3.26.4","matchCriteriaId":"3970DF91-7CF0-4C50-9CA9-C4CB6C4EF403"}]}]}],"references":[{"url":"https://support.hp.com/us-en/document/ish_14942099-14942126-16/hpsbpi04118","source":"hp-security-alert@hp.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-39960","sourceIdentifier":"security-advisories@github.com","published":"2026-05-20T22:16:36.563","lastModified":"2026-05-21T16:04:53.813","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and below contain flawed logic that causes improper escaping of a textarea custom field's contents in the Update Issue page, (bug_update_page.php) allowing an attacker to inject HTML and, if CSP settings permit, execute arbitrary JavaScript when the page is loaded. This facilitates session theft, leading to admin account takeover, full project data access. In order to exploit this issue, a textarea-type custom field must be configured for the project, the attack must be carried out by an authenticated user with bug report permission (low privilege). This can affect any user viewing the bug edit form, including administrators. The issue has been fixed in version 2.28.2. If users cannot immediately upgrade, they can work around the issue by using the default Content-Security Policy, which blocks script execution."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/mantisbt/mantisbt/commit/5fec0f448b7a7d7d539a6adb6dccceac4e4e4ab7","source":"security-advisories@github.com"},{"url":"https://github.com/mantisbt/mantisbt/security/advisories/GHSA-qj6w-v29q-4rgx","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-40092","sourceIdentifier":"security-advisories@github.com","published":"2026-05-20T22:16:36.850","lastModified":"2026-05-21T16:04:53.813","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and below, a malicious network peer can crash any Nimiq full node by publishing a crafted Kademlia DHT record. The maliciously crafted record would contain a TaggedSigned<ValidatorRecord, KeyPair> with a signature field whose byte length is not exactly 64 in order to cause a crash. When the victim node's DHT verifier calls TaggedSigned::verify, execution reaches Ed25519Signature::from_bytes(sig).unwrap() in the TaggedPublicKey implementation for Ed25519PublicKey. The from_bytes call fails because ed25519_zebra::Signature::try_from rejects slices not 64 bytes, and the unwrap() panics. The BLS TaggedPublicKey implementation correctly returns false on error; only the Ed25519 implementation panics. This issue has been fixed in version 1.4.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-252"}]}],"references":[{"url":"https://github.com/nimiq/core-rs-albatross/commit/807ee8e99a7ccdc604d49971f292854bfa36754d","source":"security-advisories@github.com"},{"url":"https://github.com/nimiq/core-rs-albatross/pull/3708","source":"security-advisories@github.com"},{"url":"https://github.com/nimiq/core-rs-albatross/releases/tag/v1.4.0","source":"security-advisories@github.com"},{"url":"https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-27w2-87xv-37c6","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-40094","sourceIdentifier":"security-advisories@github.com","published":"2026-05-20T22:16:36.993","lastModified":"2026-05-21T16:04:53.813","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and prior, network-libp2p discovery accepts signed PeerContact updates from untrusted peers and stores them in a peer contact book, eventually leading to address book crash. A PeerContact can legally contain an empty addresses list (no intrinsic validation enforces non-empty). Later, PeerContactBook::known_peers builds an address book by taking addresses.first().expect(\"every peer should have at least one address\"). If the attacker has inserted a signed peer contact with addresses=[], any call to get_address_book (RPC/web client) can panic and crash the node/RPC task depending on panic settings. This issue has been fixed in version 1.4.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-754"}]}],"references":[{"url":"https://github.com/nimiq/core-rs-albatross/pull/3715","source":"security-advisories@github.com"},{"url":"https://github.com/nimiq/core-rs-albatross/releases/tag/v1.4.0","source":"security-advisories@github.com"},{"url":"https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-c45m-6x25-3cjq","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-40102","sourceIdentifier":"security-advisories@github.com","published":"2026-05-20T22:16:37.130","lastModified":"2026-05-21T16:56:03.683","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Plane is an open-source project management tool. In versions 1.3.0 and below, SavedAnalyticEndpoint passes the user-controlled segment query parameter directly to a Django F() expression without validation (unlike the regular AnalyticsEndpoint, which checks against an allowlist), causing ORM Field Reference Injection. An authenticated workspace MEMBER can send GET /api/workspaces/<slug>/saved-analytic-view/<analytic_id>/ with a crafted segment value that is forwarded into build_graph_plot() and traverses foreign-key relationships (e.g. workspace__owner__password) before being projected via .values(\"dimension\", \"segment\"), returning the referenced field values directly in the JSON response. This exposes sensitive data such as bcrypt password hashes, API tokens, and related users' email addresses, making it a stronger primitive than the related order_by injection where values are only leaked through ordering. This issue has been fixed in version 1.3.1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-943"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:plane:plane:*:*:*:*:*:*:*:*","versionEndExcluding":"1.3.1","matchCriteriaId":"A9A615E7-04A3-47E9-9C21-A421BC836221"}]}]}],"references":[{"url":"https://github.com/makeplane/plane/releases/tag/v1.3.1","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/makeplane/plane/security/advisories/GHSA-93x3-ghh7-72j3","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/makeplane/plane/security/advisories/GHSA-93x3-ghh7-72j3","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-47372","sourceIdentifier":"9b29abf9-4ab0-4765-b253-1875cd9b441e","published":"2026-05-20T22:16:37.270","lastModified":"2026-05-21T16:04:53.813","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts.\n\nThese versions use the built-in rand function, which is predictable and unsuitable for cryptography."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}]},"weaknesses":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","type":"Secondary","description":[{"lang":"en","value":"CWE-338"}]}],"references":[{"url":"https://github.com/robrwo/perl-Crypt-SaltedHash/commit/9b68437d2cd420b819b3a795474c3870338d38d5.patch","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://metacpan.org/release/RRWO/Crypt-SaltedHash-0.10/changes","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"http://www.openwall.com/lists/oss-security/2026/05/20/22","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-47782","sourceIdentifier":"vultures@jpcert.or.jp","published":"2026-05-20T23:16:35.773","lastModified":"2026-05-21T16:08:18.383","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Android App \"RoboForm Password Manager\" provided by Siber Systems, Inc. handles Android intents without sufficient URL validation, user confirmation nor notification. If a URL to some malicious web page is given through an intent, RoboForm may silently download files without user confirmation nor notification."}],"metrics":{"cvssMetricV40":[{"source":"vultures@jpcert.or.jp","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV30":[{"source":"vultures@jpcert.or.jp","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}]},"weaknesses":[{"source":"vultures@jpcert.or.jp","type":"Primary","description":[{"lang":"en","value":"CWE-357"}]}],"references":[{"url":"https://jvn.jp/en/vu/JVNVU93461473/","source":"vultures@jpcert.or.jp"},{"url":"https://play.google.com/store/apps/details?id=com.siber.roboform","source":"vultures@jpcert.or.jp"},{"url":"https://www.roboform.com/news-android","source":"vultures@jpcert.or.jp"}]}},{"cve":{"id":"CVE-2026-9150","sourceIdentifier":"secalert@redhat.com","published":"2026-05-20T23:16:36.010","lastModified":"2026-05-21T15:26:35.653","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to memory corruption and a denial of service (DoS) in the affected system."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Primary","description":[{"lang":"en","value":"CWE-121"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-9150","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460379","source":"secalert@redhat.com"},{"url":"https://github.com/openSUSE/libsolv/pull/616","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-40165","sourceIdentifier":"security-advisories@github.com","published":"2026-05-21T00:16:28.290","lastModified":"2026-05-21T15:24:25.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"authentik is an open-source identity provider. Versions 2025.12.4 and prior, and versions 2026.2.0-rc1 through 2026.2.2 were vulnerable to Authentication Bypass through SAML NameID XML Comment Injection. Due to how authentik extracted the NameID value from a SAML assertion, it was possible for an attacker to trick authentik into only seeing a part of the NameID value, potentially allowing an attacker to gain access to other accounts. This issue could be exploited on an authentik instance with a SAML Source, where the attacker had an account on the SAML Source and the ability to modify their NameID value (commonly username or E-mail), and XML Signing was enabled. The attacker could modify the SAML assertion given to authentik by injecting a comment within the NameID value, which effectively truncated the NameID value to the snippet before the comment, and gave the attacker access to any user account. This issue has been fixed in versions 2025.12.5 and 2026.2.3."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":5.8}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-91"},{"lang":"en","value":"CWE-287"},{"lang":"en","value":"CWE-436"}]}],"references":[{"url":"https://github.com/goauthentik/authentik/commit/47dec5c6b7fb4a62bfad2ae8bddf002bde7ba774","source":"security-advisories@github.com"},{"url":"https://github.com/goauthentik/authentik/releases/tag/version%2F2025.12.5","source":"security-advisories@github.com"},{"url":"https://github.com/goauthentik/authentik/security/advisories/GHSA-9wj8-xv4r-qwrp","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-9149","sourceIdentifier":"secalert@redhat.com","published":"2026-05-21T00:16:35.630","lastModified":"2026-05-21T15:26:35.653","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. This leads to an undersized memory allocation and a subsequent out-of-bounds write. An attacker could exploit this to cause a denial of service (DoS)."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-9149","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460380","source":"secalert@redhat.com"},{"url":"https://github.com/openSUSE/libsolv/pull/617","source":"secalert@redhat.com"},{"url":"https://github.com/openSUSE/libsolv/pull/617","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-1881","sourceIdentifier":"security@wordfence.com","published":"2026-05-21T02:16:32.437","lastModified":"2026-05-21T15:19:30.540","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Broadstreet plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.52.2 via the get_sponsored_meta AJAX action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to disclose any private post metadata."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset?old_path=%2Fbroadstreet/tags/1.52.2&new_path=%2Fbroadstreet/tags/1.53.2","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/328ccf8f-797b-4b1a-b0f1-afd8e44f41e6?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-48172","sourceIdentifier":"cve@mitre.org","published":"2026-05-21T02:16:33.760","lastModified":"2026-05-21T18:16:17.340","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE \"cpanel_jsonapi_func=redisAble\" /var/cpanel/logs /usr/local/cpanel/logs/ 2>/dev/null in Bash. If you get no output, you have not been hit with exploitation of the vulnerability. If there is output, we recommend you examine the IP addresses in the list, determine if they are valid IP addresses, and if not, block them. To determine damage done, examine the system logs for use by the detected IP addresses. The issue is related to mishandling of Redis enable/disable features. The recommended minimum version is 2.4.7."}],"metrics":{"cvssMetricV40":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-266"}]}],"references":[{"url":"https://www.litespeedtech.com/products/litespeed-web-server/control-panel-support/cpanel","source":"cve@mitre.org"},{"url":"https://www.litespeedtech.com/products/litespeed-web-server/control-panel-support/release-log","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-9152","sourceIdentifier":"4760f414-e1ae-4ff1-bdad-c7a9c3538b79","published":"2026-05-21T02:16:33.943","lastModified":"2026-05-21T15:24:25.330","vulnStatus":"Deferred","cveTags":[{"sourceIdentifier":"4760f414-e1ae-4ff1-bdad-c7a9c3538b79","tags":["exclusively-hosted-service"]}],"descriptions":[{"lang":"en","value":"A missing authentication vulnerability exists in the Altium 365 SearchService. A legacy SOAP endpoint exposes search index operations without requiring authentication, session tokens, or any form of identity verification. An unauthenticated network attacker who can reference a target workspace's identifier can interact with that workspace's search index, crossing tenant boundaries.\n\n\n\n\nSuccessful exploitation allows reading a workspace's indexed contents (such as component data, project and folder names, and user metadata) and injecting, modifying, or deleting search index entries. These operations affect the search index only, not the underlying vault data, but they can disclose sensitive workspace information and compromise the integrity and availability of search results. Altium 365 cloud deployments are affected; on-premise Altium Enterprise Server is not affected."}],"metrics":{"cvssMetricV40":[{"source":"4760f414-e1ae-4ff1-bdad-c7a9c3538b79","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"4760f414-e1ae-4ff1-bdad-c7a9c3538b79","type":"Secondary","description":[{"lang":"en","value":"CWE-306"},{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://www.altium.com/platform/security-compliance/security-advisories","source":"4760f414-e1ae-4ff1-bdad-c7a9c3538b79"}]}},{"cve":{"id":"CVE-2026-4811","sourceIdentifier":"security@wordfence.com","published":"2026-05-21T04:16:31.133","lastModified":"2026-05-21T15:19:30.540","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The WPB Floating Menu & Categories for WordPress – Sticky Side Menu with Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Icon CSS Class' category field in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/wpb-floating-menu-or-categories/tags/1.0.8/admin/category-icon.php#L41","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/961702ff-60fb-41ff-99b0-a37ade051083?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-1543","sourceIdentifier":"security@wordfence.com","published":"2026-05-21T05:16:22.257","lastModified":"2026-05-21T15:19:30.540","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Avada (Fusion) Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in all versions up to, and including, 3.15.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user (typically an administrator) accesses a page displaying dynamic user data (such as via the Dynamic Data feature pulling user biographical information)."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://avada.com/documentation/avada-changelog/","source":"security@wordfence.com"},{"url":"https://themeforest.net/item/avada-responsive-multipurpose-theme/2833226","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/72a6b040-ed02-4561-82f2-4adb820bdf7d?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-2734","sourceIdentifier":"security@huntr.dev","published":"2026-05-21T05:16:22.723","lastModified":"2026-05-21T16:08:27.133","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In mlflow/mlflow versions up to 3.9.0, the `SearchModelVersions` REST API endpoint and the `mlflowSearchModelVersions` GraphQL query lack proper per-model authorization checks when basic authentication is enabled. This allows any authenticated user to enumerate all model versions across all registered models, regardless of their permission level. The issue arises due to the absence of `SearchModelVersions` in the `BEFORE_REQUEST_VALIDATORS` and `AFTER_REQUEST_HANDLERS` for the REST API, and its omission from `GraphQLAuthorizationMiddleware.PROTECTED_FIELDS` for GraphQL. This vulnerability can expose sensitive information such as model names, version descriptions, source URIs, tags, and other metadata, potentially revealing proprietary or confidential details in multi-tenant environments. The issue is resolved in version 3.10.0."}],"metrics":{"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://github.com/mlflow/mlflow/commit/6989066af33fdcb03588fd71a1a67f8fc5ef12c9","source":"security@huntr.dev"},{"url":"https://huntr.com/bounties/d632f783-b2c7-4a3b-af5e-1d693e841c08","source":"security@huntr.dev"},{"url":"https://huntr.com/bounties/d632f783-b2c7-4a3b-af5e-1d693e841c08","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-6279","sourceIdentifier":"security@wordfence.com","published":"2026-05-21T05:16:23.770","lastModified":"2026-05-21T15:19:30.540","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Avada Builder (fusion-builder) plugin for WordPress is vulnerable to Unauthenticated Remote Code Execution via PHP Function Injection in versions up to and including 3.15.2. This is due to the `wp_conditional_tags` case in `Fusion_Builder_Conditional_Render_Helper::get_value()` passing attacker-controlled values from a base64-decoded JSON blob directly to `call_user_func()` without any allowlist validation. This is exploitable by unauthenticated attackers through the `fusion_get_widget_markup` AJAX endpoint, which is registered for non-privileged (unauthenticated) users via `wp_ajax_nopriv_fusion_get_widget_markup`. The endpoint is protected only by a nonce (`fusion_load_nonce`), but this nonce is generated for user ID 0 and is deterministically exposed in the JavaScript output of any public-facing page containing a Post Cards (`[fusion_post_cards]`) or Table of Contents (`[fusion_table_of_contents]`) element. This makes it possible for unauthenticated attackers to execute arbitrary code on affected sites."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-74"}]}],"references":[{"url":"https://avada.com/documentation/avada-changelog/","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/fusion-builder/tags/3.15.0/inc/class-fusion-builder.php#L7551","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/fusion-builder/tags/3.15.0/inc/helpers/class-fusion-builder-conditional-render-helper.php#L1083","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/fusion-builder/tags/3.15.0/inc/helpers/class-fusion-builder-conditional-render-helper.php#L1531","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/fusion-builder/tags/3.15.0/shortcodes/fusion-widget.php#L389","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/fusion-builder/tags/3.15.0/shortcodes/fusion-widget.php#L44","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/fusion-builder/trunk/inc/class-fusion-builder.php#L7551","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/fusion-builder/trunk/inc/helpers/class-fusion-builder-conditional-render-helper.php#L1083","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/fusion-builder/trunk/inc/helpers/class-fusion-builder-conditional-render-helper.php#L1531","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/fusion-builder/trunk/shortcodes/fusion-widget.php#L389","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/fusion-builder/trunk/shortcodes/fusion-widget.php#L44","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5dc72d78-d47c-4b36-8d69-8672e15ddf8c?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-44047","sourceIdentifier":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","published":"2026-05-21T08:16:20.173","lastModified":"2026-05-21T15:20:19.040","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An SQL injection vulnerability in the MySQL CNID backend in Netatalk 3.1.0 through 4.4.2 allows a remote authenticated attacker to obtain unauthorized access to data, modify data, or cause a denial of service."}],"metrics":{"cvssMetricV31":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://netatalk.io/security/CVE-2026-44047","source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c"}]}},{"cve":{"id":"CVE-2026-44048","sourceIdentifier":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","published":"2026-05-21T08:16:20.360","lastModified":"2026-05-21T15:20:19.040","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A stack-based buffer overflow via UCS-2 type confusion in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service."}],"metrics":{"cvssMetricV31":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"references":[{"url":"https://netatalk.io/security/CVE-2026-44048","source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c"}]}},{"cve":{"id":"CVE-2026-44049","sourceIdentifier":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","published":"2026-05-21T08:16:20.473","lastModified":"2026-05-21T15:20:19.040","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An out-of-bounds write due to improper null termination in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service via crafted character data."}],"metrics":{"cvssMetricV31":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}]},"weaknesses":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"references":[{"url":"https://netatalk.io/security/CVE-2026-44049","source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c"}]}},{"cve":{"id":"CVE-2026-44050","sourceIdentifier":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","published":"2026-05-21T08:16:20.580","lastModified":"2026-05-21T15:20:19.040","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A heap-based buffer overflow in the CNID daemon comm_rcv() function in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code with escalated privileges or cause a denial of service."}],"metrics":{"cvssMetricV31":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}]},"weaknesses":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]}],"references":[{"url":"https://netatalk.io/security/CVE-2026-44050","source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c"}]}},{"cve":{"id":"CVE-2026-44051","sourceIdentifier":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","published":"2026-05-21T08:16:20.690","lastModified":"2026-05-21T15:20:19.040","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An improper link resolution vulnerability in Netatalk 3.0.2 through 4.4.2 allows a remote authenticated attacker to read arbitrary files or overwrite arbitrary files via attacker-controlled symlink creation."}],"metrics":{"cvssMetricV31":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","description":[{"lang":"en","value":"CWE-59"}]}],"references":[{"url":"https://netatalk.io/security/CVE-2026-44051","source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c"}]}},{"cve":{"id":"CVE-2026-44052","sourceIdentifier":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","published":"2026-05-21T08:16:20.800","lastModified":"2026-05-21T15:20:19.040","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LDAP credentials."}],"metrics":{"cvssMetricV31":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","description":[{"lang":"en","value":"CWE-532"}]}],"references":[{"url":"https://netatalk.io/security/CVE-2026-44052","source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c"}]}},{"cve":{"id":"CVE-2026-44053","sourceIdentifier":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","published":"2026-05-21T08:16:20.910","lastModified":"2026-05-21T15:20:19.040","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Netatalk 1.5.0 through 4.2.2 uses a broken cryptographic algorithm in the DHCAST128 UAM, which allows a remote attacker to obtain authentication credentials or impersonate a user via cryptanalytic attack."}],"metrics":{"cvssMetricV31":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":5.2}]},"weaknesses":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","description":[{"lang":"en","value":"CWE-327"}]}],"references":[{"url":"https://netatalk.io/security/CVE-2026-44053","source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c"}]}},{"cve":{"id":"CVE-2026-44054","sourceIdentifier":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","published":"2026-05-21T08:16:21.017","lastModified":"2026-05-21T15:20:19.040","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Netatalk 2.0.0 through 4.4.2 generates AFP session tokens derived from predictable process IDs, which allows a remote authenticated attacker to cause a denial of service by exploiting the reconnect mechanism."}],"metrics":{"cvssMetricV31":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","description":[{"lang":"en","value":"CWE-330"}]}],"references":[{"url":"https://netatalk.io/security/CVE-2026-44054","source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c"}]}},{"cve":{"id":"CVE-2026-44055","sourceIdentifier":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","published":"2026-05-21T08:16:21.137","lastModified":"2026-05-21T15:20:19.040","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A logic error involving bitwise OR operations in Netatalk 3.1.4 through 4.4.2 allows a remote authenticated attacker to inject OS commands and execute arbitrary code."}],"metrics":{"cvssMetricV31":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}]},"weaknesses":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://netatalk.io/security/CVE-2026-44055","source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c"}]}},{"cve":{"id":"CVE-2026-44056","sourceIdentifier":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","published":"2026-05-21T08:16:21.247","lastModified":"2026-05-21T15:20:19.040","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A stack-based buffer overflow in desktop.c in Netatalk 1.3 through 4.2.2 allows a remote authenticated attacker to cause a denial of service, obtain limited information, or modify limited data."}],"metrics":{"cvssMetricV31":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":4.7}]},"weaknesses":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"references":[{"url":"https://netatalk.io/security/CVE-2026-44056","source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c"}]}},{"cve":{"id":"CVE-2026-44058","sourceIdentifier":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","published":"2026-05-21T08:16:21.353","lastModified":"2026-05-21T15:20:19.040","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An authentication bypass vulnerability in Netatalk 2.2.2 through 4.4.2 allows a remote privileged user to authenticate as an arbitrary user via the admin auth user mechanism."}],"metrics":{"cvssMetricV31":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}]},"weaknesses":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://netatalk.io/security/CVE-2026-44058","source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c"}]}},{"cve":{"id":"CVE-2026-44059","sourceIdentifier":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","published":"2026-05-21T08:16:21.467","lastModified":"2026-05-21T15:20:19.040","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A race condition in the privilege toggle mechanism in Netatalk 2.2.5 through 4.4.2 allows a local attacker to obtain limited information, modify limited data, or cause a minor service disruption."}],"metrics":{"cvssMetricV31":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":4.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.0,"impactScore":3.4}]},"weaknesses":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","description":[{"lang":"en","value":"CWE-362"}]}],"references":[{"url":"https://netatalk.io/security/CVE-2026-44059","source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c"}]}},{"cve":{"id":"CVE-2026-44060","sourceIdentifier":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","published":"2026-05-21T08:16:21.577","lastModified":"2026-05-21T15:20:19.040","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An integer underflow in dsi_writeinit() in Netatalk 1.5.0 through 4.4.2 allows a remote unauthenticated attacker to cause a denial of service via a crafted DSI write request."}],"metrics":{"cvssMetricV31":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","description":[{"lang":"en","value":"CWE-191"}]}],"references":[{"url":"https://netatalk.io/security/CVE-2026-44060","source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c"}]}},{"cve":{"id":"CVE-2026-44061","sourceIdentifier":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","published":"2026-05-21T08:16:21.687","lastModified":"2026-05-21T15:20:19.040","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Netatalk 1.5.0 through 4.4.2 uses DES-ECB for authentication with a timing side channel, which allows a remote attacker to recover authentication credentials via timing analysis."}],"metrics":{"cvssMetricV31":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}]},"weaknesses":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","description":[{"lang":"en","value":"CWE-208"}]}],"references":[{"url":"https://netatalk.io/security/CVE-2026-44061","source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c"}]}},{"cve":{"id":"CVE-2026-44062","sourceIdentifier":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","published":"2026-05-21T08:16:21.797","lastModified":"2026-05-21T15:20:19.040","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A missing output length bounds check in pull_charset_flags() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service via crafted character set data."}],"metrics":{"cvssMetricV31":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}]},"weaknesses":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"references":[{"url":"https://netatalk.io/security/CVE-2026-44062","source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c"}]}},{"cve":{"id":"CVE-2026-44063","sourceIdentifier":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","published":"2026-05-21T08:16:21.907","lastModified":"2026-05-21T15:20:19.040","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An LDAP injection vulnerability in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to manipulate LDAP queries and obtain limited information or modify LDAP entries via crafted filter input."}],"metrics":{"cvssMetricV31":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.5}]},"weaknesses":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","description":[{"lang":"en","value":"CWE-90"}]}],"references":[{"url":"https://netatalk.io/security/CVE-2026-44063","source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c"}]}},{"cve":{"id":"CVE-2026-44064","sourceIdentifier":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","published":"2026-05-21T08:16:22.020","lastModified":"2026-05-21T15:20:19.040","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An out-of-bounds read in ASP session ID handling in Netatalk 1.3 through 4.4.2 allows an adjacent network attacker to obtain limited information or cause a denial of service via a crafted ASP request."}],"metrics":{"cvssMetricV31":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":4.2}]},"weaknesses":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"references":[{"url":"https://netatalk.io/security/CVE-2026-44064","source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c"}]}},{"cve":{"id":"CVE-2026-44065","sourceIdentifier":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","published":"2026-05-21T08:16:22.143","lastModified":"2026-05-21T15:20:19.040","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An off-by-two error in lp_write() in papd in Netatalk 2.0.0 through 4.4.2 allows an adjacent network attacker to modify limited data or cause a minor service disruption via crafted print data."}],"metrics":{"cvssMetricV31":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":2.5}]},"weaknesses":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","description":[{"lang":"en","value":"CWE-193"}]}],"references":[{"url":"https://netatalk.io/security/CVE-2026-44065","source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c"}]}},{"cve":{"id":"CVE-2026-44066","sourceIdentifier":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","published":"2026-05-21T08:16:22.253","lastModified":"2026-05-21T15:20:19.040","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple heap out-of-bounds reads in the Spotlight RPC unmarshalling code in Netatalk 3.1.0 through 4.4.2 allow a remote authenticated attacker to obtain sensitive information or cause a minor service disruption."}],"metrics":{"cvssMetricV31":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":4.2}]},"weaknesses":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"references":[{"url":"https://netatalk.io/security/CVE-2026-44066","source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c"}]}},{"cve":{"id":"CVE-2026-44067","sourceIdentifier":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","published":"2026-05-21T08:16:22.363","lastModified":"2026-05-21T15:20:19.040","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A heap over-read in extended attribute (EA) header parsing in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to obtain limited information or cause a minor service disruption via crafted EA data."}],"metrics":{"cvssMetricV31":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":2.5}]},"weaknesses":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"references":[{"url":"https://netatalk.io/security/CVE-2026-44067","source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c"}]}},{"cve":{"id":"CVE-2026-44068","sourceIdentifier":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","published":"2026-05-21T08:16:22.473","lastModified":"2026-05-21T15:20:19.040","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Incomplete sanitization of extended attribute (EA) path components in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to write to files outside the intended metadata namespace via crafted EA names."}],"metrics":{"cvssMetricV31":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":4.7}]},"weaknesses":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://netatalk.io/security/CVE-2026-44068","source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c"}]}},{"cve":{"id":"CVE-2026-44069","sourceIdentifier":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","published":"2026-05-21T08:16:22.583","lastModified":"2026-05-21T15:20:19.040","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An integer underflow in the volxlate function in Netatalk 3.0.0 through 4.4.2 allows a local privileged user to obtain limited information, modify limited data, or cause a minor service disruption via crafted volume translation input."}],"metrics":{"cvssMetricV31":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L","baseScore":3.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":0.5,"impactScore":3.4}]},"weaknesses":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","description":[{"lang":"en","value":"CWE-191"}]}],"references":[{"url":"https://netatalk.io/security/CVE-2026-44069","source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c"}]}},{"cve":{"id":"CVE-2026-44070","sourceIdentifier":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","published":"2026-05-21T08:16:22.693","lastModified":"2026-05-21T15:20:19.040","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An unbounded memory reallocation in the charset conversion code in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted character conversion requests."}],"metrics":{"cvssMetricV31":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":1.4}]},"weaknesses":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://netatalk.io/security/CVE-2026-44070","source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c"}]}},{"cve":{"id":"CVE-2026-44072","sourceIdentifier":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","published":"2026-05-21T08:16:22.807","lastModified":"2026-05-21T15:20:19.040","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Netatalk 2.2.1 through 4.4.2 calls system() after a failed chdir() without properly handling the error condition, which allows a local privileged user to execute unintended commands or cause a minor service disruption under specific conditions."}],"metrics":{"cvssMetricV31":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L","baseScore":3.0,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":0.5,"impactScore":2.5}]},"weaknesses":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://netatalk.io/security/CVE-2026-44072","source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c"}]}},{"cve":{"id":"CVE-2026-44073","sourceIdentifier":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","published":"2026-05-21T08:16:22.913","lastModified":"2026-05-21T15:20:19.040","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Authentication modules in Netatalk 1.5.0 through 4.4.2 fail to check the return value of seteuid(), which may allow a remote authenticated attacker to retain elevated privileges under error conditions."}],"metrics":{"cvssMetricV31":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":3.4}]},"weaknesses":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","description":[{"lang":"en","value":"CWE-273"}]}],"references":[{"url":"https://netatalk.io/security/CVE-2026-44073","source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c"}]}},{"cve":{"id":"CVE-2026-44076","sourceIdentifier":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","published":"2026-05-21T08:16:23.023","lastModified":"2026-05-21T15:20:19.040","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Insufficient sanitization of volume paths in Netatalk 3.1.0 through 4.4.2 allows a local privileged user to inject OS commands and execute arbitrary code via a crafted volume path."}],"metrics":{"cvssMetricV31":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":5.9}]},"weaknesses":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://netatalk.io/security/CVE-2026-44076","source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c"}]}},{"cve":{"id":"CVE-2026-4055","sourceIdentifier":"responsibledisclosure@mattermost.com","published":"2026-05-21T08:16:23.130","lastModified":"2026-05-21T19:45:43.413","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Mattermost versions 11.5.x <= 11.5.1 fail to validate team-level run_create permission against the target team when creating a playbook run which allows an authenticated team member to create runs in teams where they lack permission via specifying a different team ID in the run creation API request. Mattermost Advisory ID: MMSA-2026-00629"}],"metrics":{"cvssMetricV31":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"10.11.0","versionEndExcluding":"10.11.17","matchCriteriaId":"F9018E52-5C7F-4E59-B637-604B8EECD974"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"11.5.0","versionEndExcluding":"11.5.5","matchCriteriaId":"DF287562-A912-43DD-8FAC-0CD8EC7BEF7E"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"11.6.0","versionEndExcluding":"11.6.2","matchCriteriaId":"AFCFC389-02A5-45CD-8EEB-9ED208C0EE83"}]}]}],"references":[{"url":"https://mattermost.com/security-updates","source":"responsibledisclosure@mattermost.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-7835","sourceIdentifier":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","published":"2026-05-21T08:16:23.277","lastModified":"2026-05-21T15:20:19.040","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted input that triggers incorrect format string processing."}],"metrics":{"cvssMetricV31":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":1.4}]},"weaknesses":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","description":[{"lang":"en","value":"CWE-134"}]}],"references":[{"url":"https://netatalk.io/security/CVE-2026-7835","source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c"}]}},{"cve":{"id":"CVE-2026-7836","sourceIdentifier":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","published":"2026-05-21T08:16:23.403","lastModified":"2026-05-21T15:20:19.040","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An incorrect calculation in the hextoint macro in Netatalk 2.0.0 through 4.4.2 due to improper uppercase character handling allows a remote authenticated attacker to cause limited data modification via crafted hexadecimal input."}],"metrics":{"cvssMetricV31":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4}]},"weaknesses":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","description":[{"lang":"en","value":"CWE-682"}]}],"references":[{"url":"https://netatalk.io/security/CVE-2026-7836","source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c"}]}},{"cve":{"id":"CVE-2026-22880","sourceIdentifier":"responsibledisclosure@mattermost.com","published":"2026-05-21T09:16:26.510","lastModified":"2026-05-21T15:26:35.653","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Mattermost Mobile Apps versions <=2.37 11.4 2.0.37 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to properly validate the SSO authentication callback origin which allows an attacker controlling a malicious Mattermost server to steal user credentials for a legitimate Mattermost server via relaying the SSO code exchange flow through the mobile application. Mattermost Advisory ID: MMSA-2025-00564"}],"metrics":{"cvssMetricV31":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":4.0}]},"weaknesses":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://mattermost.com/security-updates","source":"responsibledisclosure@mattermost.com"}]}},{"cve":{"id":"CVE-2026-27349","sourceIdentifier":"audit@patchstack.com","published":"2026-05-21T09:16:26.647","lastModified":"2026-05-21T15:19:30.540","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPFunnels Team Mail Mint allows Retrieve Embedded Sensitive Data.\n\nThis issue affects Mail Mint: from n/a through 1.19.5."}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-497"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/mail-mint/vulnerability/wordpress-mail-mint-plugin-1-19-5-sensitive-data-exposure-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-27393","sourceIdentifier":"audit@patchstack.com","published":"2026-05-21T09:16:26.780","lastModified":"2026-05-21T15:19:30.540","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in Tobias CF7 WOW Styler allows Exploiting Incorrectly Configured Access Control Security Levels.\n\nThis issue affects CF7 WOW Styler: from n/a through 1.7.6."}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/cf7-styler/vulnerability/wordpress-cf7-wow-styler-plugin-1-7-6-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-44057","sourceIdentifier":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","published":"2026-05-21T09:16:27.930","lastModified":"2026-05-21T15:20:19.040","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A dead bounds check in the Spotlight RPC unmarshaller in Netatalk 3.0.0 through 4.4.2 results in an unreachable code path that provides no effective bounds protection, which may allow a remote authenticated attacker to obtain limited information via crafted Spotlight RPC requests."}],"metrics":{"cvssMetricV31":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4}]},"weaknesses":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","description":[{"lang":"en","value":"CWE-561"}]}],"references":[{"url":"https://netatalk.io/security/CVE-2026-44057","source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c"}]}},{"cve":{"id":"CVE-2026-44071","sourceIdentifier":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","published":"2026-05-21T09:16:29.340","lastModified":"2026-05-21T15:20:19.040","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Netatalk 3.1.2 through 4.4.2 is compiled without FORTIFY_SOURCE, which disables built-in buffer overflow detection at runtime, potentially allowing a remote attacker to cause a minor denial of service via memory errors that would otherwise be caught and safely terminated by runtime protection."}],"metrics":{"cvssMetricV31":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":1.4}]},"weaknesses":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","description":[{"lang":"en","value":"CWE-693"}]}],"references":[{"url":"https://netatalk.io/security/CVE-2026-44071","source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c"}]}},{"cve":{"id":"CVE-2026-44074","sourceIdentifier":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","published":"2026-05-21T09:16:29.650","lastModified":"2026-05-21T15:20:19.040","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Netatalk 2.1.0 through 4.4.2 combines multiple errno values using bitwise OR, resulting in incorrect error codes when multiple error conditions occur simultaneously, which may allow a remote attacker to cause a minor service disruption via conditions that trigger incorrect error-handling paths."}],"metrics":{"cvssMetricV31":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":1.4}]},"weaknesses":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","description":[{"lang":"en","value":"CWE-682"}]}],"references":[{"url":"https://netatalk.io/security/CVE-2026-44074","source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c"}]}},{"cve":{"id":"CVE-2026-44075","sourceIdentifier":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","published":"2026-05-21T09:16:29.770","lastModified":"2026-05-21T15:20:19.040","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A missing break statement in DSI OpenSession processing in Netatalk 1.5.0 through 4.4.2 causes a DSIOPT_ATTNQUANT switch case to fall through into DSIOPT_SERVQUANT, resulting in unintended session option handling that may allow a remote attacker to cause a minor service disruption via crafted DSI session options."}],"metrics":{"cvssMetricV31":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":1.4}]},"weaknesses":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","description":[{"lang":"en","value":"CWE-484"}]}],"references":[{"url":"https://netatalk.io/security/CVE-2026-44075","source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c"}]}},{"cve":{"id":"CVE-2026-4858","sourceIdentifier":"responsibledisclosure@mattermost.com","published":"2026-05-21T09:16:30.143","lastModified":"2026-05-21T19:43:31.373","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to check integration URL for path traversal which allows an malicious authenticated user  to call an arbitrary API via system admin Mattermost auth token using via path traversal in integration action URL.. Mattermost Advisory ID: MMSA-2026-00640"}],"metrics":{"cvssMetricV31":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}]},"weaknesses":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"10.11.0","versionEndExcluding":"10.11.15","matchCriteriaId":"6696A83A-CD06-45BD-A4C1-16A09C4CA15B"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"11.4.0","versionEndExcluding":"11.4.5","matchCriteriaId":"AB489375-1F54-4A24-AE2C-37D92B27FF4D"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"11.5.0","versionEndExcluding":"11.5.4","matchCriteriaId":"617D4791-A087-42E8-BF73-B39B30CB29C8"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:11.6.0:*:*:*:*:*:*:*","matchCriteriaId":"6287452E-C8F4-4266-BBF9-0F839115215A"}]}]}],"references":[{"url":"https://mattermost.com/security-updates","source":"responsibledisclosure@mattermost.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-7837","sourceIdentifier":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","published":"2026-05-21T09:16:30.803","lastModified":"2026-05-21T15:20:19.040","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A time-of-check time-of-use (TOCTOU) condition in the ad_flush function in Netatalk 3.0.0 through 4.4.2 involves root-privileged file operations, which may allow a remote attacker to cause limited data modification under specific race conditions."}],"metrics":{"cvssMetricV31":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4}]},"weaknesses":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","description":[{"lang":"en","value":"CWE-367"}]}],"references":[{"url":"https://netatalk.io/security/CVE-2026-7837","source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c"}]}},{"cve":{"id":"CVE-2026-9157","sourceIdentifier":"09832df1-09c1-45b4-8a85-16c601d30feb","published":"2026-05-21T09:16:30.930","lastModified":"2026-05-21T15:24:25.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper input validation, Unrestricted upload of file with dangerous type vulnerability in Gmission Web Fax allows Remote Code Inclusion.\n\nThis issue affects Web Fax: from 3.0 before 3.1."}],"metrics":{"cvssMetricV40":[{"source":"09832df1-09c1-45b4-8a85-16c601d30feb","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"09832df1-09c1-45b4-8a85-16c601d30feb","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":5.9}]},"weaknesses":[{"source":"09832df1-09c1-45b4-8a85-16c601d30feb","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://www.gmission.co.kr/fax1","source":"09832df1-09c1-45b4-8a85-16c601d30feb"}]}},{"cve":{"id":"CVE-2026-28764","sourceIdentifier":"talos-cna@cisco.com","published":"2026-05-21T10:16:25.090","lastModified":"2026-05-21T19:16:52.123","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"MediaArea MediaInfoLib LXF element parsing heap-based buffer overflow vulnerability"}],"metrics":{"cvssMetricV31":[{"source":"talos-cna@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"talos-cna@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-823"}]}],"references":[{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2026-2371","source":"talos-cna@cisco.com"},{"url":"https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2371","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-39461","sourceIdentifier":"secteam@freebsd.org","published":"2026-05-21T10:16:25.320","lastModified":"2026-05-21T19:01:35.583","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"libcasper(3) communicates with helper processes via UNIX domain sockets, and uses the select(2) system call to wait for data to become available.  However, it does not verify that its socket descriptor fits within select(2)'s descriptor set size limit of FD_SETSIZE (1024).\n\nAn attacker able to cause an application using libcasper(3) to allocate large file descriptors, e.g., by opening many descriptors and executing a program which is not careful to close them upon startup, may trigger stack corruption.  If the target application runs with setuid root privileges, this could be used to escalate local privileges."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":6.0}]},"weaknesses":[{"source":"secteam@freebsd.org","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:-:*:*:*:*:*:*","matchCriteriaId":"9DC7C54E-58AF-4ADE-84AF-0EF0F325E20E"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p1:*:*:*:*:*:*","matchCriteriaId":"D3D22B8C-36CF-4800-9673-0B0240558BDD"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p10:*:*:*:*:*:*","matchCriteriaId":"7296F5AA-F8C1-4277-A4EE-C2B24073A320"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p11:*:*:*:*:*:*","matchCriteriaId":"C30E4A9C-0594-4F40-92B3-26CB9AA85AE9"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p12:*:*:*:*:*:*","matchCriteriaId":"9F83F91B-587A-433C-99DB-0D63E267FF16"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p13:*:*:*:*:*:*","matchCriteriaId":"44B9C2FC-756E-459F-8E68-C2C2B8C258AC"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p2:*:*:*:*:*:*","matchCriteriaId":"242FA2A8-5D7D-4617-A411-2651FF3A3E4C"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p3:*:*:*:*:*:*","matchCriteriaId":"40573F60-F3B7-4AEC-846A-B08E5B7D9D00"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p4:*:*:*:*:*:*","matchCriteriaId":"1FB832CE-0A98-44A2-8BAC-CD38A64279B6"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p5:*:*:*:*:*:*","matchCriteriaId":"9A785F8E-C218-41AE-8D57-BF06DDAEF7CB"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p6:*:*:*:*:*:*","matchCriteriaId":"C3909FDD-B2A2-45B6-A40B-1D303A717F15"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p7:*:*:*:*:*:*","matchCriteriaId":"720597A2-F181-46E1-8A0D-097E17ADC4FB"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p8:*:*:*:*:*:*","matchCriteriaId":"DC8A75D0-148A-427A-9783-45477EABED21"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p9:*:*:*:*:*:*","matchCriteriaId":"F5D39FC9-6DBA-46C8-BB80-A6188E6A8527"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.4:-:*:*:*:*:*:*","matchCriteriaId":"8F3856BE-666F-4FA1-A6AD-FE179CEBF1E4"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.4:p1:*:*:*:*:*:*","matchCriteriaId":"D9CC0037-3282-42C3-80D8-F6C1D43B9332"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.4:p2:*:*:*:*:*:*","matchCriteriaId":"1EADA828-3C20-43C0-A0CA-3AC7D7F23DBD"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.4:p3:*:*:*:*:*:*","matchCriteriaId":"53D73FD2-4B06-47D3-BA2A-4363E9DE3565"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.4:p4:*:*:*:*:*:*","matchCriteriaId":"D726890B-E679-43A9-A211-D5C05BBE3941"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.4:rc1:*:*:*:*:*:*","matchCriteriaId":"0342A715-E211-4AF6-97ED-32EB9EBB947D"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:-:*:*:*:*:*:*","matchCriteriaId":"368CFE5D-C5C2-42AF-AAF4-28DFE1A59C3B"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p1:*:*:*:*:*:*","matchCriteriaId":"AA4AAA57-70A7-4717-ACF2-A253E757FF2C"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p2:*:*:*:*:*:*","matchCriteriaId":"E24ABFA6-4D12-4DE5-832B-438502C7D188"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p3:*:*:*:*:*:*","matchCriteriaId":"C1C9869C-494B-4628-9AA3-4AA5B989C377"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p4:*:*:*:*:*:*","matchCriteriaId":"002AA2FE-C7BA-471A-9434-0E56A878ACBF"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p5:*:*:*:*:*:*","matchCriteriaId":"B187670D-E3A2-4A0D-A653-982F8B447E78"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p6:*:*:*:*:*:*","matchCriteriaId":"047E7EE9-FB51-4CF2-A8BE-484BFD819565"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p7:*:*:*:*:*:*","matchCriteriaId":"2C9768AE-9954-4B2A-9525-D7D4942406E7"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p8:*:*:*:*:*:*","matchCriteriaId":"F8B9EF55-3755-452A-B067-043803099B22"}]}]}],"references":[{"url":"https://security.freebsd.org/advisories/FreeBSD-SA-26:22.libcasper.asc","source":"secteam@freebsd.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41999","sourceIdentifier":"security@open-xchange.com","published":"2026-05-21T10:16:25.433","lastModified":"2026-05-21T15:27:51.530","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect Behaviour of Views with TCP PROXY Requests"}],"metrics":{"cvssMetricV31":[{"source":"security@open-xchange.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":2.5}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-06.html","source":"security@open-xchange.com"}]}},{"cve":{"id":"CVE-2026-42000","sourceIdentifier":"security@open-xchange.com","published":"2026-05-21T10:16:25.563","lastModified":"2026-05-21T15:27:51.530","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Insufficient Validation of Names During AXFR"}],"metrics":{"cvssMetricV31":[{"source":"security@open-xchange.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":4.0}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-77"}]}],"references":[{"url":"https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-06.html","source":"security@open-xchange.com"}]}},{"cve":{"id":"CVE-2026-42001","sourceIdentifier":"security@open-xchange.com","published":"2026-05-21T10:16:25.683","lastModified":"2026-05-21T15:27:51.530","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Insufficient Validation of Autoprimary SOA Queries"}],"metrics":{"cvssMetricV31":[{"source":"security@open-xchange.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"references":[{"url":"https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-06.html","source":"security@open-xchange.com"}]}},{"cve":{"id":"CVE-2026-42002","sourceIdentifier":"security@open-xchange.com","published":"2026-05-21T10:16:25.800","lastModified":"2026-05-21T15:27:51.530","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Concurrency and locking defects in GSS-TSIG"}],"metrics":{"cvssMetricV31":[{"source":"security@open-xchange.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":3.6}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-364"}]}],"references":[{"url":"https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-06.html","source":"security@open-xchange.com"}]}},{"cve":{"id":"CVE-2026-42396","sourceIdentifier":"security@open-xchange.com","published":"2026-05-21T10:16:25.927","lastModified":"2026-05-21T15:27:51.530","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Insufficient Validation of Member Zone Data May Cause Catalog Zone Transfer to Fail"}],"metrics":{"cvssMetricV31":[{"source":"security@open-xchange.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":3.6}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-06.html","source":"security@open-xchange.com"}]}},{"cve":{"id":"CVE-2026-45251","sourceIdentifier":"secteam@freebsd.org","published":"2026-05-21T10:16:26.043","lastModified":"2026-05-21T19:01:22.710","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A file descriptor can be closed while a thread is blocked in a poll(2) or select(2) call waiting for that descriptor.  Because the blocked thread does not hold a reference to the underlying object, this closure may result in the object being freed while the thread remains blocked.  In this situation, the kernel must remove the blocked thread from the per-object wait queue prior to freeing the object.\n\nIn the case of some file descriptor types, the kernel failed to unlink blocked threads from the object before freeing it.  When the blocked thread is subsequently woken, it accesses memory that has already been freed resulting in a use-after-free vulnerability.\n\nThe use-after-free vulnerability may be triggered by an unprivileged local user and can be exploited to obtain superuser privileges."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"secteam@freebsd.org","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:-:*:*:*:*:*:*","matchCriteriaId":"9DC7C54E-58AF-4ADE-84AF-0EF0F325E20E"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p1:*:*:*:*:*:*","matchCriteriaId":"D3D22B8C-36CF-4800-9673-0B0240558BDD"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p10:*:*:*:*:*:*","matchCriteriaId":"7296F5AA-F8C1-4277-A4EE-C2B24073A320"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p11:*:*:*:*:*:*","matchCriteriaId":"C30E4A9C-0594-4F40-92B3-26CB9AA85AE9"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p12:*:*:*:*:*:*","matchCriteriaId":"9F83F91B-587A-433C-99DB-0D63E267FF16"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p13:*:*:*:*:*:*","matchCriteriaId":"44B9C2FC-756E-459F-8E68-C2C2B8C258AC"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p2:*:*:*:*:*:*","matchCriteriaId":"242FA2A8-5D7D-4617-A411-2651FF3A3E4C"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p3:*:*:*:*:*:*","matchCriteriaId":"40573F60-F3B7-4AEC-846A-B08E5B7D9D00"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p4:*:*:*:*:*:*","matchCriteriaId":"1FB832CE-0A98-44A2-8BAC-CD38A64279B6"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p5:*:*:*:*:*:*","matchCriteriaId":"9A785F8E-C218-41AE-8D57-BF06DDAEF7CB"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p6:*:*:*:*:*:*","matchCriteriaId":"C3909FDD-B2A2-45B6-A40B-1D303A717F15"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p7:*:*:*:*:*:*","matchCriteriaId":"720597A2-F181-46E1-8A0D-097E17ADC4FB"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p8:*:*:*:*:*:*","matchCriteriaId":"DC8A75D0-148A-427A-9783-45477EABED21"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p9:*:*:*:*:*:*","matchCriteriaId":"F5D39FC9-6DBA-46C8-BB80-A6188E6A8527"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.4:-:*:*:*:*:*:*","matchCriteriaId":"8F3856BE-666F-4FA1-A6AD-FE179CEBF1E4"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.4:p1:*:*:*:*:*:*","matchCriteriaId":"D9CC0037-3282-42C3-80D8-F6C1D43B9332"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.4:p2:*:*:*:*:*:*","matchCriteriaId":"1EADA828-3C20-43C0-A0CA-3AC7D7F23DBD"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.4:p3:*:*:*:*:*:*","matchCriteriaId":"53D73FD2-4B06-47D3-BA2A-4363E9DE3565"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.4:p4:*:*:*:*:*:*","matchCriteriaId":"D726890B-E679-43A9-A211-D5C05BBE3941"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.4:rc1:*:*:*:*:*:*","matchCriteriaId":"0342A715-E211-4AF6-97ED-32EB9EBB947D"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:-:*:*:*:*:*:*","matchCriteriaId":"368CFE5D-C5C2-42AF-AAF4-28DFE1A59C3B"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p1:*:*:*:*:*:*","matchCriteriaId":"AA4AAA57-70A7-4717-ACF2-A253E757FF2C"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p2:*:*:*:*:*:*","matchCriteriaId":"E24ABFA6-4D12-4DE5-832B-438502C7D188"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p3:*:*:*:*:*:*","matchCriteriaId":"C1C9869C-494B-4628-9AA3-4AA5B989C377"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p4:*:*:*:*:*:*","matchCriteriaId":"002AA2FE-C7BA-471A-9434-0E56A878ACBF"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p5:*:*:*:*:*:*","matchCriteriaId":"B187670D-E3A2-4A0D-A653-982F8B447E78"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p6:*:*:*:*:*:*","matchCriteriaId":"047E7EE9-FB51-4CF2-A8BE-484BFD819565"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p7:*:*:*:*:*:*","matchCriteriaId":"2C9768AE-9954-4B2A-9525-D7D4942406E7"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p8:*:*:*:*:*:*","matchCriteriaId":"F8B9EF55-3755-452A-B067-043803099B22"}]}]}],"references":[{"url":"https://security.freebsd.org/advisories/FreeBSD-SA-26:19.file.asc","source":"secteam@freebsd.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-45252","sourceIdentifier":"secteam@freebsd.org","published":"2026-05-21T10:16:26.157","lastModified":"2026-05-21T19:01:09.797","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"When a fusefs file system implements extended attributes, the kernel may send a FUSE_LISTXATTR message to the userspace daemon to retrieve the list of extended attributes for a given file.  The FUSE protocol requires the daemon to return a packed list of NUL-terminated strings.  The fusefs kernel module calls strlen() on this daemon-supplied buffer without first verifying that the entire list is NUL-terminated.\n\nIf a malicious daemon sends a non-NUL-terminated list, the fusefs kernel module may read beyond the end of one heap-allocated buffer and potentially write beyond the end of a second buffer.  A malicious daemon could disclose up to 253 bytes of kernel heap memory, or it could inject up to 250 attacker-controlled bytes into unallocated kernel heap space."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":4.2}]},"weaknesses":[{"source":"secteam@freebsd.org","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:-:*:*:*:*:*:*","matchCriteriaId":"9DC7C54E-58AF-4ADE-84AF-0EF0F325E20E"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p1:*:*:*:*:*:*","matchCriteriaId":"D3D22B8C-36CF-4800-9673-0B0240558BDD"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p10:*:*:*:*:*:*","matchCriteriaId":"7296F5AA-F8C1-4277-A4EE-C2B24073A320"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p11:*:*:*:*:*:*","matchCriteriaId":"C30E4A9C-0594-4F40-92B3-26CB9AA85AE9"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p12:*:*:*:*:*:*","matchCriteriaId":"9F83F91B-587A-433C-99DB-0D63E267FF16"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p13:*:*:*:*:*:*","matchCriteriaId":"44B9C2FC-756E-459F-8E68-C2C2B8C258AC"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p2:*:*:*:*:*:*","matchCriteriaId":"242FA2A8-5D7D-4617-A411-2651FF3A3E4C"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p3:*:*:*:*:*:*","matchCriteriaId":"40573F60-F3B7-4AEC-846A-B08E5B7D9D00"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p4:*:*:*:*:*:*","matchCriteriaId":"1FB832CE-0A98-44A2-8BAC-CD38A64279B6"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p5:*:*:*:*:*:*","matchCriteriaId":"9A785F8E-C218-41AE-8D57-BF06DDAEF7CB"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p6:*:*:*:*:*:*","matchCriteriaId":"C3909FDD-B2A2-45B6-A40B-1D303A717F15"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p7:*:*:*:*:*:*","matchCriteriaId":"720597A2-F181-46E1-8A0D-097E17ADC4FB"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p8:*:*:*:*:*:*","matchCriteriaId":"DC8A75D0-148A-427A-9783-45477EABED21"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p9:*:*:*:*:*:*","matchCriteriaId":"F5D39FC9-6DBA-46C8-BB80-A6188E6A8527"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.4:-:*:*:*:*:*:*","matchCriteriaId":"8F3856BE-666F-4FA1-A6AD-FE179CEBF1E4"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.4:p1:*:*:*:*:*:*","matchCriteriaId":"D9CC0037-3282-42C3-80D8-F6C1D43B9332"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.4:p2:*:*:*:*:*:*","matchCriteriaId":"1EADA828-3C20-43C0-A0CA-3AC7D7F23DBD"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.4:p3:*:*:*:*:*:*","matchCriteriaId":"53D73FD2-4B06-47D3-BA2A-4363E9DE3565"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.4:p4:*:*:*:*:*:*","matchCriteriaId":"D726890B-E679-43A9-A211-D5C05BBE3941"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.4:rc1:*:*:*:*:*:*","matchCriteriaId":"0342A715-E211-4AF6-97ED-32EB9EBB947D"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:-:*:*:*:*:*:*","matchCriteriaId":"368CFE5D-C5C2-42AF-AAF4-28DFE1A59C3B"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p1:*:*:*:*:*:*","matchCriteriaId":"AA4AAA57-70A7-4717-ACF2-A253E757FF2C"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p2:*:*:*:*:*:*","matchCriteriaId":"E24ABFA6-4D12-4DE5-832B-438502C7D188"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p3:*:*:*:*:*:*","matchCriteriaId":"C1C9869C-494B-4628-9AA3-4AA5B989C377"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p4:*:*:*:*:*:*","matchCriteriaId":"002AA2FE-C7BA-471A-9434-0E56A878ACBF"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p5:*:*:*:*:*:*","matchCriteriaId":"B187670D-E3A2-4A0D-A653-982F8B447E78"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p6:*:*:*:*:*:*","matchCriteriaId":"047E7EE9-FB51-4CF2-A8BE-484BFD819565"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p7:*:*:*:*:*:*","matchCriteriaId":"2C9768AE-9954-4B2A-9525-D7D4942406E7"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p8:*:*:*:*:*:*","matchCriteriaId":"F8B9EF55-3755-452A-B067-043803099B22"}]}]}],"references":[{"url":"https://security.freebsd.org/advisories/FreeBSD-SA-26:20.fusefs.asc","source":"secteam@freebsd.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-45253","sourceIdentifier":"secteam@freebsd.org","published":"2026-05-21T10:16:26.270","lastModified":"2026-05-21T19:01:01.833","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"ptrace(PT_SC_REMOTE) failed to properly validate parameters for the syscall(2) and __syscall(2) meta-system calls.  As a result, a user with the ability to debug a process may trigger arbitrary code execution in the kernel, even if the target process has no special privileges.\n\nThe missing validation allows an unprivileged local user to escalate privileges, potentially gaining full control of the affected system."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":5.9}]},"weaknesses":[{"source":"secteam@freebsd.org","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:-:*:*:*:*:*:*","matchCriteriaId":"9DC7C54E-58AF-4ADE-84AF-0EF0F325E20E"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p1:*:*:*:*:*:*","matchCriteriaId":"D3D22B8C-36CF-4800-9673-0B0240558BDD"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p10:*:*:*:*:*:*","matchCriteriaId":"7296F5AA-F8C1-4277-A4EE-C2B24073A320"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p11:*:*:*:*:*:*","matchCriteriaId":"C30E4A9C-0594-4F40-92B3-26CB9AA85AE9"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p12:*:*:*:*:*:*","matchCriteriaId":"9F83F91B-587A-433C-99DB-0D63E267FF16"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p13:*:*:*:*:*:*","matchCriteriaId":"44B9C2FC-756E-459F-8E68-C2C2B8C258AC"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p2:*:*:*:*:*:*","matchCriteriaId":"242FA2A8-5D7D-4617-A411-2651FF3A3E4C"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p3:*:*:*:*:*:*","matchCriteriaId":"40573F60-F3B7-4AEC-846A-B08E5B7D9D00"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p4:*:*:*:*:*:*","matchCriteriaId":"1FB832CE-0A98-44A2-8BAC-CD38A64279B6"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p5:*:*:*:*:*:*","matchCriteriaId":"9A785F8E-C218-41AE-8D57-BF06DDAEF7CB"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p6:*:*:*:*:*:*","matchCriteriaId":"C3909FDD-B2A2-45B6-A40B-1D303A717F15"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p7:*:*:*:*:*:*","matchCriteriaId":"720597A2-F181-46E1-8A0D-097E17ADC4FB"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p8:*:*:*:*:*:*","matchCriteriaId":"DC8A75D0-148A-427A-9783-45477EABED21"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p9:*:*:*:*:*:*","matchCriteriaId":"F5D39FC9-6DBA-46C8-BB80-A6188E6A8527"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.4:-:*:*:*:*:*:*","matchCriteriaId":"8F3856BE-666F-4FA1-A6AD-FE179CEBF1E4"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.4:p1:*:*:*:*:*:*","matchCriteriaId":"D9CC0037-3282-42C3-80D8-F6C1D43B9332"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.4:p2:*:*:*:*:*:*","matchCriteriaId":"1EADA828-3C20-43C0-A0CA-3AC7D7F23DBD"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.4:p3:*:*:*:*:*:*","matchCriteriaId":"53D73FD2-4B06-47D3-BA2A-4363E9DE3565"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.4:p4:*:*:*:*:*:*","matchCriteriaId":"D726890B-E679-43A9-A211-D5C05BBE3941"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.4:rc1:*:*:*:*:*:*","matchCriteriaId":"0342A715-E211-4AF6-97ED-32EB9EBB947D"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:-:*:*:*:*:*:*","matchCriteriaId":"368CFE5D-C5C2-42AF-AAF4-28DFE1A59C3B"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p1:*:*:*:*:*:*","matchCriteriaId":"AA4AAA57-70A7-4717-ACF2-A253E757FF2C"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p2:*:*:*:*:*:*","matchCriteriaId":"E24ABFA6-4D12-4DE5-832B-438502C7D188"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p3:*:*:*:*:*:*","matchCriteriaId":"C1C9869C-494B-4628-9AA3-4AA5B989C377"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p4:*:*:*:*:*:*","matchCriteriaId":"002AA2FE-C7BA-471A-9434-0E56A878ACBF"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p5:*:*:*:*:*:*","matchCriteriaId":"B187670D-E3A2-4A0D-A653-982F8B447E78"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p6:*:*:*:*:*:*","matchCriteriaId":"047E7EE9-FB51-4CF2-A8BE-484BFD819565"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p7:*:*:*:*:*:*","matchCriteriaId":"2C9768AE-9954-4B2A-9525-D7D4942406E7"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p8:*:*:*:*:*:*","matchCriteriaId":"F8B9EF55-3755-452A-B067-043803099B22"}]}]}],"references":[{"url":"https://security.freebsd.org/advisories/FreeBSD-SA-26:21.ptrace.asc","source":"secteam@freebsd.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-45254","sourceIdentifier":"secteam@freebsd.org","published":"2026-05-21T10:16:26.380","lastModified":"2026-05-21T19:00:47.593","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the case of the cap_net service, when a key present in the old limit was omitted from the new limit, the missing key was treated as \"allow any\" instead of being rejected.\n\nIn certain scenarios, an application that had previously restricted a subset of network operations could ask for a new limit that extended the permissions of the process."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}]},"weaknesses":[{"source":"secteam@freebsd.org","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:-:*:*:*:*:*:*","matchCriteriaId":"9DC7C54E-58AF-4ADE-84AF-0EF0F325E20E"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p1:*:*:*:*:*:*","matchCriteriaId":"D3D22B8C-36CF-4800-9673-0B0240558BDD"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p10:*:*:*:*:*:*","matchCriteriaId":"7296F5AA-F8C1-4277-A4EE-C2B24073A320"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p11:*:*:*:*:*:*","matchCriteriaId":"C30E4A9C-0594-4F40-92B3-26CB9AA85AE9"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p12:*:*:*:*:*:*","matchCriteriaId":"9F83F91B-587A-433C-99DB-0D63E267FF16"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p13:*:*:*:*:*:*","matchCriteriaId":"44B9C2FC-756E-459F-8E68-C2C2B8C258AC"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p2:*:*:*:*:*:*","matchCriteriaId":"242FA2A8-5D7D-4617-A411-2651FF3A3E4C"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p3:*:*:*:*:*:*","matchCriteriaId":"40573F60-F3B7-4AEC-846A-B08E5B7D9D00"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p4:*:*:*:*:*:*","matchCriteriaId":"1FB832CE-0A98-44A2-8BAC-CD38A64279B6"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p5:*:*:*:*:*:*","matchCriteriaId":"9A785F8E-C218-41AE-8D57-BF06DDAEF7CB"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p6:*:*:*:*:*:*","matchCriteriaId":"C3909FDD-B2A2-45B6-A40B-1D303A717F15"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p7:*:*:*:*:*:*","matchCriteriaId":"720597A2-F181-46E1-8A0D-097E17ADC4FB"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p8:*:*:*:*:*:*","matchCriteriaId":"DC8A75D0-148A-427A-9783-45477EABED21"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p9:*:*:*:*:*:*","matchCriteriaId":"F5D39FC9-6DBA-46C8-BB80-A6188E6A8527"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.4:-:*:*:*:*:*:*","matchCriteriaId":"8F3856BE-666F-4FA1-A6AD-FE179CEBF1E4"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.4:p1:*:*:*:*:*:*","matchCriteriaId":"D9CC0037-3282-42C3-80D8-F6C1D43B9332"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.4:p2:*:*:*:*:*:*","matchCriteriaId":"1EADA828-3C20-43C0-A0CA-3AC7D7F23DBD"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.4:p3:*:*:*:*:*:*","matchCriteriaId":"53D73FD2-4B06-47D3-BA2A-4363E9DE3565"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.4:p4:*:*:*:*:*:*","matchCriteriaId":"D726890B-E679-43A9-A211-D5C05BBE3941"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.4:rc1:*:*:*:*:*:*","matchCriteriaId":"0342A715-E211-4AF6-97ED-32EB9EBB947D"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:-:*:*:*:*:*:*","matchCriteriaId":"368CFE5D-C5C2-42AF-AAF4-28DFE1A59C3B"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p1:*:*:*:*:*:*","matchCriteriaId":"AA4AAA57-70A7-4717-ACF2-A253E757FF2C"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p2:*:*:*:*:*:*","matchCriteriaId":"E24ABFA6-4D12-4DE5-832B-438502C7D188"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p3:*:*:*:*:*:*","matchCriteriaId":"C1C9869C-494B-4628-9AA3-4AA5B989C377"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p4:*:*:*:*:*:*","matchCriteriaId":"002AA2FE-C7BA-471A-9434-0E56A878ACBF"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p5:*:*:*:*:*:*","matchCriteriaId":"B187670D-E3A2-4A0D-A653-982F8B447E78"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p6:*:*:*:*:*:*","matchCriteriaId":"047E7EE9-FB51-4CF2-A8BE-484BFD819565"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p7:*:*:*:*:*:*","matchCriteriaId":"2C9768AE-9954-4B2A-9525-D7D4942406E7"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p8:*:*:*:*:*:*","matchCriteriaId":"F8B9EF55-3755-452A-B067-043803099B22"}]}]}],"references":[{"url":"https://security.freebsd.org/advisories/FreeBSD-SA-26:24.cap_net.asc","source":"secteam@freebsd.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-45255","sourceIdentifier":"secteam@freebsd.org","published":"2026-05-21T10:16:26.497","lastModified":"2026-05-21T19:00:34.217","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog(1) to prompt the user to select a network.  This is implemented using a shell script, and the code which handled network names was not careful to prevent expansion by the shell.  As a result, a suitably crafted network name can be used to execute commands via a subshell.\n\nThe problem can be exploited to execute code as root on the system running bsdinstall or bsdconfig.  The attacker would need to create an access point with a specially crafted name and be within range of a Wi-Fi scan.  Note that bsdinstall and bsdconfig are vulnerable as soon as the user prompts them to scan for nearby networks; they do not need to actually select the malicious network."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}]},"weaknesses":[{"source":"secteam@freebsd.org","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:-:*:*:*:*:*:*","matchCriteriaId":"9DC7C54E-58AF-4ADE-84AF-0EF0F325E20E"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p1:*:*:*:*:*:*","matchCriteriaId":"D3D22B8C-36CF-4800-9673-0B0240558BDD"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p10:*:*:*:*:*:*","matchCriteriaId":"7296F5AA-F8C1-4277-A4EE-C2B24073A320"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p11:*:*:*:*:*:*","matchCriteriaId":"C30E4A9C-0594-4F40-92B3-26CB9AA85AE9"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p12:*:*:*:*:*:*","matchCriteriaId":"9F83F91B-587A-433C-99DB-0D63E267FF16"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p13:*:*:*:*:*:*","matchCriteriaId":"44B9C2FC-756E-459F-8E68-C2C2B8C258AC"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p2:*:*:*:*:*:*","matchCriteriaId":"242FA2A8-5D7D-4617-A411-2651FF3A3E4C"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p3:*:*:*:*:*:*","matchCriteriaId":"40573F60-F3B7-4AEC-846A-B08E5B7D9D00"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p4:*:*:*:*:*:*","matchCriteriaId":"1FB832CE-0A98-44A2-8BAC-CD38A64279B6"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p5:*:*:*:*:*:*","matchCriteriaId":"9A785F8E-C218-41AE-8D57-BF06DDAEF7CB"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p6:*:*:*:*:*:*","matchCriteriaId":"C3909FDD-B2A2-45B6-A40B-1D303A717F15"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p7:*:*:*:*:*:*","matchCriteriaId":"720597A2-F181-46E1-8A0D-097E17ADC4FB"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p8:*:*:*:*:*:*","matchCriteriaId":"DC8A75D0-148A-427A-9783-45477EABED21"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p9:*:*:*:*:*:*","matchCriteriaId":"F5D39FC9-6DBA-46C8-BB80-A6188E6A8527"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.4:-:*:*:*:*:*:*","matchCriteriaId":"8F3856BE-666F-4FA1-A6AD-FE179CEBF1E4"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.4:p1:*:*:*:*:*:*","matchCriteriaId":"D9CC0037-3282-42C3-80D8-F6C1D43B9332"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.4:p2:*:*:*:*:*:*","matchCriteriaId":"1EADA828-3C20-43C0-A0CA-3AC7D7F23DBD"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.4:p3:*:*:*:*:*:*","matchCriteriaId":"53D73FD2-4B06-47D3-BA2A-4363E9DE3565"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.4:p4:*:*:*:*:*:*","matchCriteriaId":"D726890B-E679-43A9-A211-D5C05BBE3941"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.4:rc1:*:*:*:*:*:*","matchCriteriaId":"0342A715-E211-4AF6-97ED-32EB9EBB947D"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:-:*:*:*:*:*:*","matchCriteriaId":"368CFE5D-C5C2-42AF-AAF4-28DFE1A59C3B"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p1:*:*:*:*:*:*","matchCriteriaId":"AA4AAA57-70A7-4717-ACF2-A253E757FF2C"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p2:*:*:*:*:*:*","matchCriteriaId":"E24ABFA6-4D12-4DE5-832B-438502C7D188"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p3:*:*:*:*:*:*","matchCriteriaId":"C1C9869C-494B-4628-9AA3-4AA5B989C377"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p4:*:*:*:*:*:*","matchCriteriaId":"002AA2FE-C7BA-471A-9434-0E56A878ACBF"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p5:*:*:*:*:*:*","matchCriteriaId":"B187670D-E3A2-4A0D-A653-982F8B447E78"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p6:*:*:*:*:*:*","matchCriteriaId":"047E7EE9-FB51-4CF2-A8BE-484BFD819565"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p7:*:*:*:*:*:*","matchCriteriaId":"2C9768AE-9954-4B2A-9525-D7D4942406E7"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p8:*:*:*:*:*:*","matchCriteriaId":"F8B9EF55-3755-452A-B067-043803099B22"}]}]}],"references":[{"url":"https://security.freebsd.org/advisories/FreeBSD-SA-26:23.bsdinstall.asc","source":"secteam@freebsd.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-0393","sourceIdentifier":"info@cert.vde.com","published":"2026-05-21T12:16:19.810","lastModified":"2026-05-21T16:04:33.830","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability affects only login operations within an active visualization session."}],"metrics":{"cvssMetricV40":[{"source":"info@cert.vde.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"info@cert.vde.com","type":"Primary","description":[{"lang":"en","value":"CWE-522"}]}],"references":[{"url":"https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2026/advisory2026-07_vde-2026-052.json","source":"info@cert.vde.com"}]}},{"cve":{"id":"CVE-2026-45760","sourceIdentifier":"security@apache.org","published":"2026-05-21T13:16:19.840","lastModified":"2026-05-21T19:16:53.413","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"(Externally Controlled Reference to a Resource in Another Sphere), (Authorization Bypass Through User-Controlled Key) vulnerability in Apache Camel K. Authorized users in a Kubernetes namespace can create a Build resource, controlling the Pod generation in a namespace of their choice, including the operator namespace.\n\nThis issue affects Apache Camel K: from 2.0.0 before 2.8.1, from 2.9.0 before 2.9.2, from 2.10.0 before 2.10.1.\n\nUsers are recommended to upgrade to version 2.10.1 (or 2.8.1 or 2.9.2), which fixes the issue."}],"metrics":{},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-610"},{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://camel.apache.org/security/CVE-2026-45760.html","source":"security@apache.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/05/21/8","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-5118","sourceIdentifier":"security@wordfence.com","published":"2026-05-21T13:16:20.013","lastModified":"2026-05-21T15:19:30.540","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.2. This is due to the plugin accepting a user-controlled 'role' parameter from POST data during user registration without validating it against the form's configured default_user_role setting. This makes it possible for unauthenticated attackers to create administrator accounts by tampering with the role parameter during registration."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-269"}]}],"references":[{"url":"https://diviengine.com/divi-form-builder-changelog/","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/72154404-f956-4ea2-96ec-166ade87885f?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-6841","sourceIdentifier":"cvd@cert.pl","published":"2026-05-21T13:16:20.273","lastModified":"2026-05-21T16:04:33.830","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Request Tracker is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the \"Page\" parameter in GET requests. An attacker can craft a URL that, when opened, results in arbitrary JavaScript execution in the victim’s browser.\n\nThis vulnerability affects versions from 5.0.4 up to 5.0.9 and from 6.0.0 up to 6.0.2."}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://cert.pl/en/posts/2026/05/CVE-2026-6841","source":"cvd@cert.pl"},{"url":"https://docs.bestpractical.com/release-notes/rt/5.0.10","source":"cvd@cert.pl"},{"url":"https://docs.bestpractical.com/release-notes/rt/6.0.3","source":"cvd@cert.pl"},{"url":"https://requesttracker.com/request-tracker/","source":"cvd@cert.pl"}]}},{"cve":{"id":"CVE-2025-13477","sourceIdentifier":"iletisim@usom.gov.tr","published":"2026-05-21T14:16:43.300","lastModified":"2026-05-21T15:24:41.890","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Exposure of private personal information to an unauthorized actor, Insufficiently Protected Credentials vulnerability in Digital Operations Services Inc. WifiBurada allows Authentication Bypass.\n\nThis issue affects WifiBurada: through 21052026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Primary","description":[{"lang":"en","value":"CWE-359"},{"lang":"en","value":"CWE-522"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0284","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2025-13479","sourceIdentifier":"iletisim@usom.gov.tr","published":"2026-05-21T14:16:43.417","lastModified":"2026-05-21T15:24:41.890","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Authorization bypass through User-Controlled key vulnerability in PosCube Hardware Software and Consulting Ltd. QR Menu allows Exploitation of Trusted Identifiers.\n\nThis issue affects QR Menu: through 21052026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Primary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0285","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2025-71214","sourceIdentifier":"security@trendmicro.com","published":"2026-05-21T14:16:44.017","lastModified":"2026-05-21T15:16:21.100","vulnStatus":"Undergoing Analysis","cveTags":[{"sourceIdentifier":"security@trendmicro.com","tags":["exclusively-hosted-service"]}],"descriptions":[{"lang":"en","value":"An origin validation error vulnerability in the Trend Micro Apex One (mac) agent iCore service could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\r\n\r\nThe following information is provided as informational only for CVE references, as these were addressed already via ActiveUpdate/SaaS updates in mid to late 2025 (SaaS 2507 & 2005 Yearly Release)."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-346"}]}],"references":[{"url":"https://success.trendmicro.com/en-US/solution/KA-0022458","source":"security@trendmicro.com"},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-26-139/","source":"security@trendmicro.com"}]}},{"cve":{"id":"CVE-2025-71215","sourceIdentifier":"security@trendmicro.com","published":"2026-05-21T14:16:44.130","lastModified":"2026-05-21T15:16:21.843","vulnStatus":"Undergoing Analysis","cveTags":[{"sourceIdentifier":"security@trendmicro.com","tags":["exclusively-hosted-service"]}],"descriptions":[{"lang":"en","value":"A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent iCore service signature verification could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\r\n\r\nThe following information is provided as informational only for CVE references, as these were addressed already via ActiveUpdate/SaaS updates in mid to late 2025 (SaaS 2507 & 2005 Yearly Release)."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-367"}]}],"references":[{"url":"https://success.trendmicro.com/en-US/solution/KA-0022458","source":"security@trendmicro.com"},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-26-141/","source":"security@trendmicro.com"}]}},{"cve":{"id":"CVE-2025-71216","sourceIdentifier":"security@trendmicro.com","published":"2026-05-21T14:16:44.240","lastModified":"2026-05-21T15:16:22.037","vulnStatus":"Undergoing Analysis","cveTags":[{"sourceIdentifier":"security@trendmicro.com","tags":["exclusively-hosted-service"]}],"descriptions":[{"lang":"en","value":"A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent cache mechanism could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\r\n\r\nThe following information is provided as informational only for CVE references, as these were addressed already via ActiveUpdate/SaaS updates in mid to late 2025 (SaaS 2507 & 2005 Yearly Release)."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-367"}]}],"references":[{"url":"https://success.trendmicro.com/en-US/solution/KA-0022458","source":"security@trendmicro.com"},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-26-142/","source":"security@trendmicro.com"}]}},{"cve":{"id":"CVE-2025-71217","sourceIdentifier":"security@trendmicro.com","published":"2026-05-21T14:16:44.350","lastModified":"2026-05-21T15:16:22.223","vulnStatus":"Undergoing Analysis","cveTags":[{"sourceIdentifier":"security@trendmicro.com","tags":["exclusively-hosted-service"]}],"descriptions":[{"lang":"en","value":"An origin validation error vulnerability in the Trend Micro Apex One (mac) agent self-protection mechanism could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\r\n\r\nThe following information is provided as informational only for CVE references, as these were addressed already via ActiveUpdate/SaaS updates in mid to late 2025 (SaaS 2507 & 2005 Yearly Release)."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-346"}]}],"references":[{"url":"https://success.trendmicro.com/en-US/solution/KA-0022458","source":"security@trendmicro.com"},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-26-143/","source":"security@trendmicro.com"}]}},{"cve":{"id":"CVE-2026-2740","sourceIdentifier":"0fc0942c-577d-436f-ae8e-945763c79b02","published":"2026-05-21T14:16:44.850","lastModified":"2026-05-21T15:26:35.653","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are vulnerable to Authenticated Remote code execution in the agent machines due to the bug in the 3rd party dependency."}],"metrics":{"cvssMetricV31":[{"source":"0fc0942c-577d-436f-ae8e-945763c79b02","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":6.0}]},"weaknesses":[{"source":"0fc0942c-577d-436f-ae8e-945763c79b02","type":"Secondary","description":[{"lang":"en","value":"CWE-77"}]}],"references":[{"url":"https://www.manageengine.com/products/self-service-password/advisory/CVE-2026-2740.html","source":"0fc0942c-577d-436f-ae8e-945763c79b02"}]}},{"cve":{"id":"CVE-2026-1815","sourceIdentifier":"iletisim@usom.gov.tr","published":"2026-05-21T15:16:22.413","lastModified":"2026-05-21T15:24:41.890","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Insufficient session expiration vulnerability in Turkiye Electricity Transmission Corporation (TEİAŞ) Mobile Application allows Session Hijacking.\n\nThis issue affects Mobile Application: from 1.6.2 before 1.13."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":3.6}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Primary","description":[{"lang":"en","value":"CWE-613"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0286","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2026-1816","sourceIdentifier":"iletisim@usom.gov.tr","published":"2026-05-21T15:16:22.557","lastModified":"2026-05-21T15:24:41.890","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper restriction of excessive authentication attempts vulnerability in Turkiye Electricity Transmission Corporation (TEİAŞ) Mobile Application allows Brute Force.\n\nThis issue affects Mobile Application: from 1.6.2 before 1.13."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":4.2}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Primary","description":[{"lang":"en","value":"CWE-307"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0286","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2026-36189","sourceIdentifier":"cve@mitre.org","published":"2026-05-21T15:16:24.500","lastModified":"2026-05-21T16:16:22.890","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Buffer Overflow vulnerability in Uncrustify Project Affected v.Uncrustify_d-0.82.0-132-bcc41cbdc and Fixed in commit 68e67b9a1435a1bb173b106fedb4a4f510972bdc allows a local attacker to cause a denial of service via the check_template.cpp, check_template function, tokenize_cleanup function, uncrustify executable components"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.2,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":3.6}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-120"}]}],"references":[{"url":"https://gist.github.com/Criticayon/5da6d6c9cf068e494347c659d01982a9","source":"cve@mitre.org"},{"url":"https://github.com/uncrustify/uncrustify%2Chttps://github.com/uncrustify/uncrustify/issues/4636%2C","source":"cve@mitre.org"},{"url":"https://github.com/uncrustify/uncrustify/pull/4641","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-39531","sourceIdentifier":"audit@patchstack.com","published":"2026-05-21T16:16:23.030","lastModified":"2026-05-21T19:10:36.607","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection.\n\nThis issue affects WP Directory Kit: from n/a through 1.5.0."}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/wpdirectorykit/vulnerability/wordpress-wp-directory-kit-plugin-1-5-0-sql-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-48213","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-21T17:16:22.370","lastModified":"2026-05-21T19:10:12.323","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticket_id POST parameter directly into an HTML form input value attribute. Attackers can craft a malicious request containing a JavaScript payload that executes in the victim's browser when the response is rendered."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff","source":"disclosure@vulncheck.com"},{"url":"https://github.com/openises/tickets/releases/tag/v3.44.2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/open-ises-tickets-reflected-xss-via-add-php-ticket-id-parameter","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-39593","sourceIdentifier":"audit@patchstack.com","published":"2026-05-21T18:16:17.203","lastModified":"2026-05-21T19:10:36.607","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in VillaTheme HAPPY allows Exploiting Incorrectly Configured Access Control Security Levels.\n\nThis issue affects HAPPY: from n/a through 1.0.10."}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/happy-helpdesk-support-ticket-system/vulnerability/wordpress-happy-plugin-1-0-10-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-48214","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-21T18:16:17.603","lastModified":"2026-05-21T19:10:12.323","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add_nm.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticket_id POST parameter directly into an HTML form input value attribute and an inline JavaScript string literal. Attackers can craft a malicious request containing a JavaScript payload that executes in the victim's browser when the response is rendered."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff","source":"disclosure@vulncheck.com"},{"url":"https://github.com/openises/tickets/releases/tag/v3.44.2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/open-ises-tickets-reflected-xss-via-add-nm-php-ticket-id-parameter","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-48215","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-21T18:16:17.730","lastModified":"2026-05-21T19:10:12.323","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in circle.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frm_id POST parameter directly into an HTML form input value attribute. Attackers can craft a malicious request containing a JavaScript payload that executes in the victim's browser when the response is rendered."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff","source":"disclosure@vulncheck.com"},{"url":"https://github.com/openises/tickets/releases/tag/v3.44.2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/open-ises-tickets-reflected-xss-via-circle-php-frm-id-parameter","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-48216","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-21T18:16:17.857","lastModified":"2026-05-21T19:10:12.323","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in db_loader.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters (ticketshost, ticketsdb, ticketsuser, ticketspassword, ticketsprefix, db_schema) directly into HTML form input value attributes. Attackers can craft a malicious request containing a JavaScript payload that executes in the victim's browser when the response is rendered."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff","source":"disclosure@vulncheck.com"},{"url":"https://github.com/openises/tickets/releases/tag/v3.44.2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/open-ises-tickets-reflected-xss-via-db-loader-php-multiple-parameters","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-48217","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-21T18:16:17.983","lastModified":"2026-05-21T19:10:12.323","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in delete_module.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters (module_choice, flag, confirmation) directly into rendered HTML content and form action attributes. Attackers can craft a malicious request containing a JavaScript payload that executes in the victim's browser when the response is rendered."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff","source":"disclosure@vulncheck.com"},{"url":"https://github.com/openises/tickets/releases/tag/v3.44.2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/open-ises-tickets-reflected-xss-via-delete-module-php-multiple-parameters","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-48218","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-21T18:16:18.110","lastModified":"2026-05-21T19:10:12.323","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in icons/buttons/landb.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frm_name and frm_id POST parameters directly into rendered HTML content and inline JavaScript. Attackers can craft a malicious request containing a JavaScript payload that executes in the victim's browser when the response is rendered."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff","source":"disclosure@vulncheck.com"},{"url":"https://github.com/openises/tickets/releases/tag/v3.44.2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/open-ises-tickets-reflected-xss-via-icons-buttons-landb-php-frm-name-and-frm-id-parameters","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-48219","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-21T18:16:18.237","lastModified":"2026-05-21T19:10:12.323","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics202.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frm_add_str POST parameter directly into an HTML form hidden input value attribute. Attackers can craft a malicious request containing a JavaScript payload that executes in the victim's browser when the response is rendered."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff","source":"disclosure@vulncheck.com"},{"url":"https://github.com/openises/tickets/releases/tag/v3.44.2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/open-ises-tickets-reflected-xss-via-ics202-php-frm-add-str-parameter","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-48220","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-21T18:16:18.360","lastModified":"2026-05-21T19:10:12.323","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics205.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frm_add_str POST parameter directly into an HTML form hidden input value attribute. Attackers can craft a malicious request containing a JavaScript payload that executes in the victim's browser when the response is rendered."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff","source":"disclosure@vulncheck.com"},{"url":"https://github.com/openises/tickets/releases/tag/v3.44.2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/open-ises-tickets-reflected-xss-via-ics205-php-frm-add-str-parameter","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-48221","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-21T18:16:18.490","lastModified":"2026-05-21T19:10:12.323","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics205a.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frm_add_str POST parameter directly into an HTML form hidden input value attribute. Attackers can craft a malicious request containing a JavaScript payload that executes in the victim's browser when the response is rendered."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff","source":"disclosure@vulncheck.com"},{"url":"https://github.com/openises/tickets/releases/tag/v3.44.2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/open-ises-tickets-reflected-xss-via-ics205a-php-frm-add-str-parameter","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-48222","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-21T18:16:18.613","lastModified":"2026-05-21T19:10:12.323","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics213.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frm_add_str POST parameter directly into an HTML form hidden input value attribute. Attackers can craft a malicious request containing a JavaScript payload that executes in the victim's browser when the response is rendered."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff","source":"disclosure@vulncheck.com"},{"url":"https://github.com/openises/tickets/releases/tag/v3.44.2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/open-ises-tickets-reflected-xss-via-ics213-php-frm-add-str-parameter","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-48223","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-21T18:16:18.740","lastModified":"2026-05-21T19:10:12.323","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics213rr.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frm_add_str POST parameter directly into an HTML form hidden input value attribute. Attackers can craft a malicious request containing a JavaScript payload that executes in the victim's browser when the response is rendered."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff","source":"disclosure@vulncheck.com"},{"url":"https://github.com/openises/tickets/releases/tag/v3.44.2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/open-ises-tickets-reflected-xss-via-ics213rr-php-frm-add-str-parameter","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-48224","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-21T18:16:18.870","lastModified":"2026-05-21T19:10:12.323","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics214.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frm_add_str POST parameter directly into an HTML form hidden input value attribute. Attackers can craft a malicious request containing a JavaScript payload that executes in the victim's browser when the response is rendered."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff","source":"disclosure@vulncheck.com"},{"url":"https://github.com/openises/tickets/releases/tag/v3.44.2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/open-ises-tickets-reflected-xss-via-ics214-php-frm-add-str-parameter","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-48225","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-21T18:16:19.000","lastModified":"2026-05-21T19:10:12.323","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in landb.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the _type POST parameter directly into an HTML form hidden input value attribute. Attackers can craft a malicious request containing a JavaScript payload that executes in the victim's browser when the response is rendered."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff","source":"disclosure@vulncheck.com"},{"url":"https://github.com/openises/tickets/releases/tag/v3.44.2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/open-ises-tickets-reflected-xss-via-landb-php-type-parameter","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-48226","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-21T18:16:19.127","lastModified":"2026-05-21T19:10:12.323","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in os_watch.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ref and mode_orig POST parameters directly into HTML form hidden input value attributes. Attackers can craft a malicious request containing a JavaScript payload that executes in the victim's browser when the response is rendered."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff","source":"disclosure@vulncheck.com"},{"url":"https://github.com/openises/tickets/releases/tag/v3.44.2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/open-ises-tickets-reflected-xss-via-os-watch-php-ref-and-mode-orig-parameters","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-48227","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-21T18:16:19.257","lastModified":"2026-05-21T19:10:12.323","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patient.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the id and ticket_id GET parameters directly into an HTML form action URL. Attackers can craft a malicious request containing a JavaScript payload that executes in the victim's browser when the response is rendered."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff","source":"disclosure@vulncheck.com"},{"url":"https://github.com/openises/tickets/releases/tag/v3.44.2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/open-ises-tickets-reflected-xss-via-patient-php-id-and-ticket-id-parameters","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-48228","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-21T18:16:19.380","lastModified":"2026-05-21T19:10:12.323","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patient_w.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the id and ticket_id GET parameters directly into an HTML form action URL. Attackers can craft a malicious request containing a JavaScript payload that executes in the victim's browser when the response is rendered."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff","source":"disclosure@vulncheck.com"},{"url":"https://github.com/openises/tickets/releases/tag/v3.44.2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/open-ises-tickets-reflected-xss-via-patient-w-php-id-and-ticket-id-parameters","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-48229","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-21T18:16:19.507","lastModified":"2026-05-21T19:10:12.323","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in routes_i.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticket_id GET parameter directly into HTML form hidden input value attributes. Attackers can craft a malicious request containing a JavaScript payload that executes in the victim's browser when the response is rendered."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff","source":"disclosure@vulncheck.com"},{"url":"https://github.com/openises/tickets/releases/tag/v3.44.2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/open-ises-tickets-reflected-xss-via-routes-i-php-ticket-id-parameter","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-48230","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-21T18:16:19.640","lastModified":"2026-05-21T19:10:12.323","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ticketsmdb_import.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters (mdbhost, mdbdb, mdbuser, mdbpassword, mdbprefix, ticketshost, ticketsdb, ticketsuser, ticketspassword, ticketsprefix) directly into HTML form hidden input value attributes. Attackers can craft a malicious request containing a JavaScript payload that executes in the victim's browser when the response is rendered."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff","source":"disclosure@vulncheck.com"},{"url":"https://github.com/openises/tickets/releases/tag/v3.44.2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/open-ises-tickets-reflected-xss-via-ticketsmdb-import-php-multiple-parameters","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-48231","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-21T18:16:19.790","lastModified":"2026-05-21T19:10:12.323","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in tables.php where the multiple POST parameters (tablename, indexname, sortby) are concatenated into table/column identifiers in dynamically constructed SELECT/UPDATE/DELETE statements without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modify, or destroy database contents."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff","source":"disclosure@vulncheck.com"},{"url":"https://github.com/openises/tickets/releases/tag/v3.44.2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/open-ises-tickets-sql-injection-via-tables-php-multiple-parameters","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-48232","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-21T18:16:19.927","lastModified":"2026-05-21T19:10:12.323","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/fullsit_incidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modify, or destroy database contents."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff","source":"disclosure@vulncheck.com"},{"url":"https://github.com/openises/tickets/releases/tag/v3.44.2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/open-ises-tickets-sql-injection-via-ajax-fullsit-incidents-php-offset-parameter","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-48233","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-21T18:16:20.050","lastModified":"2026-05-21T19:10:12.323","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/sit_incidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modify, or destroy database contents."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff","source":"disclosure@vulncheck.com"},{"url":"https://github.com/openises/tickets/releases/tag/v3.44.2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/open-ises-tickets-sql-injection-via-ajax-sit-incidents-php-offset-parameter","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-48234","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-21T18:16:20.180","lastModified":"2026-05-21T19:10:12.323","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in portal/ajax/list_requests.php where the sort and dir GET parameters are concatenated into the ORDER BY clause of a SELECT statement without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modify, or destroy database contents."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff","source":"disclosure@vulncheck.com"},{"url":"https://github.com/openises/tickets/releases/tag/v3.44.2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/open-ises-tickets-sql-injection-via-portal-ajax-list-requests-php-sort-and-dir-parameters","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-48235","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-21T18:16:20.310","lastModified":"2026-05-21T19:10:12.323","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in incs/remotes.inc.php where latitude, longitude, callsign, mph, altitude, and timestamp values parsed from external GPS tracking service XML/JSON responses (InstaMapper and Google Latitude integration) are concatenated into UPDATE and INSERT statements without sanitization. An attacker able to compromise or impersonate the remote GPS tracker endpoint can inject SQL to manipulate the responder location, tracks, and assignment tables."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff","source":"disclosure@vulncheck.com"},{"url":"https://github.com/openises/tickets/releases/tag/v3.44.2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/open-ises-tickets-sql-injection-via-incs-remotes-inc-php-multiple-parameters","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-48236","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-21T18:16:20.440","lastModified":"2026-05-21T19:10:12.323","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in db_loader.php where the multiple POST parameters (ticketsdb, ticketshost, ticketsuser, ticketspassword) are concatenated into mysqli connection arguments and dynamic SQL operating against an attacker-controlled database without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modify, or destroy database contents."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff","source":"disclosure@vulncheck.com"},{"url":"https://github.com/openises/tickets/releases/tag/v3.44.2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/open-ises-tickets-sql-injection-via-db-loader-php-multiple-parameters","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-48237","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-21T18:16:20.570","lastModified":"2026-05-21T19:10:12.323","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in message.php where the frm_ticket_id and frm_resp_id POST parameters are concatenated into WHERE clauses of SELECT/UPDATE statements without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modify, or destroy database contents."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff","source":"disclosure@vulncheck.com"},{"url":"https://github.com/openises/tickets/releases/tag/v3.44.2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/open-ises-tickets-sql-injection-via-message-php-frm-ticket-id-and-frm-resp-id-parameters","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-48238","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-21T18:16:20.697","lastModified":"2026-05-21T19:10:12.323","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/mobile_main.php where the id GET parameter is concatenated into the WHERE clause of a SELECT statement used as a ticket-existence sanity check without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modify, or destroy database contents."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff","source":"disclosure@vulncheck.com"},{"url":"https://github.com/openises/tickets/releases/tag/v3.44.2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/open-ises-tickets-sql-injection-via-ajax-mobile-main-php-id-parameter","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-48239","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-21T18:16:20.820","lastModified":"2026-05-21T19:10:12.323","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/reports.php where the tick_id POST parameter is concatenated into the WHERE clause of SELECT statements in the incidents summary report without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modify, or destroy database contents."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff","source":"disclosure@vulncheck.com"},{"url":"https://github.com/openises/tickets/releases/tag/v3.44.2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/open-ises-tickets-sql-injection-via-ajax-reports-php-tick-id-parameter","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-48240","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-21T18:16:20.943","lastModified":"2026-05-21T19:10:12.323","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/statistics.php where the tick_id and f_tick_id POST parameters are concatenated into WHERE clauses of SELECT statements in the statistics rollup queries without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modify, or destroy database contents."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff","source":"disclosure@vulncheck.com"},{"url":"https://github.com/openises/tickets/releases/tag/v3.44.2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/open-ises-tickets-sql-injection-via-ajax-statistics-php-tick-id-and-f-tick-id-parameters","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-48241","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-21T18:16:21.070","lastModified":"2026-05-21T19:10:12.323","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Open ISES Tickets before 3.44.2 contains hardcoded MySQL database credentials in loader.php (a public-facing database utility) that are committed to the source repository. Any actor with access to the public source tree (or an unauthenticated attacker with read access to the file on a deployed installation) can read the username, password, and database name and use them to connect to the database if it is reachable from their network."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-798"}]}],"references":[{"url":"https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff","source":"disclosure@vulncheck.com"},{"url":"https://github.com/openises/tickets/releases/tag/v3.44.2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/open-ises-tickets-hardcoded-mysql-credentials-in-loader-php","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-48242","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-21T18:16:21.220","lastModified":"2026-05-21T19:10:12.323","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Open ISES Tickets before 3.44.2 contains hardcoded MySQL database connection credentials (host, username, password, database name) in import_mdb.php. The credentials are embedded in source code committed to the public repository, allowing any reader of the source to obtain valid configuration values that may match deployed installations."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-798"}]}],"references":[{"url":"https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff","source":"disclosure@vulncheck.com"},{"url":"https://github.com/openises/tickets/releases/tag/v3.44.2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/open-ises-tickets-hardcoded-mysql-credentials-in-import-mdb-php","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-48243","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-21T18:16:21.380","lastModified":"2026-05-21T19:10:12.323","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Open ISES Tickets before 3.44.2 embeds a hardcoded WhitePages reverse-phone API key in wp1.php that is committed to the public source repository. Any actor with read access to the source tree can extract the key and use it to make third-party API calls billed to or rate-limited against the original owner's WhitePages account."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-798"}]}],"references":[{"url":"https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff","source":"disclosure@vulncheck.com"},{"url":"https://github.com/openises/tickets/releases/tag/v3.44.2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/open-ises-tickets-hardcoded-whitepages-api-key-in-wp1-php","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-48244","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-21T18:16:21.530","lastModified":"2026-05-21T19:10:12.323","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Open ISES Tickets before 3.44.2 embeds a hardcoded Google Maps API key in settings.inc.php that is committed to the public source repository. The key can be extracted by anyone with read access to the source and used to make Google Maps Platform requests billed against the original owner's Google Cloud project."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-798"}]}],"references":[{"url":"https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff","source":"disclosure@vulncheck.com"},{"url":"https://github.com/openises/tickets/releases/tag/v3.44.2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/open-ises-tickets-hardcoded-google-maps-api-key-in-settings-inc-php","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-48245","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-21T18:16:21.653","lastModified":"2026-05-21T19:10:12.323","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Open ISES Tickets before 3.44.2 embeds a hardcoded Google Maps API key in tables.php that is committed to the public source repository. The key can be extracted by anyone with read access to the source and used to make Google Maps Platform requests billed against the original owner's Google Cloud project."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-798"}]}],"references":[{"url":"https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff","source":"disclosure@vulncheck.com"},{"url":"https://github.com/openises/tickets/releases/tag/v3.44.2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/open-ises-tickets-hardcoded-google-maps-api-key-in-tables-php","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-48246","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-21T18:16:21.780","lastModified":"2026-05-21T19:10:12.323","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Open ISES Tickets before 3.44.2 disables TLS certificate verification in ajax/reports.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound HTTPS requests for Google Maps Directions API lookups during incident report generation. An attacker positioned on the network path between the server and the remote endpoint can present a forged certificate to intercept, monitor, or modify the request and response, including any API keys or session-bearing data in transit."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-295"}]}],"references":[{"url":"https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff","source":"disclosure@vulncheck.com"},{"url":"https://github.com/openises/tickets/releases/tag/v3.44.2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/open-ises-tickets-disabled-tls-certificate-verification-in-ajax-reports-php","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-48247","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-21T18:16:21.910","lastModified":"2026-05-21T19:10:12.323","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/functions.inc.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound HTTPS requests for general-purpose outbound HTTPS requests issued by the shared helper functions. An attacker positioned on the network path between the server and the remote endpoint can present a forged certificate to intercept, monitor, or modify the request and response, including any API keys or session-bearing data in transit."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-295"}]}],"references":[{"url":"https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff","source":"disclosure@vulncheck.com"},{"url":"https://github.com/openises/tickets/releases/tag/v3.44.2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/open-ises-tickets-disabled-tls-certificate-verification-in-incs-functions-inc-php","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-48248","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-21T18:16:22.037","lastModified":"2026-05-21T19:10:12.323","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/login.inc.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound HTTPS requests for outbound HTTPS requests issued during the login/authentication flow. An attacker positioned on the network path between the server and the remote endpoint can present a forged certificate to intercept, monitor, or modify the request and response, including any API keys or session-bearing data in transit."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-295"}]}],"references":[{"url":"https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff","source":"disclosure@vulncheck.com"},{"url":"https://github.com/openises/tickets/releases/tag/v3.44.2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/open-ises-tickets-disabled-tls-certificate-verification-in-incs-login-inc-php","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-48249","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-21T18:16:22.167","lastModified":"2026-05-21T19:10:12.323","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Open ISES Tickets before 3.44.2 disables TLS certificate verification in rm/incs/mobile_login.inc.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound HTTPS requests for outbound HTTPS requests issued during the mobile (RouteMate) login flow. An attacker positioned on the network path between the server and the remote endpoint can present a forged certificate to intercept, monitor, or modify the request and response, including any API keys or session-bearing data in transit."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-295"}]}],"references":[{"url":"https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff","source":"disclosure@vulncheck.com"},{"url":"https://github.com/openises/tickets/releases/tag/v3.44.2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/open-ises-tickets-disabled-tls-certificate-verification-in-rm-incs-mobile-login-inc-php","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-47114","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-21T20:16:14.340","lastModified":"2026-05-21T21:03:56.320","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"IINA before 1.4.3 contains a user-assisted command execution vulnerability that allows remote attackers to execute arbitrary commands by supplying malicious mpv_-prefixed query parameters through the iina://open custom URL scheme handler. Attackers can deliver a crafted URL via a browser that passes unvalidated mpv_options/input-commands parameters into the mpv runtime, causing arbitrary command execution as the current macOS user upon approval of the browser protocol prompt without requiring a valid media file."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-88"}]}],"references":[{"url":"https://binary.stackpointer.re/iina-142-url-scheme-command-execution","source":"disclosure@vulncheck.com"},{"url":"https://github.com/iina/iina/commit/1e6f43248dab9d6ae303781c790e5315cbc9fcef","source":"disclosure@vulncheck.com"},{"url":"https://github.com/iina/iina/releases/tag/v1.4.3","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/iina-command-execution-via-iina-open-url-scheme","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-4843","sourceIdentifier":"security@wordfence.com","published":"2026-05-21T20:16:14.723","lastModified":"2026-05-21T21:03:56.320","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The GSheet For Woo Importer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the process_ajax_restore_action() function in all versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete the plugin's Google Sheets API token and configuration options."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/import-products-from-gsheet-for-woo-importer/tags/2.3.1/src/Actions/AdminSettingsAction.php#L391","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b0d60991-0675-4efa-9427-380e6b59fe28?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-8352","sourceIdentifier":"security@wordfence.com","published":"2026-05-21T21:16:33.893","lastModified":"2026-05-21T21:16:33.893","vulnStatus":"Rejected","cveTags":[],"descriptions":[{"lang":"en","value":"Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage."}],"metrics":{},"references":[]}}]}