{"resultsPerPage":544,"startIndex":0,"totalResults":544,"format":"NVD_CVE","version":"2.0","timestamp":"2026-07-12T12:21:38.860","vulnerabilities":[{"cve":{"id":"CVE-2019-19006","sourceIdentifier":"cve@mitre.org","published":"2019-11-21T18:15:11.993","lastModified":"2026-06-17T15:45:04.213","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control."},{"lang":"es","value":"Sangoma FreePBX versión 115.0.16.26 y anteriores, versión 14.0.13.11 y anteriores, versión 13.0.197.13 y anteriores, presenta un Control de Acceso Incorrecto."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-02-03T15:26:06.683222Z","id":"CVE-2019-19006","options":[{"exploitation":"active"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"cisaExploitAdd":"2026-02-03","cisaActionDue":"2026-02-24","cisaRequiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","cisaVulnerabilityName":" Sangoma FreePBX Improper Authentication Vulnerability","weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*","versionStartIncluding":"13.0.0.0","versionEndIncluding":"13.0.197.13","matchCriteriaId":"15601D4B-F4D7-4A59-AA59-F9C28DCF6E33"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*","versionStartIncluding":"14.0.0.0","versionEndIncluding":"14.0.13.11","matchCriteriaId":"BC783D51-829F-4F40-8C11-8006CFD56701"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*","versionStartIncluding":"15.0.0.0","versionEndIncluding":"15.0.16.26","matchCriteriaId":"55D2FF3D-ED67-46E2-98D5-E01B14100E9E"}]}]}],"references":[{"url":"https://community.freepbx.org/t/freepbx-security-vulnerability-sec-2019-001/62772","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://pastebin.com/2CdsQMKW","source":"cve@mitre.org","tags":["Broken Link"]},{"url":"https://wiki.freepbx.org/display/FOP/2019-11-20+Remote+Admin+Authentication+Bypass","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://www.freepbx.org/category/blog/","source":"cve@mitre.org","tags":["Product"]},{"url":"https://community.freepbx.org/t/freepbx-security-vulnerability-sec-2019-001/62772","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://pastebin.com/2CdsQMKW","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"https://wiki.freepbx.org/display/FOP/2019-11-20+Remote+Admin+Authentication+Bypass","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.freepbx.org/category/blog/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]},{"url":"https://research.checkpoint.com/2020/inj3ctor3-operation-leveraging-asterisk-servers-for-monetization/","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-19006","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}},{"cve":{"id":"CVE-2024-3166","sourceIdentifier":"security@huntr.dev","published":"2024-06-06T19:16:00.817","lastModified":"2026-06-17T19:09:20.770","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A Cross-Site Scripting (XSS) vulnerability exists in mintplex-labs/anything-llm, affecting both the desktop application version 1.2.0 and the latest version of the web application. The vulnerability arises from the application's feature to fetch and embed content from websites into workspaces, which can be exploited to execute arbitrary JavaScript code. In the desktop application, this flaw can be escalated to Remote Code Execution (RCE) due to insecure application settings, specifically the enabling of 'nodeIntegration' and the disabling of 'contextIsolation' in Electron's webPreferences. The issue has been addressed in version 1.4.2 of the desktop application."},{"lang":"es","value":"Existe una vulnerabilidad de Cross-site Scripting (XSS) en mintplex-labs/anything-llm, que afecta tanto a la versión 1.2.0 de la aplicación de escritorio como a la última versión de la aplicación web. La vulnerabilidad surge de la función de la aplicación para buscar e incrustar contenido de sitios web en espacios de trabajo, que pueden explotarse para ejecutar código JavaScript arbitrario. En la aplicación de escritorio, esta falla se puede escalar a ejecución remota de código (RCE) debido a configuraciones inseguras de la aplicación, específicamente la habilitación de 'nodeIntegration' y la deshabilitación de 'contextIsolation' en las preferencias web de Electron. El problema se solucionó en la versión 1.4.2 de la aplicación de escritorio."}],"affected":[{"source":"security@huntr.dev","affectedData":[{"vendor":"mintplex-labs","product":"mintplex-labs/anything-llm","versions":[{"version":"unspecified","lessThan":"1.4.2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":6.0}],"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N","baseScore":3.4,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-06-07T17:05:06.902805Z","id":"CVE-2024-3166","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mintplexlabs:anythingllm_desktop:*:*:*:*:*:*:*:*","versionEndExcluding":"1.4.2","matchCriteriaId":"C0D2A007-0DC9-4038-8A27-3317D8A755CB"},{"vulnerable":true,"criteria":"cpe:2.3:a:mintplexlabs:anythingllm_docker:*:*:*:*:*:*:*:*","versionEndIncluding":"1.2.0","matchCriteriaId":"83B12A71-9CD6-4B27-8093-DED71FA4FB40"}]}]}],"references":[{"url":"https://github.com/mintplex-labs/anything-llm/commit/fa27103d032c58904c49b92ee13fabc19a20a5ce","source":"security@huntr.dev","tags":["Patch"]},{"url":"https://huntr.com/bounties/af288bd3-8824-4216-a294-ae9fb444e5db","source":"security@huntr.dev","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/mintplex-labs/anything-llm/commit/fa27103d032c58904c49b92ee13fabc19a20a5ce","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://huntr.com/bounties/af288bd3-8824-4216-a294-ae9fb444e5db","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-40108","sourceIdentifier":"security@android.com","published":"2025-01-21T23:15:11.320","lastModified":"2026-06-17T13:19:08.923","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In multiple locations, there is a possible way to access media content belonging to another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."},{"lang":"es","value":"En varias ubicaciones, existe una forma posible de acceder al contenido multimedia que pertenece a otro usuario debido a la falta de verificación de permisos. Esto podría provocar la divulgación de información local sin necesidad de privilegios de ejecución adicionales. No se necesita la interacción del usuario para la explotación."}],"affected":[{"source":"security@android.com","affectedData":[{"vendor":"Google","product":"Android","defaultStatus":"unaffected","versions":[{"version":"17","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-01-22T17:46:38.159359Z","id":"CVE-2023-40108","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*","matchCriteriaId":"F8FB8EE9-FC56-4D5E-AE55-A5967634740C"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*","matchCriteriaId":"C64C1583-CDE0-4C1F-BDE6-05643C1BDD72"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*","matchCriteriaId":"879FFD0C-9B38-4CAA-B057-1086D794D469"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*","matchCriteriaId":"2700BCC5-634D-4EC6-AB67-5B678D5F951D"}]}]}],"references":[{"url":"https://source.android.com/docs/security/bulletin/android-17","source":"security@android.com"}]}},{"cve":{"id":"CVE-2023-40132","sourceIdentifier":"security@android.com","published":"2025-01-21T23:15:11.437","lastModified":"2026-06-17T13:19:10.280","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In setActualDefaultRingtoneUri of RingtoneManager.java, there is a possible way to bypass content providers read permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation."},{"lang":"es","value":"En setActualDefaultRingtoneUri de RingtoneManager.java, existe una forma posible de eludir los permisos de lectura de los proveedores de contenido debido a la falta de una verificación de permisos. Esto podría provocar una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. Se necesita la interacción del usuario para la explotación."}],"affected":[{"source":"security@android.com","affectedData":[{"vendor":"Google","product":"Android","defaultStatus":"unaffected","versions":[{"version":"17","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-01-22T17:42:06.022715Z","id":"CVE-2023-40132","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-276"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*","matchCriteriaId":"F8FB8EE9-FC56-4D5E-AE55-A5967634740C"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*","matchCriteriaId":"C64C1583-CDE0-4C1F-BDE6-05643C1BDD72"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*","matchCriteriaId":"879FFD0C-9B38-4CAA-B057-1086D794D469"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*","matchCriteriaId":"2700BCC5-634D-4EC6-AB67-5B678D5F951D"}]}]}],"references":[{"url":"https://source.android.com/docs/security/bulletin/android-17","source":"security@android.com"}]}},{"cve":{"id":"CVE-2025-38553","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-08-19T06:15:33.407","lastModified":"2026-06-17T19:16:25.273","vulnStatus":"Rejected","cveTags":[],"descriptions":[{"lang":"en","value":"Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."}],"metrics":{},"references":[]}},{"cve":{"id":"CVE-2025-57819","sourceIdentifier":"security-advisories@github.com","published":"2025-08-28T17:15:36.790","lastModified":"2026-06-17T15:45:07.083","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issue has been patched in endpoint versions 15.0.66, 16.0.89, and 17.0.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"FreePBX","product":"endpoint","versions":[{"version":"< 15.0.66","status":"affected"},{"version":"< 16.0.89","status":"affected"},{"version":"< 17.0.3","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-08-29T03:55:27.563332Z","id":"CVE-2025-57819","options":[{"exploitation":"active"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"cisaExploitAdd":"2025-08-29","cisaActionDue":"2025-09-19","cisaRequiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","cisaVulnerabilityName":"Sangoma FreePBX Authentication Bypass Vulnerability","weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"},{"lang":"en","value":"CWE-288"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*","versionStartIncluding":"15.0","versionEndExcluding":"15.0.66","matchCriteriaId":"F9143871-4B1B-4E24-BEC2-BFD90A93D22E"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*","versionStartIncluding":"16.0","versionEndExcluding":"16.0.89","matchCriteriaId":"CA0527BD-AE80-4126-A72A-008EEC486381"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*","versionStartIncluding":"17.0","versionEndExcluding":"17.0.3","matchCriteriaId":"89857E91-C727-4043-8BCE-A2A089D6F720"}]}]}],"references":[{"url":"https://community.freepbx.org/t/security-advisory-please-lock-down-your-administrator-access/107203","source":"security-advisories@github.com","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://github.com/FreePBX/security-reporting/security/advisories/GHSA-m42g-xg4c-5f3h","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://github.com/watchtowrlabs/watchTowr-vs-FreePBX-CVE-2025-57819","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-57819","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}},{"cve":{"id":"CVE-2025-64328","sourceIdentifier":"security-advisories@github.com","published":"2025-11-07T04:15:47.397","lastModified":"2026-06-17T15:45:21.527","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions 17.0.2.36 and above before 17.0.3, the filestore module within the Administrative interface is vulnerable to a post-authentication command injection by an authenticated known user via the testconnection -> check_ssh_connect() function. An attacker can leverage this vulnerability to obtain remote access to the system as an asterisk user. This issue is fixed in version 17.0.3."},{"lang":"es","value":"FreePBX Endpoint Manager es un módulo para gestionar puntos finales de telefonía en sistemas FreePBX. En las versiones 17.0.2.36 y superiores anteriores a la 17.0.3, el módulo filestore dentro de la interfaz Administrativa es vulnerable a una inyección de comandos post-autenticación por un usuario conocido autenticado a través de la función testconnection -&gt; check_ssh_connect(). Un atacante puede aprovechar esta vulnerabilidad para obtener acceso remoto al sistema como usuario asterisk. Este problema está solucionado en la versión 17.0.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"FreePBX","product":"filestore","versions":[{"version":">= 17.0.2.36, < 17.0.3","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-02-03T15:25:17.324538Z","id":"CVE-2025-64328","options":[{"exploitation":"active"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"cisaExploitAdd":"2026-02-03","cisaActionDue":"2026-02-24","cisaRequiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","cisaVulnerabilityName":"Sangoma FreePBX OS Command Injection Vulnerability","weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:filestore:*:*:*:*:*:freepbx:*:*","versionStartIncluding":"17.0.2.36","versionEndExcluding":"17.0.3","matchCriteriaId":"C4E7AAAC-2335-4033-8C38-7E20E764BA41"}]}]}],"references":[{"url":"https://github.com/FreePBX/filestore/blob/f0e3983059271efd80b483ec823310ef19a59013/drivers/SSH/testconnection.php#L2","source":"security-advisories@github.com","tags":["Product"]},{"url":"https://github.com/FreePBX/security-reporting/security/advisories/GHSA-vm9p-46mv-5xvw","source":"security-advisories@github.com","tags":["Vendor Advisory","Mitigation"]},{"url":"https://www.freepbx.org/watch-what-we-do-with-security-fixes-%f0%9f%91%80","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-64328","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://www.fortinet.com/blog/threat-research/unveiling-the-weaponized-web-shell-encystphp","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-22980","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-01-23T16:15:54.003","lastModified":"2026-06-17T13:20:09.413","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: provide locking for v4_end_grace\n\nWriting to v4_end_grace can race with server shutdown and result in\nmemory being accessed after it was freed - reclaim_str_hashtbl in\nparticularly.\n\nWe cannot hold nfsd_mutex across the nfsd4_end_grace() call as that is\nheld while client_tracking_op->init() is called and that can wait for\nan upcall to nfsdcltrack which can write to v4_end_grace, resulting in a\ndeadlock.\n\nnfsd4_end_grace() is also called by the landromat work queue and this\ndoesn't require locking as server shutdown will stop the work and wait\nfor it before freeing anything that nfsd4_end_grace() might access.\n\nHowever, we must be sure that writing to v4_end_grace doesn't restart\nthe work item after shutdown has already waited for it.  For this we\nadd a new flag protected with nn->client_lock.  It is set only while it\nis safe to make client tracking calls, and v4_end_grace only schedules\nwork while the flag is set with the spinlock held.\n\nSo this patch adds a nfsd_net field \"client_tracking_active\" which is\nset as described.  Another field \"grace_end_forced\", is set when\nv4_end_grace is written.  After this is set, and providing\nclient_tracking_active is set, the laundromat is scheduled.\nThis \"grace_end_forced\" field bypasses other checks for whether the\ngrace period has finished.\n\nThis resolves a race which can result in use-after-free."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nnfsd: proporcionar bloqueo para v4_end_grace\n\nEscribir en v4_end_grace puede competir con el apagado del servidor y resultar en que la memoria sea accedida después de haber sido liberada - reclaim_str_hashtbl en particular.\n\nNo podemos mantener nfsd_mutex durante la llamada a nfsd4_end_grace() ya que se mantiene mientras se llama a client_tracking_op-&gt;init() y eso puede esperar una llamada ascendente a nfsdcltrack que puede escribir en v4_end_grace, resultando en un interbloqueo.\n\nnfsd4_end_grace() también es llamada por la cola de trabajo 'landromat' y esto no requiere bloqueo ya que el apagado del servidor detendrá el trabajo y esperará por él antes de liberar cualquier cosa a la que nfsd4_end_grace() pudiera acceder.\n\nSin embargo, debemos asegurarnos de que escribir en v4_end_grace no reinicie el elemento de trabajo después de que el apagado ya lo haya esperado. Para esto añadimos una nueva bandera protegida con nn-&gt;client_lock. Se establece solo mientras es seguro realizar llamadas de seguimiento de cliente, y v4_end_grace solo programa trabajo mientras la bandera está establecida con el spinlock mantenido.\n\nAsí, este parche añade un campo nfsd_net 'client_tracking_active' que se establece como se describe. Otro campo 'grace_end_forced', se establece cuando se escribe en v4_end_grace. Después de que esto se establece, y siempre que client_tracking_active esté establecido, el 'laundromat' es programado. Este campo 'grace_end_forced' omite otras comprobaciones para determinar si el período de gracia ha terminado.\n\nEsto resuelve una condición de carrera que puede resultar en uso después de liberación."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/nfsd/netns.h","fs/nfsd/nfs4state.c","fs/nfsd/nfsctl.c","fs/nfsd/state.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"7f5ef2e900d9462bf9cffaf6bb246ed87a20a6d6","lessThan":"ca97360860eb02e3ae4ba42c19b439a0fcecbf06","versionType":"git","status":"affected"},{"version":"7f5ef2e900d9462bf9cffaf6bb246ed87a20a6d6","lessThan":"e8bfa2401d4c51eca6e48e9b33c798828ca9df61","versionType":"git","status":"affected"},{"version":"7f5ef2e900d9462bf9cffaf6bb246ed87a20a6d6","lessThan":"34eb22836e0cdba093baac66599d68c4cd245a9d","versionType":"git","status":"affected"},{"version":"7f5ef2e900d9462bf9cffaf6bb246ed87a20a6d6","lessThan":"06600719d0f7a723811c45e4d51f5b742f345309","versionType":"git","status":"affected"},{"version":"7f5ef2e900d9462bf9cffaf6bb246ed87a20a6d6","lessThan":"ba4811c8b433bfa681729ca42cc62b6034f223b0","versionType":"git","status":"affected"},{"version":"7f5ef2e900d9462bf9cffaf6bb246ed87a20a6d6","lessThan":"53f07d095e7e680c5e4569a55a019f2c0348cdc6","versionType":"git","status":"affected"},{"version":"7f5ef2e900d9462bf9cffaf6bb246ed87a20a6d6","lessThan":"2857bd59feb63fcf40fe4baf55401baea6b4feb4","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/nfsd/netns.h","fs/nfsd/nfs4state.c","fs/nfsd/nfsctl.c","fs/nfsd/state.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.18","status":"affected"},{"version":"0","lessThan":"3.18","versionType":"semver","status":"unaffected"},{"version":"5.10.248","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.198","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.161","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.121","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.66","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.6","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T20:36:55.336499Z","id":"CVE-2026-22980","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.18","versionEndExcluding":"5.10.248","matchCriteriaId":"80713135-E43D-4026-BAD5-679983AB1EC0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.198","matchCriteriaId":"82159CAA-B6BA-43C6-85D8-65BDBC175A7E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.161","matchCriteriaId":"E135B7E2-61FC-4DC1-8570-ABD67894FFDE"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.121","matchCriteriaId":"BB7A164B-7422-4A1C-82FB-5FCAEE53C06C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.66","matchCriteriaId":"F72B884C-B44F-40E4-9895-CE421AC663D0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.6","matchCriteriaId":"879529BC-5B4C-4EBE-BF1D-1A31404A8B2E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*","matchCriteriaId":"17B67AA7-40D6-4AFA-8459-F200F3D7CFD1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*","matchCriteriaId":"C47E4CC9-C826-4FA9-B014-7FE3D9B318B2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*","matchCriteriaId":"F71D92C0-C023-48BD-B3B6-70B638EEE298"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*","matchCriteriaId":"13580667-0A98-40CC-B29F-D12790B91BDB"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/06600719d0f7a723811c45e4d51f5b742f345309","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2857bd59feb63fcf40fe4baf55401baea6b4feb4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/34eb22836e0cdba093baac66599d68c4cd245a9d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/53f07d095e7e680c5e4569a55a019f2c0348cdc6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ba4811c8b433bfa681729ca42cc62b6034f223b0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ca97360860eb02e3ae4ba42c19b439a0fcecbf06","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e8bfa2401d4c51eca6e48e9b33c798828ca9df61","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-22990","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-01-23T16:15:55.077","lastModified":"2026-06-17T13:20:09.627","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: replace overzealous BUG_ON in osdmap_apply_incremental()\n\nIf the osdmap is (maliciously) corrupted such that the incremental\nosdmap epoch is different from what is expected, there is no need to\nBUG.  Instead, just declare the incremental osdmap to be invalid."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nlibceph: reemplazar el BUG_ON excesivo en osdmap_apply_incremental()\n\nSi el osdmap está (maliciosamente) corrupto de tal manera que la época del osdmap incremental es diferente de lo que se espera, no hay necesidad de BUG. En su lugar, simplemente declarar el osdmap incremental como inválido."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/ceph/osdmap.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"f24e9980eb860d8600cbe5ef3d2fd9295320d229","lessThan":"9aa0b0c14cefece078286d78b97d4c09685e372d","versionType":"git","status":"affected"},{"version":"f24e9980eb860d8600cbe5ef3d2fd9295320d229","lessThan":"4b106fbb1c7b841cd402abd83eb2447164c799ea","versionType":"git","status":"affected"},{"version":"f24e9980eb860d8600cbe5ef3d2fd9295320d229","lessThan":"6afd2a4213524bc742b709599a3663aeaf77193c","versionType":"git","status":"affected"},{"version":"f24e9980eb860d8600cbe5ef3d2fd9295320d229","lessThan":"d3613770e2677683e65d062da5e31f48c409abe9","versionType":"git","status":"affected"},{"version":"f24e9980eb860d8600cbe5ef3d2fd9295320d229","lessThan":"6c6cec3db3b418c4fdf815731bc39e46dff75e1b","versionType":"git","status":"affected"},{"version":"f24e9980eb860d8600cbe5ef3d2fd9295320d229","lessThan":"6348d70af847b79805374fe628d3809a63fd7df3","versionType":"git","status":"affected"},{"version":"f24e9980eb860d8600cbe5ef3d2fd9295320d229","lessThan":"e00c3f71b5cf75681dbd74ee3f982a99cb690c2b","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/ceph/osdmap.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.34","status":"affected"},{"version":"0","lessThan":"2.6.34","versionType":"semver","status":"unaffected"},{"version":"5.10.248","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.198","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.161","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.121","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.66","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.6","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T20:38:28.126291Z","id":"CVE-2026-22990","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-617"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.34.1","versionEndExcluding":"5.10.248","matchCriteriaId":"40C41FEA-994B-4964-8F5A-C7E2E24BBC05"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.198","matchCriteriaId":"82159CAA-B6BA-43C6-85D8-65BDBC175A7E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.161","matchCriteriaId":"E135B7E2-61FC-4DC1-8570-ABD67894FFDE"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.121","matchCriteriaId":"BB7A164B-7422-4A1C-82FB-5FCAEE53C06C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.66","matchCriteriaId":"F72B884C-B44F-40E4-9895-CE421AC663D0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.6","matchCriteriaId":"879529BC-5B4C-4EBE-BF1D-1A31404A8B2E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.34:-:*:*:*:*:*:*","matchCriteriaId":"A3B1BC1D-ED46-4364-A1D9-1FA74182B03A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.34:rc2:*:*:*:*:*:*","matchCriteriaId":"86D3F64C-3F27-43E0-B0D4-62CE1E1F4EFB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.34:rc3:*:*:*:*:*:*","matchCriteriaId":"7927713B-5EB0-41EB-86A9-9935775162E0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.34:rc4:*:*:*:*:*:*","matchCriteriaId":"59037296-3143-4FBB-AFF7-D4FE2C85502F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.34:rc5:*:*:*:*:*:*","matchCriteriaId":"9CA27FD5-7DBF-4C85-80A9-D523B2E4B033"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.34:rc6:*:*:*:*:*:*","matchCriteriaId":"9711E333-A8E7-4F4B-BCFD-2023E889651A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.34:rc7:*:*:*:*:*:*","matchCriteriaId":"E04D3358-973B-42A1-8E08-2E3AE947193C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*","matchCriteriaId":"17B67AA7-40D6-4AFA-8459-F200F3D7CFD1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*","matchCriteriaId":"C47E4CC9-C826-4FA9-B014-7FE3D9B318B2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*","matchCriteriaId":"F71D92C0-C023-48BD-B3B6-70B638EEE298"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*","matchCriteriaId":"13580667-0A98-40CC-B29F-D12790B91BDB"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/4b106fbb1c7b841cd402abd83eb2447164c799ea","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6348d70af847b79805374fe628d3809a63fd7df3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6afd2a4213524bc742b709599a3663aeaf77193c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6c6cec3db3b418c4fdf815731bc39e46dff75e1b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9aa0b0c14cefece078286d78b97d4c09685e372d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d3613770e2677683e65d062da5e31f48c409abe9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e00c3f71b5cf75681dbd74ee3f982a99cb690c2b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-22992","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-01-23T16:15:55.290","lastModified":"2026-06-17T13:20:09.783","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: return the handler error from mon_handle_auth_done()\n\nCurrently any error from ceph_auth_handle_reply_done() is propagated\nvia finish_auth() but isn't returned from mon_handle_auth_done().  This\nresults in higher layers learning that (despite the monitor considering\nus to be successfully authenticated) something went wrong in the\nauthentication phase and reacting accordingly, but msgr2 still trying\nto proceed with establishing the session in the background.  In the\ncase of secure mode this can trigger a WARN in setup_crypto() and later\nlead to a NULL pointer dereference inside of prepare_auth_signature()."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nlibceph: devolver el error del manejador de mon_handle_auth_done()\n\nActualmente, cualquier error de ceph_auth_handle_reply_done() se propaga a través de finish_auth() pero no se devuelve de mon_handle_auth_done(). Esto resulta en que las capas superiores aprendan que (a pesar de que el monitor nos considere autenticados con éxito) algo salió mal en la fase de autenticación y reaccionen en consecuencia, pero msgr2 sigue intentando proceder con el establecimiento de la sesión en segundo plano. En el caso del modo seguro, esto puede activar una ADVERTENCIA en setup_crypto() y más tarde conducir a una desreferencia de puntero NULL dentro de prepare_auth_signature()."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/ceph/mon_client.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"cd1a677cad994021b19665ed476aea63f5d54f31","lessThan":"77229551f2cf72f3e35636db68e6a825b912cf16","versionType":"git","status":"affected"},{"version":"cd1a677cad994021b19665ed476aea63f5d54f31","lessThan":"33908769248b38a5e77cf9292817bb28e641992d","versionType":"git","status":"affected"},{"version":"cd1a677cad994021b19665ed476aea63f5d54f31","lessThan":"e097cd858196b1914309e7e3d79b4fa79383754d","versionType":"git","status":"affected"},{"version":"cd1a677cad994021b19665ed476aea63f5d54f31","lessThan":"d2c4a5f6996683f287f3851ef5412797042de7f1","versionType":"git","status":"affected"},{"version":"cd1a677cad994021b19665ed476aea63f5d54f31","lessThan":"9e0101e57534ef0e7578dd09608a6106736b82e5","versionType":"git","status":"affected"},{"version":"cd1a677cad994021b19665ed476aea63f5d54f31","lessThan":"e84b48d31b5008932c0a0902982809fbaa1d3b70","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/ceph/mon_client.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.11","status":"affected"},{"version":"0","lessThan":"5.11","versionType":"semver","status":"unaffected"},{"version":"5.15.198","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.161","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.121","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.66","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.6","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T20:37:25.414286Z","id":"CVE-2026-22992","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.198","matchCriteriaId":"82159CAA-B6BA-43C6-85D8-65BDBC175A7E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.161","matchCriteriaId":"E135B7E2-61FC-4DC1-8570-ABD67894FFDE"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.121","matchCriteriaId":"BB7A164B-7422-4A1C-82FB-5FCAEE53C06C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.66","matchCriteriaId":"F72B884C-B44F-40E4-9895-CE421AC663D0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.6","matchCriteriaId":"879529BC-5B4C-4EBE-BF1D-1A31404A8B2E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*","matchCriteriaId":"17B67AA7-40D6-4AFA-8459-F200F3D7CFD1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*","matchCriteriaId":"C47E4CC9-C826-4FA9-B014-7FE3D9B318B2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*","matchCriteriaId":"F71D92C0-C023-48BD-B3B6-70B638EEE298"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*","matchCriteriaId":"13580667-0A98-40CC-B29F-D12790B91BDB"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/33908769248b38a5e77cf9292817bb28e641992d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/77229551f2cf72f3e35636db68e6a825b912cf16","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9e0101e57534ef0e7578dd09608a6106736b82e5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d2c4a5f6996683f287f3851ef5412797042de7f1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e097cd858196b1914309e7e3d79b4fa79383754d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e84b48d31b5008932c0a0902982809fbaa1d3b70","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-22997","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-01-25T15:15:54.540","lastModified":"2026-06-17T13:20:09.930","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts\n\nSince j1939_session_deactivate_activate_next() in j1939_tp_rxtimer() is\ncalled only when the timer is enabled, we need to call\nj1939_session_deactivate_activate_next() if we cancelled the timer.\nOtherwise, refcount for j1939_session leaks, which will later appear as\n\n| unregister_netdevice: waiting for vcan0 to become free. Usage count = 2.\n\nproblem."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nnet: can: j1939: j1939_xtp_rx_rts_session_active(): desactivar sesión al recibir el segundo rts\n\nDado que j1939_session_deactivate_activate_next() en j1939_tp_rxtimer() se\nllama solo cuando el temporizador está habilitado, necesitamos llamar a\nj1939_session_deactivate_activate_next() si cancelamos el temporizador.\nDe lo contrario, la cuenta de referencias (refcount) para j1939_session se fuga, lo que más tarde aparecerá como\n\n| unregister_netdevice: esperando que vcan0 quede libre. Recuento de uso = 2.\n\nproblema."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/can/j1939/transport.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"9d71dd0c70099914fcd063135da3c580865e924c","lessThan":"a73e7d7e346dae1c22dc3e95b02ca464b12daf2c","versionType":"git","status":"affected"},{"version":"9d71dd0c70099914fcd063135da3c580865e924c","lessThan":"adabf01c19561e42899da9de56a6a1da0e6b8a5b","versionType":"git","status":"affected"},{"version":"9d71dd0c70099914fcd063135da3c580865e924c","lessThan":"b1d67607e97d489c0cfbbf55f48a76b00710b0e4","versionType":"git","status":"affected"},{"version":"9d71dd0c70099914fcd063135da3c580865e924c","lessThan":"809a437e27a3bf3c1c6c8c157773635552116f2b","versionType":"git","status":"affected"},{"version":"9d71dd0c70099914fcd063135da3c580865e924c","lessThan":"cb2a610867bc379988bae0bb4b8bbc59c0decf1a","versionType":"git","status":"affected"},{"version":"9d71dd0c70099914fcd063135da3c580865e924c","lessThan":"6121b7564c725b632ffe4764abe85aa239d37703","versionType":"git","status":"affected"},{"version":"9d71dd0c70099914fcd063135da3c580865e924c","lessThan":"1809c82aa073a11b7d335ae932d81ce51a588a4a","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/can/j1939/transport.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.4","status":"affected"},{"version":"0","lessThan":"5.4","versionType":"semver","status":"unaffected"},{"version":"5.10.249","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.199","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.162","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.122","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.67","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.7","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T20:36:25.922251Z","id":"CVE-2026-22997","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4","versionEndExcluding":"5.10.249","matchCriteriaId":"11AC7CEA-DC5B-4004-A574-633B1408C1BE"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.199","matchCriteriaId":"A247FBA6-BEB9-484F-B892-DD5517949CCD"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.162","matchCriteriaId":"6579E0D4-0641-479D-A4C3-0EF618798C55"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.122","matchCriteriaId":"8EAAE395-0162-4BAF-9AD5-E9AF3C869C4F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.67","matchCriteriaId":"7456F614-6AA8-4C08-8229-BA342D4AFBAD"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.7","matchCriteriaId":"99FF3E05-0E7A-44E9-8E47-BF6F1F8EC436"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*","matchCriteriaId":"17B67AA7-40D6-4AFA-8459-F200F3D7CFD1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*","matchCriteriaId":"C47E4CC9-C826-4FA9-B014-7FE3D9B318B2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*","matchCriteriaId":"F71D92C0-C023-48BD-B3B6-70B638EEE298"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*","matchCriteriaId":"13580667-0A98-40CC-B29F-D12790B91BDB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*","matchCriteriaId":"CAD1FED7-CF48-47BF-AC7D-7B6FA3C065FC"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1809c82aa073a11b7d335ae932d81ce51a588a4a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6121b7564c725b632ffe4764abe85aa239d37703","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/809a437e27a3bf3c1c6c8c157773635552116f2b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a73e7d7e346dae1c22dc3e95b02ca464b12daf2c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/adabf01c19561e42899da9de56a6a1da0e6b8a5b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b1d67607e97d489c0cfbbf55f48a76b00710b0e4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cb2a610867bc379988bae0bb4b8bbc59c0decf1a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-22998","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-01-25T15:15:54.643","lastModified":"2026-06-17T13:20:10.090","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec\n\nCommit efa56305908b (\"nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length\")\nadded ttag bounds checking and data_offset\nvalidation in nvmet_tcp_handle_h2c_data_pdu(), but it did not validate\nwhether the command's data structures (cmd->req.sg and cmd->iov) have\nbeen properly initialized before processing H2C_DATA PDUs.\n\nThe nvmet_tcp_build_pdu_iovec() function dereferences these pointers\nwithout NULL checks. This can be triggered by sending H2C_DATA PDU\nimmediately after the ICREQ/ICRESP handshake, before\nsending a CONNECT command or NVMe write command.\n\nAttack vectors that trigger NULL pointer dereferences:\n1. H2C_DATA PDU sent before CONNECT → both pointers NULL\n2. H2C_DATA PDU for READ command → cmd->req.sg allocated, cmd->iov NULL\n3. H2C_DATA PDU for uninitialized command slot → both pointers NULL\n\nThe fix validates both cmd->req.sg and cmd->iov before calling\nnvmet_tcp_build_pdu_iovec(). Both checks are required because:\n- Uninitialized commands: both NULL\n- READ commands: cmd->req.sg allocated, cmd->iov NULL\n- WRITE commands: both allocated"},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nnvme-tcp: soluciona desreferencias de puntero NULL en nvmet_tcp_build_pdu_iovec\n\nEl commit efa56305908b ('nvmet-tcp: Soluciona un pánico del kernel cuando el host envía una longitud de PDU H2C inválida') añadió la comprobación de límites de ttag y la validación de data_offset en nvmet_tcp_handle_h2c_data_pdu(), pero no validó si las estructuras de datos del comando (cmd-&gt;req.sg y cmd-&gt;iov) han sido inicializadas correctamente antes de procesar las PDUs H2C_DATA.\n\nLa función nvmet_tcp_build_pdu_iovec() desreferencia estos punteros sin comprobaciones de NULL. Esto puede ser provocado enviando una PDU H2C_DATA inmediatamente después del handshake ICREQ/ICRESP, antes de enviar un comando CONNECT o un comando de escritura NVMe.\n\nVectores de ataque que provocan desreferencias de puntero NULL:\n1. PDU H2C_DATA enviada antes de CONNECT ? ambos punteros NULL\n2. PDU H2C_DATA para comando READ ? cmd-&gt;req.sg asignado, cmd-&gt;iov NULL\n3. PDU H2C_DATA para slot de comando no inicializado ? ambos punteros NULL\n\nLa solución valida tanto cmd-&gt;req.sg como cmd-&gt;iov antes de llamar a nvmet_tcp_build_pdu_iovec(). Ambas comprobaciones son necesarias porque:\n- Comandos no inicializados: ambos NULL\n- Comandos READ: cmd-&gt;req.sg asignado, cmd-&gt;iov NULL\n- Comandos WRITE: ambos asignados"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/nvme/target/tcp.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"f775f2621c2ac5cc3a0b3a64665dad4fb146e510","lessThan":"baabe43a0edefac8cd7b981ff87f967f6034dafe","versionType":"git","status":"affected"},{"version":"4cb3cf7177ae3666be7fb27d4ad4d72a295fb02d","lessThan":"76abc83a9d25593c2b7613c549413079c14a4686","versionType":"git","status":"affected"},{"version":"2871aa407007f6f531fae181ad252486e022df42","lessThan":"7d75570002929d20e40110d6b03e46202c9d1bc7","versionType":"git","status":"affected"},{"version":"24e05760186dc070d3db190ca61efdbce23afc88","lessThan":"fdecd3b6aac10d5a18d0dc500fe57f8648b66cd4","versionType":"git","status":"affected"},{"version":"efa56305908ba20de2104f1b8508c6a7401833be","lessThan":"3def5243150716be86599c2a1767c29c68838b6d","versionType":"git","status":"affected"},{"version":"efa56305908ba20de2104f1b8508c6a7401833be","lessThan":"374b095e265fa27465f34780e0eb162ff1bef913","versionType":"git","status":"affected"},{"version":"efa56305908ba20de2104f1b8508c6a7401833be","lessThan":"32b63acd78f577b332d976aa06b56e70d054cbba","versionType":"git","status":"affected"},{"version":"ee5e7632e981673f42a50ade25e71e612e543d9d","versionType":"git","status":"affected"},{"version":"70154e8d015c9b4fb56c1a2ef1fc8b83d45c7f68","versionType":"git","status":"affected"},{"version":"5.10.209","lessThan":"5.10.249","versionType":"semver","status":"affected"},{"version":"5.15.148","lessThan":"5.15.199","versionType":"semver","status":"affected"},{"version":"6.1.75","lessThan":"6.1.162","versionType":"semver","status":"affected"},{"version":"6.6.14","lessThan":"6.6.122","versionType":"semver","status":"affected"},{"version":"5.4.268","lessThan":"5.5","versionType":"semver","status":"affected"},{"version":"6.7.2","lessThan":"6.8","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/nvme/target/tcp.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.8","status":"affected"},{"version":"0","lessThan":"6.8","versionType":"semver","status":"unaffected"},{"version":"5.10.249","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.199","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.162","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.122","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.67","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.7","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T20:38:02.086283Z","id":"CVE-2026-22998","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.268","versionEndExcluding":"5.5","matchCriteriaId":"2E4BEAC0-E873-440D-A75E-55699C2412A4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.209","versionEndExcluding":"5.10.249","matchCriteriaId":"B6983E9C-F8A9-4494-8156-3E2F7E736BF8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.148","versionEndExcluding":"5.15.199","matchCriteriaId":"B0275B58-DF8C-46AE-B9A5-20396D123D12"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.75","versionEndExcluding":"6.1.162","matchCriteriaId":"9DE91ACC-6DAF-42AE-8D41-3A91572E9052"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.14","versionEndExcluding":"6.6.122","matchCriteriaId":"68AE0BF9-0835-45D8-AACC-EDFAC1663259"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7.2","versionEndExcluding":"6.12.67","matchCriteriaId":"2B14F508-4490-4A35-BEFC-40EF300279E7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.7","matchCriteriaId":"99FF3E05-0E7A-44E9-8E47-BF6F1F8EC436"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*","matchCriteriaId":"17B67AA7-40D6-4AFA-8459-F200F3D7CFD1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*","matchCriteriaId":"C47E4CC9-C826-4FA9-B014-7FE3D9B318B2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*","matchCriteriaId":"F71D92C0-C023-48BD-B3B6-70B638EEE298"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*","matchCriteriaId":"13580667-0A98-40CC-B29F-D12790B91BDB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*","matchCriteriaId":"CAD1FED7-CF48-47BF-AC7D-7B6FA3C065FC"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/32b63acd78f577b332d976aa06b56e70d054cbba","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/374b095e265fa27465f34780e0eb162ff1bef913","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3def5243150716be86599c2a1767c29c68838b6d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/76abc83a9d25593c2b7613c549413079c14a4686","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7d75570002929d20e40110d6b03e46202c9d1bc7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/baabe43a0edefac8cd7b981ff87f967f6034dafe","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fdecd3b6aac10d5a18d0dc500fe57f8648b66cd4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-22999","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-01-25T15:15:54.753","lastModified":"2026-06-17T13:20:10.273","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: sch_qfq: do not free existing class in qfq_change_class()\n\nFixes qfq_change_class() error case.\n\ncl->qdisc and cl should only be freed if a new class and qdisc\nwere allocated, or we risk various UAF."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nnet/sched: sch_qfq: no liberar la clase existente en qfq_change_class()\n\nCorrige el caso de error de qfq_change_class().\n\ncl-&gt;qdisc y cl solo deben liberarse si se asignaron una nueva clase y qdisc, o nos arriesgamos a varios UAF."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/sched/sch_qfq.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"462dbc9101acd38e92eda93c0726857517a24bbd","lessThan":"2a64fb9b47afffeb5dbab5fd3a518e1436dcc90e","versionType":"git","status":"affected"},{"version":"462dbc9101acd38e92eda93c0726857517a24bbd","lessThan":"cff6cd703f41d8071995956142729e4bba160363","versionType":"git","status":"affected"},{"version":"462dbc9101acd38e92eda93c0726857517a24bbd","lessThan":"f06f7635499bc806cbe2bbc8805c7cef8b1edddf","versionType":"git","status":"affected"},{"version":"462dbc9101acd38e92eda93c0726857517a24bbd","lessThan":"0a234660dc70ce45d771cbc76b20d925b73ec160","versionType":"git","status":"affected"},{"version":"462dbc9101acd38e92eda93c0726857517a24bbd","lessThan":"362e269bb03f7076ba9990e518aeddb898232e50","versionType":"git","status":"affected"},{"version":"462dbc9101acd38e92eda93c0726857517a24bbd","lessThan":"e9d8f11652fa08c647bf7bba7dd8163241a332cd","versionType":"git","status":"affected"},{"version":"462dbc9101acd38e92eda93c0726857517a24bbd","lessThan":"3879cffd9d07aa0377c4b8835c4f64b4fb24ac78","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/sched/sch_qfq.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.8","status":"affected"},{"version":"0","lessThan":"3.8","versionType":"semver","status":"unaffected"},{"version":"5.10.249","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.199","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.162","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.122","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.67","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.7","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T20:35:55.025194Z","id":"CVE-2026-22999","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"5.10.249","matchCriteriaId":"C1D3B462-A229-4130-A191-F09550344C59"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.199","matchCriteriaId":"A247FBA6-BEB9-484F-B892-DD5517949CCD"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.162","matchCriteriaId":"6579E0D4-0641-479D-A4C3-0EF618798C55"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.122","matchCriteriaId":"8EAAE395-0162-4BAF-9AD5-E9AF3C869C4F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.67","matchCriteriaId":"7456F614-6AA8-4C08-8229-BA342D4AFBAD"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.7","matchCriteriaId":"99FF3E05-0E7A-44E9-8E47-BF6F1F8EC436"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*","matchCriteriaId":"17B67AA7-40D6-4AFA-8459-F200F3D7CFD1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*","matchCriteriaId":"C47E4CC9-C826-4FA9-B014-7FE3D9B318B2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*","matchCriteriaId":"F71D92C0-C023-48BD-B3B6-70B638EEE298"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*","matchCriteriaId":"13580667-0A98-40CC-B29F-D12790B91BDB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*","matchCriteriaId":"CAD1FED7-CF48-47BF-AC7D-7B6FA3C065FC"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0a234660dc70ce45d771cbc76b20d925b73ec160","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2a64fb9b47afffeb5dbab5fd3a518e1436dcc90e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/362e269bb03f7076ba9990e518aeddb898232e50","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3879cffd9d07aa0377c4b8835c4f64b4fb24ac78","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cff6cd703f41d8071995956142729e4bba160363","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e9d8f11652fa08c647bf7bba7dd8163241a332cd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f06f7635499bc806cbe2bbc8805c7cef8b1edddf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2019-25293","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-02-06T17:16:10.527","lastModified":"2026-06-17T15:16:33.170","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"BlueStacks App Player 2.4.44.62.57 contains an unquoted service path vulnerability in the BstHdLogRotatorSvc service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\\Program Files (x86)\\Bluestacks\\HD-LogRotatorService.exe to inject malicious executables and escalate privileges."},{"lang":"es","value":"BlueStacks App Player 2.4.44.62.57 contiene una vulnerabilidad de ruta de servicio sin comillas en el servicio BstHdLogRotatorSvc que permite a atacantes locales ejecutar potencialmente código arbitrario. Los atacantes pueden explotar la ruta sin comillas en C:\\Program Files (x86)\\Bluestacks\\HD-LogRotatorService.exe para inyectar ejecutables maliciosos y escalar privilegios."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"bluestacks","product":"Blue Stacks App Player","defaultStatus":"unaffected","versions":[{"version":"2.4.44.62.57","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-02-06T17:39:01.126058Z","id":"CVE-2019-25293","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-428"}]}],"references":[{"url":"https://www.bluestacks.com","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/47582","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/blue-stacks-app-player-bsthdlogrotatorsvc-unquote-service-path","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-21725","sourceIdentifier":"security@grafana.com","published":"2026-02-25T13:16:05.240","lastModified":"2026-06-17T13:20:05.527","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A time-of-create-to-time-of-use (TOCTOU) vulnerability lets recently deleted-then-recreated data sources be re-deleted without permission to do so.\n\nThis requires several very stringent conditions to be met:\n\n- The attacker must have admin access to the specific datasource prior to its first deletion.\n- Upon deletion, all steps within the attack must happen within the next 30 seconds and on the same pod of Grafana.\n- The attacker must delete the datasource, then someone must recreate it.\n- The new datasource must not have the attacker as an admin.\n- The new datasource must have the same UID as the prior datasource. These are randomised by default.\n- The datasource can now be re-deleted by the attacker.\n- Once 30 seconds are up, the attack is spent and cannot be repeated.\n- No datasource with any other UID can be attacked."},{"lang":"es","value":"Una vulnerabilidad de tipo \"time-of-create-to-time-of-use\" (TOCTOU) permite que las fuentes de datos recientemente eliminadas y luego recreadas sean re-eliminadas sin permiso para hacerlo.\n\nEsto requiere que se cumplan varias condiciones muy estrictas:\n\n- El atacante debe tener acceso de administrador a la fuente de datos específica antes de su primera eliminación.\n- Tras la eliminación, todos los pasos del ataque deben ocurrir dentro de los siguientes 30 segundos y en el mismo pod de Grafana.\n- El atacante debe eliminar la fuente de datos, luego alguien debe recrearla.\n- La nueva fuente de datos no debe tener al atacante como administrador.\n- La nueva fuente de datos debe tener el mismo UID que la fuente de datos anterior. Estos se aleatorizan por defecto.\n- La fuente de datos ahora puede ser re-eliminada por el atacante.\n- Una vez transcurridos 30 segundos, el ataque se agota y no puede repetirse.\n- Ninguna fuente de datos con cualquier otro UID puede ser atacada."}],"affected":[{"source":"security@grafana.com","affectedData":[{"vendor":"Grafana","product":"Grafana","defaultStatus":"unaffected","versions":[{"version":"v11.0.0","lessThan":"v12.4.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@grafana.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L","baseScore":2.6,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.2,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N","baseScore":2.0,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":0.5,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-02-25T15:13:32.666615Z","id":"CVE-2026-21725","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-367"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-367"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:-:*:*:enterprise:*:*:*","versionStartIncluding":"11.0.0","versionEndExcluding":"12.4.1","matchCriteriaId":"0B8EFF4D-5611-41A6-B555-4A7911C72824"}]}]}],"references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-21725","source":"security@grafana.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-20127","sourceIdentifier":"psirt@cisco.com","published":"2026-02-25T17:25:29.477","lastModified":"2026-06-17T15:06:12.607","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.\r\n\r\nThis vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root&nbsp;user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric.&nbsp;"},{"lang":"es","value":"Una vulnerabilidad en la autenticación de emparejamiento en Cisco Catalyst SD-WAN Controller, anteriormente SD-WAN vSmart, y Cisco Catalyst SD-WAN Manager, anteriormente SD-WAN vManage, podría permitir a un atacante remoto no autenticado eludir la autenticación y obtener privilegios administrativos en un sistema afectado.\n\nEsta vulnerabilidad existe porque el mecanismo de autenticación de emparejamiento en un sistema afectado no funciona correctamente. Un atacante podría explotar esta vulnerabilidad enviando solicitudes manipuladas a un sistema afectado. Un exploit exitoso podría permitir al atacante iniciar sesión en un Cisco Catalyst SD-WAN Controller afectado como una cuenta de usuario interna, con altos privilegios y no root. Usando esta cuenta, el atacante podría acceder a NETCONF, lo que luego permitiría al atacante manipular la configuración de red para la estructura SD-WAN."}],"affected":[{"source":"psirt@cisco.com","affectedData":[{"vendor":"Cisco","product":"Cisco Catalyst SD-WAN Manager","defaultStatus":"unknown","versions":[{"version":"20.1.12","status":"affected"},{"version":"19.2.1","status":"affected"},{"version":"18.4.4","status":"affected"},{"version":"18.4.5","status":"affected"},{"version":"20.1.1.1","status":"affected"},{"version":"20.1.1","status":"affected"},{"version":"19.3.0","status":"affected"},{"version":"19.2.2","status":"affected"},{"version":"19.2.099","status":"affected"},{"version":"18.3.6","status":"affected"},{"version":"18.3.7","status":"affected"},{"version":"19.2.0","status":"affected"},{"version":"18.3.8","status":"affected"},{"version":"19.0.0","status":"affected"},{"version":"19.1.0","status":"affected"},{"version":"18.4.302","status":"affected"},{"version":"18.4.303","status":"affected"},{"version":"19.2.097","status":"affected"},{"version":"19.2.098","status":"affected"},{"version":"17.2.10","status":"affected"},{"version":"18.3.6.1","status":"affected"},{"version":"19.0.1a","status":"affected"},{"version":"18.2.0","status":"affected"},{"version":"18.4.3","status":"affected"},{"version":"18.4.1","status":"affected"},{"version":"17.2.8","status":"affected"},{"version":"18.3.3.1","status":"affected"},{"version":"18.4.0","status":"affected"},{"version":"18.3.1","status":"affected"},{"version":"17.2.6","status":"affected"},{"version":"17.2.9","status":"affected"},{"version":"18.3.4","status":"affected"},{"version":"17.2.5","status":"affected"},{"version":"18.3.1.1","status":"affected"},{"version":"18.3.5","status":"affected"},{"version":"18.4.0.1","status":"affected"},{"version":"18.3.3","status":"affected"},{"version":"17.2.7","status":"affected"},{"version":"17.2.4","status":"affected"},{"version":"18.3.0","status":"affected"},{"version":"19.2.3","status":"affected"},{"version":"18.4.501_ES","status":"affected"},{"version":"20.3.1","status":"affected"},{"version":"20.1.2","status":"affected"},{"version":"19.2.929","status":"affected"},{"version":"19.2.31","status":"affected"},{"version":"20.3.2","status":"affected"},{"version":"19.2.32","status":"affected"},{"version":"20.3.2_925","status":"affected"},{"version":"20.3.2.1","status":"affected"},{"version":"20.3.2.1_927","status":"affected"},{"version":"18.4.6","status":"affected"},{"version":"20.1.2_937","status":"affected"},{"version":"20.4.1","status":"affected"},{"version":"20.3.2_928","status":"affected"},{"version":"20.3.2_929","status":"affected"},{"version":"20.4.1.0.1","status":"affected"},{"version":"20.3.2.1_930","status":"affected"},{"version":"19.2.4","status":"affected"},{"version":"20.5.0.1.1","status":"affected"},{"version":"20.4.1.1","status":"affected"},{"version":"20.3.3","status":"affected"},{"version":"19.2.4.0.1","status":"affected"},{"version":"20.3.2_937","status":"affected"},{"version":"20.3.3.1","status":"affected"},{"version":"20.5.1","status":"affected"},{"version":"20.1.3","status":"affected"},{"version":"20.3.3.0.4","status":"affected"},{"version":"20.3.3.1.2","status":"affected"},{"version":"20.3.3.1.1","status":"affected"},{"version":"20.4.1.2","status":"affected"},{"version":"20.3.3.0.2","status":"affected"},{"version":"20.4.1.1.5","status":"affected"},{"version":"20.4.1.0.01","status":"affected"},{"version":"20.4.1.0.02","status":"affected"},{"version":"20.3.3.1.7","status":"affected"},{"version":"20.3.3.1.5","status":"affected"},{"version":"20.5.1.0.1","status":"affected"},{"version":"20.3.3.1.10","status":"affected"},{"version":"20.3.3.0.8","status":"affected"},{"version":"20.4.2","status":"affected"},{"version":"20.4.2.0.1","status":"affected"},{"version":"20.3.4","status":"affected"},{"version":"20.3.3.0.14","status":"affected"},{"version":"19.2.4.0.8","status":"affected"},{"version":"19.2.4.0.9","status":"affected"},{"version":"20.3.4.0.1","status":"affected"},{"version":"20.3.2.0.5","status":"affected"},{"version":"20.6.1","status":"affected"},{"version":"20.5.1.0.2","status":"affected"},{"version":"20.3.3.0.17","status":"affected"},{"version":"20.6.1.1","status":"affected"},{"version":"20.6.0.18.3","status":"affected"},{"version":"20.3.2.0.6","status":"affected"},{"version":"20.6.0.18.4","status":"affected"},{"version":"20.4.2.0.2","status":"affected"},{"version":"20.3.3.0.16","status":"affected"},{"version":"20.3.4.0.5","status":"affected"},{"version":"20.6.1.0.1","status":"affected"},{"version":"20.3.4.0.6","status":"affected"},{"version":"20.6.2","status":"affected"},{"version":"20.7.1EFT2","status":"affected"},{"version":"20.3.4.0.9","status":"affected"},{"version":"20.3.4.0.11","status":"affected"},{"version":"20.4.2.0.4","status":"affected"},{"version":"20.3.3.0.18","status":"affected"},{"version":"20.7.1","status":"affected"},{"version":"20.6.2.1","status":"affected"},{"version":"20.3.4.1","status":"affected"},{"version":"20.5.1.1","status":"affected"},{"version":"20.4.2.1","status":"affected"},{"version":"20.4.2.1.1","status":"affected"},{"version":"20.3.4.1.1","status":"affected"},{"version":"20.3.813","status":"affected"},{"version":"20.3.4.0.19","status":"affected"},{"version":"20.4.2.2.1","status":"affected"},{"version":"20.5.1.2","status":"affected"},{"version":"20.3.4.2","status":"affected"},{"version":"20.3.814","status":"affected"},{"version":"20.4.2.2","status":"affected"},{"version":"20.6.2.2","status":"affected"},{"version":"20.3.4.2.1","status":"affected"},{"version":"20.7.1.1","status":"affected"},{"version":"20.3.4.1.2","status":"affected"},{"version":"20.6.2.2.2","status":"affected"},{"version":"20.3.4.0.20","status":"affected"},{"version":"20.6.2.2.3","status":"affected"},{"version":"20.4.2.2.2","status":"affected"},{"version":"20.3.5","status":"affected"},{"version":"20.6.2.0.4","status":"affected"},{"version":"20.4.2.2.3","status":"affected"},{"version":"20.3.4.0.24","status":"affected"},{"version":"20.6.2.2.7","status":"affected"},{"version":"20.6.3","status":"affected"},{"version":"20.3.4.2.2","status":"affected"},{"version":"20.4.2.2.4","status":"affected"},{"version":"20.7.1.0.2","status":"affected"},{"version":"20.8.1","status":"affected"},{"version":"20.3.5.0.8","status":"affected"},{"version":"20.3.5.0.9","status":"affected"},{"version":"20.4.2.2.8","status":"affected"},{"version":"20.3.5.0.7","status":"affected"},{"version":"20.6.3.0.7","status":"affected"},{"version":"20.6.3.0.5","status":"affected"},{"version":"20.6.3.0.10","status":"affected"},{"version":"20.6.3.0.2","status":"affected"},{"version":"20.7.2","status":"affected"},{"version":"20.9.1EFT2","status":"affected"},{"version":"20.6.3.0.11","status":"affected"},{"version":"20.6.3.1","status":"affected"},{"version":"20.6.3.0.14","status":"affected"},{"version":"20.6.4","status":"affected"},{"version":"20.9.1","status":"affected"},{"version":"20.6.3.0.19","status":"affected"},{"version":"20.6.3.0.18","status":"affected"},{"version":"20.3.6","status":"affected"},{"version":"20.9.1.1","status":"affected"},{"version":"20.6.3.0.23","status":"affected"},{"version":"20.6.4.0.4","status":"affected"},{"version":"20.6.3.0.25","status":"affected"},{"version":"20.6.5","status":"affected"},{"version":"20.6.3.0.27","status":"affected"},{"version":"20.9.2","status":"affected"},{"version":"20.9.2.1","status":"affected"},{"version":"20.6.3.0.29","status":"affected"},{"version":"20.6.3.0.31","status":"affected"},{"version":"20.6.3.0.32","status":"affected"},{"version":"20.10.1","status":"affected"},{"version":"20.6.3.0.33","status":"affected"},{"version":"20.9.2.0.01","status":"affected"},{"version":"20.9.1_LI_Images","status":"affected"},{"version":"20.10.1_LI_Images","status":"affected"},{"version":"20.9.2_LI_Images","status":"affected"},{"version":"20.3.7","status":"affected"},{"version":"20.9.3","status":"affected"},{"version":"20.6.5.1","status":"affected"},{"version":"20.11.1","status":"affected"},{"version":"20.11.1_LI_Images","status":"affected"},{"version":"20.9.3_LI_ Images","status":"affected"},{"version":"20.6.3.1.1","status":"affected"},{"version":"20.9.3.0.2","status":"affected"},{"version":"20.6.5.1.2","status":"affected"},{"version":"20.9.3.0.3","status":"affected"},{"version":"20.4.2.3","status":"affected"},{"version":"20.6.3.2","status":"affected"},{"version":"20.6.4.1","status":"affected"},{"version":"20.6.3.0.38","status":"affected"},{"version":"20.6.3.0.39","status":"affected"},{"version":"20.3.5.1","status":"affected"},{"version":"20.3.4.3","status":"affected"},{"version":"20.9.3.1","status":"affected"},{"version":"20.3.3.2","status":"affected"},{"version":"20.6.5.2","status":"affected"},{"version":"20.3.7.1","status":"affected"},{"version":"20.10.1.1","status":"affected"},{"version":"20.6.5.2.1","status":"affected"},{"version":"20.3.4.0.25","status":"affected"},{"version":"20.6.2.2.4","status":"affected"},{"version":"20.6.1.2","status":"affected"},{"version":"20.11.1.1","status":"affected"},{"version":"20.9.3.0.5","status":"affected"},{"version":"20.3.4.0.26","status":"affected"},{"version":"20.6.5.1.3","status":"affected"},{"version":"20.6.3.0.40","status":"affected"},{"version":"20.1.3.1","status":"affected"},{"version":"20.9.2.2","status":"affected"},{"version":"20.6.5.2.3","status":"affected"},{"version":"20.6.5.1.4","status":"affected"},{"version":"20.6.5.3","status":"affected"},{"version":"20.6.3.0.41","status":"affected"},{"version":"20.9.3.0.7","status":"affected"},{"version":"20.6.5.1.5","status":"affected"},{"version":"20.9.3.0.4","status":"affected"},{"version":"20.6.4.0.19","status":"affected"},{"version":"20.6.5.1.6","status":"affected"},{"version":"20.9.3.0.8","status":"affected"},{"version":"20.6.3.3","status":"affected"},{"version":"20.3.7.2","status":"affected"},{"version":"20.6.5.4","status":"affected"},{"version":"20.6.5.1.7","status":"affected"},{"version":"20.9.3.0.12","status":"affected"},{"version":"20.6.4.2","status":"affected"},{"version":"20.6.5.5","status":"affected"},{"version":"20.9.3.2","status":"affected"},{"version":"20.11.1.2","status":"affected"},{"version":"20.6.3.4","status":"affected"},{"version":"20.10.1.2","status":"affected"},{"version":"20.6.5.1.9","status":"affected"},{"version":"20.9.3.0.16","status":"affected"},{"version":"20.6.3.0.45","status":"affected"},{"version":"20.6.5.1.10","status":"affected"},{"version":"20.9.3.0.17","status":"affected"},{"version":"20.6.5.2.4","status":"affected"},{"version":"20.6.4.0.21","status":"affected"},{"version":"20.9.3.0.18","status":"affected"},{"version":"20.6.3.0.46","status":"affected"},{"version":"20.6.3.0.47","status":"affected"},{"version":"20.9.2.3","status":"affected"},{"version":"20.9.3.2_LI_Images","status":"affected"},{"version":"20.9.3.0.21","status":"affected"},{"version":"20.9.3.0.20","status":"affected"},{"version":"20.9.4_LI_Images","status":"affected"},{"version":"20.9.4","status":"affected"},{"version":"20.6.5.1.11","status":"affected"},{"version":"20.12.1","status":"affected"},{"version":"20.12.1_LI_Images","status":"affected"},{"version":"20.6.5.1.13","status":"affected"},{"version":"20.9.3.0.23","status":"affected"},{"version":"20.6.5.2.8","status":"affected"},{"version":"20.9.4.1","status":"affected"},{"version":"20.9.4.1_LI_Images","status":"affected"},{"version":"20.9.3.0.25","status":"affected"},{"version":"20.9.3.0.24","status":"affected"},{"version":"20.6.5.1.14","status":"affected"},{"version":"20.3.8","status":"affected"},{"version":"20.6.6","status":"affected"},{"version":"20.9.3.0.26","status":"affected"},{"version":"20.6.3.0.51","status":"affected"},{"version":"20.9.3.0.29","status":"affected"},{"version":"20.12.2","status":"affected"},{"version":"20.12.2_LI_Images","status":"affected"},{"version":"20.6.6.0.1","status":"affected"},{"version":"20.13.1_LI_Images","status":"affected"},{"version":"20.9.4.0.4","status":"affected"},{"version":"20.13.1","status":"affected"},{"version":"20.9.4.1.1","status":"affected"},{"version":"20.9.5","status":"affected"},{"version":"20.9.5_LI_Images","status":"affected"},{"version":"20.12.3_LI_Images","status":"affected"},{"version":"20.12.3","status":"affected"},{"version":"20.9.4.1.3","status":"affected"},{"version":"20.6.7","status":"affected"},{"version":"20.9.5.1","status":"affected"},{"version":"20.9.5.1_LI_Images","status":"affected"},{"version":"20.9.4.1.6","status":"affected"},{"version":"20.14.1","status":"affected"},{"version":"20.14.1_LI_Images","status":"affected"},{"version":"20.9.5.2","status":"affected"},{"version":"20.9.5.2.1","status":"affected"},{"version":"20.9.5.2_LI_Images","status":"affected"},{"version":"20.12.3.1","status":"affected"},{"version":"20.12.4","status":"affected"},{"version":"20.15.1_LI_Images","status":"affected"},{"version":"20.15.1","status":"affected"},{"version":"20.9.5.1.4","status":"affected"},{"version":"20.9.5.2.7","status":"affected"},{"version":"20.9.5.2.13","status":"affected"},{"version":"20.9.6","status":"affected"},{"version":"20.9.6_LI_Images","status":"affected"},{"version":"20.9.5.2.14","status":"affected"},{"version":"20.6.8","status":"affected"},{"version":"20.12.4.0.03","status":"affected"},{"version":"20.16.1","status":"affected"},{"version":"20.16.1_LI_Images","status":"affected"},{"version":"20.12.4_LI_Images","status":"affected"},{"version":"20.9.5.2.16","status":"affected"},{"version":"20.12.4.0.4","status":"affected"},{"version":"20.12.401","status":"affected"},{"version":"20.9.5.3","status":"affected"},{"version":"20.9.5.3_LI_Images","status":"affected"},{"version":"20.12.4.1_LI_Images","status":"affected"},{"version":"20.12.4.1","status":"affected"},{"version":"20.9.5.2.21","status":"affected"},{"version":"20.9.6.0.3","status":"affected"},{"version":"20.12.4.0.6","status":"affected"},{"version":"20.15.2_LI_Images","status":"affected"},{"version":"20.15.2","status":"affected"},{"version":"20.12.4_Monthly_ES5","status":"affected"},{"version":"20.12.5","status":"affected"},{"version":"20.12.5_LI_Images","status":"affected"},{"version":"20.9.7_LI _Images","status":"affected"},{"version":"20.9.7","status":"affected"},{"version":"20.15.3","status":"affected"},{"version":"20.15.3_ LI _Images","status":"affected"},{"version":"20.12.501","status":"affected"},{"version":"20.12.5.1_LI_Images","status":"affected"},{"version":"20.12.5.1","status":"affected"},{"version":"20.12.5.2_LI_Images","status":"affected"},{"version":"20.12.5.2","status":"affected"},{"version":"20.15.3.1","status":"affected"},{"version":"20.15.4_LI_Images","status":"affected"},{"version":"20.15.4","status":"affected"},{"version":"20.9.7.1_LI _Images","status":"affected"},{"version":"20.9.7.1","status":"affected"},{"version":"20.18.1","status":"affected"},{"version":"20.18.1_LI_Images","status":"affected"},{"version":"20.12.6_LI_Images","status":"affected"},{"version":"20.12.6","status":"affected"},{"version":"20.12.5.1.01","status":"affected"},{"version":"20.9.8","status":"affected"},{"version":"20.9.8_LI_Images","status":"affected"},{"version":"20.18.2","status":"affected"},{"version":"20.15.4.1_LI_Images","status":"affected"},{"version":"20.15.4.1","status":"affected"},{"version":"20.18.2_LI_Images","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-02-26T04:55:54.782171Z","id":"CVE-2026-20127","options":[{"exploitation":"active"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"cisaExploitAdd":"2026-02-25","cisaActionDue":"2026-02-27","cisaRequiredAction":"Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.","cisaVulnerabilityName":"Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability","weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"20.9.8.2","matchCriteriaId":"0388BD67-C1AD-4E47-8B1A-22EE1634190E"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"20.11","versionEndExcluding":"20.12.5.3","matchCriteriaId":"344CA479-F60F-4CD6-83F7-4DB38DF2EAEB"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"20.13","versionEndExcluding":"20.15.4.2","matchCriteriaId":"D284EA84-6C27-4A9C-BDA2-D1C5BF1F2356"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"20.16","versionEndExcluding":"20.18.2.1","matchCriteriaId":"B94E1DC2-5DA5-4238-8040-6D524DDEAA4F"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.12.6:*:*:*:*:*:*:*","matchCriteriaId":"F5B6E170-73B8-4838-93B4-AD258F3BCA7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:*:*:*:*:*:*:*:*","versionEndExcluding":"20.9.8.2","matchCriteriaId":"D22B968F-3AB3-41AA-81CC-A1173654C731"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"20.11","versionEndExcluding":"20.12.5.3","matchCriteriaId":"89D0736B-EA67-44FD-A9E3-6729AB690295"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"20.13","versionEndExcluding":"20.15.4.2","matchCriteriaId":"06587810-B5BE-49FE-A009-BB53A2B45825"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"20.16","versionEndExcluding":"20.18.2.1","matchCriteriaId":"A896A8B2-1517-4438-819E-DB2CC0214040"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:20.12.6:*:*:*:*:*:*:*","matchCriteriaId":"033AC84E-6A5F-4EFF-B610-5C16D4C2CC9D"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:sd-wan_vsmart_controller:*:*:*:*:*:*:*:*","versionEndExcluding":"20.9.8.2","matchCriteriaId":"9C42E29A-D80E-4303-A33E-660099CF78F7"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:sd-wan_vsmart_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"20.11","versionEndExcluding":"20.12.5.3","matchCriteriaId":"7B720BE5-BD1D-4BFA-A899-BFB20C7499FC"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:sd-wan_vsmart_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"20.13","versionEndExcluding":"20.15.4.2","matchCriteriaId":"4BDF8CF0-99BA-461F-99D6-4B1ABE9C2FFF"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:sd-wan_vsmart_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"20.16","versionEndExcluding":"20.18.2.1","matchCriteriaId":"E709AAB8-3567-49EB-8090-033468743AB4"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:sd-wan_vsmart_controller:20.12.6:*:*:*:*:*:*:*","matchCriteriaId":"3DD7A58E-C95F-48C2-8359-39AFE7FA47BE"}]}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20127","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}},{"cve":{"id":"CVE-2026-3539","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-03-04T20:16:20.957","lastModified":"2026-06-17T13:20:22.227","vulnStatus":"Rejected","cveTags":[],"descriptions":[{"lang":"en","value":"Rejected reason: Determined a bug and not a vulnerability"}],"metrics":{},"references":[]}},{"cve":{"id":"CVE-2026-23243","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-03-18T11:16:16.090","lastModified":"2026-06-17T19:17:16.593","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/umad: Reject negative data_len in ib_umad_write\n\nib_umad_write computes data_len from user-controlled count and the\nMAD header sizes. With a mismatched user MAD header size and RMPP\nheader length, data_len can become negative and reach ib_create_send_mad().\nThis can make the padding calculation exceed the segment size and trigger\nan out-of-bounds memset in alloc_send_rmpp_list().\n\nAdd an explicit check to reject negative data_len before creating the\nsend buffer.\n\nKASAN splat:\n[  211.363464] BUG: KASAN: slab-out-of-bounds in ib_create_send_mad+0xa01/0x11b0\n[  211.364077] Write of size 220 at addr ffff88800c3fa1f8 by task spray_thread/102\n[  211.365867] ib_create_send_mad+0xa01/0x11b0\n[  211.365887] ib_umad_write+0x853/0x1c80"},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nRDMA/umad: Rechazar data_len negativo en ib_umad_write\n\nib_umad_write calcula data_len a partir de un conteo controlado por el usuario y los tamaños de encabezado MAD. Con un tamaño de encabezado MAD de usuario no coincidente y una longitud de encabezado RMPP, data_len puede volverse negativo y alcanzar ib_create_send_mad(). Esto puede hacer que el cálculo de relleno exceda el tamaño del segmento y desencadenar un memset fuera de límites en alloc_send_rmpp_list().\n\nSe añade una verificación explícita para rechazar data_len negativo antes de crear el búfer de envío.\n\nKASAN splat:\n[ 211.363464] ERROR: KASAN: slab-out-of-bounds en ib_create_send_mad+0xa01/0x11b0\n[ 211.364077] Escritura de tamaño 220 en la dirección ffff88800c3fa1f8 por la tarea spray_thread/102\n[ 211.365867] ib_create_send_mad+0xa01/0x11b0\n[ 211.365887] ib_umad_write+0x853/0x1c80"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/infiniband/core/user_mad.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2be8e3ee8efd6f99ce454115c29d09750915021a","lessThan":"1371ef6b1ecf3676b8942f5dfb3634fb0648128e","versionType":"git","status":"affected"},{"version":"2be8e3ee8efd6f99ce454115c29d09750915021a","lessThan":"362e45fd9069ffa1523f9f1633b606ebf72060d7","versionType":"git","status":"affected"},{"version":"2be8e3ee8efd6f99ce454115c29d09750915021a","lessThan":"6eb2919474ca105c5b13d19574e25f0ddcf19ca2","versionType":"git","status":"affected"},{"version":"2be8e3ee8efd6f99ce454115c29d09750915021a","lessThan":"a6a3e4af10993cb9e4b8f0548680aba0ab5f3b0d","versionType":"git","status":"affected"},{"version":"2be8e3ee8efd6f99ce454115c29d09750915021a","lessThan":"9c80d688f402539dfc8f336de1380d6b4ee14316","versionType":"git","status":"affected"},{"version":"2be8e3ee8efd6f99ce454115c29d09750915021a","lessThan":"205955f29c26330b1dc7fdeadd5bb97c38e26f56","versionType":"git","status":"affected"},{"version":"2be8e3ee8efd6f99ce454115c29d09750915021a","lessThan":"52ab82cc5cf8ada5c3fb6ffe8f32fdb2fc27a34b","versionType":"git","status":"affected"},{"version":"2be8e3ee8efd6f99ce454115c29d09750915021a","lessThan":"5551b02fdbfd85a325bb857f3a8f9c9f33397ed2","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/infiniband/core/user_mad.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.24","status":"affected"},{"version":"0","lessThan":"2.6.24","versionType":"semver","status":"unaffected"},{"version":"5.10.252","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.202","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.165","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.128","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T17:47:24.163717Z","id":"CVE-2026-23243","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.24.1","versionEndExcluding":"5.10.252","matchCriteriaId":"2373214A-3D90-42DB-82C4-E1879374793C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.202","matchCriteriaId":"4002FC2B-1456-4666-B240-0EBF590C4671"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.165","matchCriteriaId":"797C7F46-D0BE-4FB8-A502-C5EF8E6B6654"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.128","matchCriteriaId":"851E9353-6C09-4CC9-877E-E09DB164A3C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.24:-:*:*:*:*:*:*","matchCriteriaId":"6F3E61F3-1CF1-4176-94CD-89A408BCFC96"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1371ef6b1ecf3676b8942f5dfb3634fb0648128e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/205955f29c26330b1dc7fdeadd5bb97c38e26f56","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/362e45fd9069ffa1523f9f1633b606ebf72060d7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/52ab82cc5cf8ada5c3fb6ffe8f32fdb2fc27a34b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5551b02fdbfd85a325bb857f3a8f9c9f33397ed2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6eb2919474ca105c5b13d19574e25f0ddcf19ca2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9c80d688f402539dfc8f336de1380d6b4ee14316","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a6a3e4af10993cb9e4b8f0548680aba0ab5f3b0d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-4887","sourceIdentifier":"secalert@redhat.com","published":"2026-03-26T13:16:30.780","lastModified":"2026-06-17T13:20:46.970","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory disclosure and a possible application crash, resulting in a Denial of Service (DoS)."},{"lang":"es","value":"Se encontró una vulnerabilidad en GIMP. Este problema es una lectura excesiva de búfer de pila en el cargador de archivos PCX de GIMP debido a un error de uno. Un atacante remoto podría explotar esto al convencer a un usuario de abrir una imagen PCX especialmente diseñada. La explotación exitosa podría llevar a la divulgación de memoria fuera de límites y a un posible fallo de la aplicación, lo que resultaría en una denegación de servicio (DoS)."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7 Extended Lifecycle Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp","cpes":["cpe:/o:redhat:rhel_els:7"],"versions":[{"version":"2:2.8.22-1.el7_9.6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp:2.8","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream"],"versions":[{"version":"8100020260512115927.4c9c024f","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp:2.8","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"],"versions":[{"version":"8040020260520140422.70584597","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp:2.8","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"],"versions":[{"version":"8040020260520140422.70584597","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp:2.8","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_e4s:8.6::appstream","cpe:/a:redhat:rhel_tus:8.6::appstream"],"versions":[{"version":"8060020260520140100.6af1eaf0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Telecommunications Update Service","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp:2.8","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_e4s:8.6::appstream","cpe:/a:redhat:rhel_tus:8.6::appstream"],"versions":[{"version":"8060020260520140100.6af1eaf0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp:2.8","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_e4s:8.6::appstream","cpe:/a:redhat:rhel_tus:8.6::appstream"],"versions":[{"version":"8060020260520140100.6af1eaf0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Telecommunications Update Service","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp:2.8","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream","cpe:/a:redhat:rhel_tus:8.8::appstream"],"versions":[{"version":"8080020260520102644.0621e4ee","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp:2.8","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream","cpe:/a:redhat:rhel_tus:8.8::appstream"],"versions":[{"version":"8080020260520102644.0621e4ee","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"],"versions":[{"version":"2:3.0.4-1.el9_7.5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"],"versions":[{"version":"2:3.0.4-4.el9_8.4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp","cpes":["cpe:/a:redhat:rhel_e4s:9.0::appstream"],"versions":[{"version":"2:2.99.8-3.el9_0.6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp","cpes":["cpe:/a:redhat:rhel_e4s:9.2::appstream"],"versions":[{"version":"2:2.99.8-4.el9_2.6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp","cpes":["cpe:/a:redhat:rhel_e4s:9.4::appstream"],"versions":[{"version":"2:2.99.8-4.el9_4.6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.6 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp","cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream"],"versions":[{"version":"2:2.99.8-4.el9_6.7","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp","cpes":["cpe:/o:redhat:enterprise_linux:6"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":4.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-26T12:58:38.570446Z","id":"CVE-2026-4887","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-193"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*","versionEndExcluding":"3.2.0","matchCriteriaId":"B47B700C-2770-4859-8535-02733AB22EDE"},{"vulnerable":true,"criteria":"cpe:2.3:a:gimp:gimp:3.2.0:rc1:*:*:*:*:*:*","matchCriteriaId":"7FD8D154-2B8E-4DC9-BF0F-A5E7A7141ED8"},{"vulnerable":true,"criteria":"cpe:2.3:a:gimp:gimp:3.2.0:rc2:*:*:*:*:*:*","matchCriteriaId":"2585D713-54B3-494C-99DC-53E3A7CE0CFE"},{"vulnerable":true,"criteria":"cpe:2.3:a:gimp:gimp:3.2.0:rc3:*:*:*:*:*:*","matchCriteriaId":"2FDE25FB-1089-4611-BC6A-584D06A5E5D6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","matchCriteriaId":"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"},{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:16484","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:17533","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19362","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20552","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20553","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20554","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20691","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:25899","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:25901","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:25907","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:26168","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-4887","source":"secalert@redhat.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451669","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://gitlab.gnome.org/GNOME/gimp/-/issues/15960","source":"secalert@redhat.com","tags":["Exploit","Issue Tracking"]}]}},{"cve":{"id":"CVE-2026-21724","sourceIdentifier":"security@grafana.com","published":"2026-03-26T21:17:03.227","lastModified":"2026-06-17T13:20:05.397","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the required alert.notifications.receivers.protected:write permission."},{"lang":"es","value":"Se ha descubierto una vulnerabilidad en Grafana OSS donde una omisión de autorización en la API de puntos de contacto de aprovisionamiento permite a los usuarios con rol de Editor modificar URLs de webhook protegidas sin el permiso requerido alert.notifications.receivers.protected:write."}],"affected":[{"source":"security@grafana.com","affectedData":[{"vendor":"Grafana","product":"Grafana OSS","defaultStatus":"unaffected","versions":[{"version":"12.3.1","lessThan":"12.3.6","versionType":"semver","status":"affected"},{"version":"12.2.2","lessThan":"12.2.8","versionType":"semver","status":"affected"},{"version":"12.1.5","lessThan":"12.1.10","versionType":"semver","status":"affected"},{"version":"11.6.9","lessThan":"11.6.14","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@grafana.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-27T13:42:43.732342Z","id":"CVE-2026-21724","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-285"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:-:*:*:*","versionStartIncluding":"11.6.9","versionEndExcluding":"11.6.14","matchCriteriaId":"B333C05C-D6CC-4292-B54B-5D081FE92C6E"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:-:*:*:*","versionStartIncluding":"12.1.5","versionEndExcluding":"12.1.10","matchCriteriaId":"252E74A8-BC0A-420D-A937-84AAE46C8BDA"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:-:*:*:*","versionStartIncluding":"12.2.2","versionEndExcluding":"12.2.8","matchCriteriaId":"409163A6-7B0A-4E46-AD47-620AFC841A9B"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:-:*:*:*","versionStartIncluding":"12.3.1","versionEndExcluding":"12.3.6","matchCriteriaId":"875BA099-9D0F-4DC0-80DF-5F35D06097AC"}]}]}],"references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-21724","source":"security@grafana.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-33375","sourceIdentifier":"security@grafana.com","published":"2026-03-26T21:17:05.573","lastModified":"2026-06-17T13:20:16.357","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user (Viewer) to bypass API restrictions and trigger a catastrophic Out-Of-Memory (OOM) memory exhaustion, crashing the host container."},{"lang":"es","value":"El plugin de fuente de datos de Grafana MSSQL contiene un fallo lógico que permite a un usuario con pocos privilegios (Visor) eludir las restricciones de la API y desencadenar un agotamiento catastrófico de la memoria por Out-Of-Memory (OOM), lo que provoca la caída del contenedor anfitrión."}],"affected":[{"source":"security@grafana.com","affectedData":[{"vendor":"Grafana","product":"Grafana OSS","defaultStatus":"unaffected","versions":[{"version":"11.6.0","lessThan":"11.6.14+security-01","versionType":"semver","status":"affected"},{"version":"12.1.0","lessThan":"12.1.10+security-01","versionType":"semver","status":"affected"},{"version":"12.2.0","lessThan":"12.2.8+security-01","versionType":"semver","status":"affected"},{"version":"12.3.0","lessThan":"12.3.6+security-01","versionType":"semver","status":"affected"},{"version":"12.4.0","lessThan":"12.4.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@grafana.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-27T14:39:23.654250Z","id":"CVE-2026-33375","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:-:*:*:*","versionStartIncluding":"11.6.0","versionEndExcluding":"11.6.14","matchCriteriaId":"D46EB6A0-D0D1-4209-B7B5-3BACD4ADAF9F"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:-:*:*:*","versionStartIncluding":"12.1.0","versionEndExcluding":"12.1.10","matchCriteriaId":"C0016311-847E-438D-A1C7-B03005867EAF"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:-:*:*:*","versionStartIncluding":"12.2.0","versionEndExcluding":"12.2.8","matchCriteriaId":"96AAB185-6025-4B8F-A07E-CABD00DDC295"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:-:*:*:*","versionStartIncluding":"12.3.0","versionEndExcluding":"12.3.6","matchCriteriaId":"581CC6E2-4E52-4E13-804B-8D944BA03D15"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:-:*:*:*","versionStartIncluding":"12.4.0","versionEndExcluding":"12.4.2","matchCriteriaId":"A699040D-CF1F-474F-A01D-49C6E62C026B"}]}]}],"references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-33375","source":"security@grafana.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-28377","sourceIdentifier":"security@grafana.com","published":"2026-03-26T22:16:28.460","lastModified":"2026-06-17T13:20:14.760","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potentially allowing unauthorized users to obtain the key used to encrypt trace data stored in S3.\n\nThanks to william_goodfellow for reporting this vulnerability."},{"lang":"es","value":"Una vulnerabilidad en Grafana Tempo expone la clave de cifrado S3 SSE-C en texto plano a través del endpoint /status/config, lo que podría permitir a usuarios no autorizados obtener la clave utilizada para cifrar los datos de traza almacenados en S3.\n\nGracias a william_goodfellow por informar sobre esta vulnerabilidad."}],"affected":[{"source":"security@grafana.com","affectedData":[{"vendor":"Grafana","product":"Tempo","defaultStatus":"unaffected","versions":[{"version":"2.10.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@grafana.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-27T13:29:52.402572Z","id":"CVE-2026-28377","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-326"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:tempo:*:*:*:*:*:*:*:*","versionEndExcluding":"2.10.3","matchCriteriaId":"B1FEA69C-8014-4D65-AFA0-5C44DF250663"}]}]}],"references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-28377","source":"security@grafana.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-27879","sourceIdentifier":"security@grafana.com","published":"2026-03-27T15:16:51.187","lastModified":"2026-06-17T13:20:14.133","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A resample query can be used to trigger out-of-memory crashes in Grafana."}],"affected":[{"source":"security@grafana.com","affectedData":[{"vendor":"Grafana","product":"Grafana","defaultStatus":"unaffected","versions":[{"version":"8.0.0","lessThan":"11.6.14","versionType":"semver","status":"affected"},{"version":"12.0.0","lessThan":"12.1.10","versionType":"semver","status":"affected"},{"version":"12.2.0","lessThan":"12.2.8","versionType":"semver","status":"affected"},{"version":"12.3.0","lessThan":"12.3.6","versionType":"semver","status":"affected"},{"version":"12.4.0","lessThan":"12.4.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@grafana.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-31T15:02:56.347770Z","id":"CVE-2026-27879","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionEndExcluding":"8.0.0","matchCriteriaId":"7B51404F-9207-4B3D-B9A8-5D7A4CC69C82"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"11.6.14","versionEndExcluding":"12.0.0","matchCriteriaId":"5845D5E9-8631-4F0B-B100-24DCDE4C8C1F"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.1.10","versionEndExcluding":"12.2.0","matchCriteriaId":"AE3F977F-FF94-4A15-918C-54241EC49560"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.2.8","versionEndExcluding":"12.3.0","matchCriteriaId":"CB499815-0B44-4BF9-AB14-F7272EF0173F"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.3.6","versionEndExcluding":"12.4.0","matchCriteriaId":"7F2B145A-24E0-4C0F-BF82-FFD2B1301B51"}]}]}],"references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-27879","source":"security@grafana.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-28375","sourceIdentifier":"security@grafana.com","published":"2026-03-27T15:16:51.547","lastModified":"2026-06-17T13:20:14.500","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A testdata data-source can be used to trigger out-of-memory crashes in Grafana."}],"affected":[{"source":"security@grafana.com","affectedData":[{"vendor":"Grafana","product":"Grafana","defaultStatus":"unaffected","versions":[{"version":"8.1.0","lessThan":"11.6.14","versionType":"semver","status":"affected"},{"version":"12.0.0","lessThan":"12.1.10","versionType":"semver","status":"affected"},{"version":"12.2.0","lessThan":"12.2.8","versionType":"semver","status":"affected"},{"version":"12.3.0","lessThan":"12.3.6","versionType":"semver","status":"affected"},{"version":"12.4.0","lessThan":"12.4.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@grafana.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-31T15:00:57.773116Z","id":"CVE-2026-28375","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionEndExcluding":"8.1.0","matchCriteriaId":"3D7C388A-A7A0-4ED2-B0D4-3D9440B59F17"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"11.6.14","versionEndExcluding":"12.0.0","matchCriteriaId":"5845D5E9-8631-4F0B-B100-24DCDE4C8C1F"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.1.10","versionEndExcluding":"12.2.0","matchCriteriaId":"AE3F977F-FF94-4A15-918C-54241EC49560"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.2.8","versionEndExcluding":"12.3.0","matchCriteriaId":"CB499815-0B44-4BF9-AB14-F7272EF0173F"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.3.6","versionEndExcluding":"12.4.0","matchCriteriaId":"7F2B145A-24E0-4C0F-BF82-FFD2B1301B51"}]}]}],"references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-28375","source":"security@grafana.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-2394","sourceIdentifier":"3f572a00-62e2-4423-959a-7ea25eff1638","published":"2026-04-01T01:16:40.990","lastModified":"2026-06-17T18:17:41.203","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Buffer Over-read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.2.34, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x before 5.2.*."},{"lang":"es","value":"Vulnerabilidad de lectura excesiva de búfer en RTI Connext Professional (Core Libraries) permite la lectura excesiva de búferes. Este problema afecta a Connext Professional: desde 7.4.0 antes de 7.7.0, desde 7.0.0 antes de 7.3.1.1, desde 6.1.0 antes de 6.1.*, desde 6.0.0 antes de 6.0.*, desde 5.3.0 antes de 5.3.*, desde 4.3x antes de 5.2.*."}],"affected":[{"source":"3f572a00-62e2-4423-959a-7ea25eff1638","affectedData":[{"vendor":"RTI","product":"Connext Professional","defaultStatus":"unaffected","packageName":"connext_professional","modules":["Core Libraries"],"packageURL":"pkg:generic/connext_professional","versions":[{"version":"7.4.0","lessThan":"7.7.0","versionType":"custom","status":"affected"},{"version":"7.0.0","lessThan":"7.3.1.1","versionType":"custom","status":"affected"},{"version":"6.1.0","lessThan":"6.1.2.34","versionType":"custom","status":"affected"},{"version":"6.0.0","lessThan":"6.0.*","versionType":"custom","status":"affected"},{"version":"5.3.0","lessThan":"5.3.*","versionType":"custom","status":"affected"},{"version":"4.3x","lessThan":"5.2.*","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"3f572a00-62e2-4423-959a-7ea25eff1638","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-01T14:31:58.220725Z","id":"CVE-2026-2394","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"3f572a00-62e2-4423-959a-7ea25eff1638","type":"Secondary","description":[{"lang":"en","value":"CWE-126"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*","versionStartIncluding":"4.3.0","versionEndIncluding":"5.2.3","matchCriteriaId":"1D94CB04-B781-49BA-AD24-F7FBAB83C897"},{"vulnerable":true,"criteria":"cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3.0","versionEndIncluding":"5.3.1.45","matchCriteriaId":"F8B1FE0A-A2E0-45AA-9ED2-CED9BDA02047"},{"vulnerable":true,"criteria":"cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.0","versionEndIncluding":"6.0.1.40","matchCriteriaId":"8369CEAE-4767-4910-AD55-3C6E8898EE5F"},{"vulnerable":true,"criteria":"cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.0","versionEndIncluding":"6.1.2.27","matchCriteriaId":"2042782E-93AB-4D92-9DB0-3377557B5B46"},{"vulnerable":true,"criteria":"cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.3.1.1","matchCriteriaId":"9F77FCD6-D5AC-46DF-99BF-D9E30919B5E4"},{"vulnerable":true,"criteria":"cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.0","versionEndExcluding":"7.7.0","matchCriteriaId":"DF87EB0F-A1CD-40D1-96F0-53D964E34BFC"}]}]}],"references":[{"url":"https://www.rti.com/vulnerabilities/#cve-2026-2394","source":"3f572a00-62e2-4423-959a-7ea25eff1638","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-4374","sourceIdentifier":"3f572a00-62e2-4423-959a-7ea25eff1638","published":"2026-04-01T02:16:03.540","lastModified":"2026-06-17T19:18:09.953","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Cloud Discovery Service, Recording Service, Routing Service, Queueing Service, Observability Collector) allows Serialized Data External Linking, Data Serialization External Entities Blowup.<p>This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.1.0 before 7.3.1.1, from 6.1.0 before 6.1.2.34, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*.</p>"},{"lang":"es","value":"Vulnerabilidad de restricción incorrecta de referencia a entidad externa XML en RTI Connext Professional (Routing Service, Observability Collector, Recording Service, Queueing Service, Cloud Discovery Service) permite el enlace externo de datos serializados, la serialización de datos..."}],"affected":[{"source":"3f572a00-62e2-4423-959a-7ea25eff1638","affectedData":[{"vendor":"RTI","product":"Connext Professional","defaultStatus":"unaffected","packageName":"connext_professional","modules":["Cloud Discovery Service","Recording Service","Routing Service","Queueing Service","Observability Collector"],"packageURL":"pkg:generic/connext_professional","versions":[{"version":"7.4.0","lessThan":"7.7.0","versionType":"custom","status":"affected"},{"version":"7.1.0","lessThan":"7.3.1.1","versionType":"custom","status":"affected"},{"version":"6.1.0","lessThan":"6.1.2.34","versionType":"custom","status":"affected"},{"version":"6.0.0","lessThan":"6.0.*","versionType":"custom","status":"affected"},{"version":"5.3.0","lessThan":"5.3.*","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"3f572a00-62e2-4423-959a-7ea25eff1638","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-01T14:23:31.865417Z","id":"CVE-2026-4374","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"3f572a00-62e2-4423-959a-7ea25eff1638","type":"Secondary","description":[{"lang":"en","value":"CWE-611"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3.0","versionEndIncluding":"5.3.1.45","matchCriteriaId":"F8B1FE0A-A2E0-45AA-9ED2-CED9BDA02047"},{"vulnerable":true,"criteria":"cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.0","versionEndIncluding":"6.0.1.40","matchCriteriaId":"8369CEAE-4767-4910-AD55-3C6E8898EE5F"},{"vulnerable":true,"criteria":"cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.0","versionEndIncluding":"6.1.2.27","matchCriteriaId":"2042782E-93AB-4D92-9DB0-3377557B5B46"},{"vulnerable":true,"criteria":"cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.3.1.1","matchCriteriaId":"9F77FCD6-D5AC-46DF-99BF-D9E30919B5E4"},{"vulnerable":true,"criteria":"cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.0","versionEndExcluding":"7.7.0","matchCriteriaId":"DF87EB0F-A1CD-40D1-96F0-53D964E34BFC"}]}]}],"references":[{"url":"https://www.rti.com/vulnerabilities/#cve-2026-4374","source":"3f572a00-62e2-4423-959a-7ea25eff1638","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-5904","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-04-08T22:16:30.287","lastModified":"2026-06-17T13:20:53.360","vulnStatus":"Rejected","cveTags":[],"descriptions":[{"lang":"en","value":"Rejected reason: Determined a bug and not a vulnerability"}],"metrics":{},"references":[]}},{"cve":{"id":"CVE-2026-21726","sourceIdentifier":"security@grafana.com","published":"2026-04-15T20:16:34.177","lastModified":"2026-06-17T13:20:05.657","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/{namespace}\n\nThanks to Prasanth Sundararajan for reporting this vulnerability."}],"affected":[{"source":"security@grafana.com","affectedData":[{"vendor":"Grafana","product":"Loki","defaultStatus":"unaffected","versions":[{"version":"2.3.0","lessThan":"3.5.9","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@grafana.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-15T20:01:24.769436Z","id":"CVE-2026-21726","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:loki:*:*:*:*:*:*:*:*","versionEndExcluding":"3.6.4","matchCriteriaId":"4A927B56-3873-4166-8F65-6E312D898B03"}]}]}],"references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-21726","source":"security@grafana.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-21727","sourceIdentifier":"security@grafana.com","published":"2026-04-15T20:16:34.290","lastModified":"2026-06-17T13:20:05.787","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"---\ntitle: Cross-Tenant Legacy Correlation Disclosure and Deletion\ndraft: false\nhero:\n  image: /static/img/heros/hero-legal2.svg\n  content: \"# Cross-Tenant Legacy Correlation Disclosure and Deletion\"\ndate: 2026-01-29\nproduct: Grafana\nseverity: Low\ncve: CVE-2026-21727\ncvss_score: \"3.3\"\ncvss_vector: \"CVSS:3.3/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N\"\nfixed_versions:\n  - \">=11.6.11 >=12.0.9 >=12.1.6 >=12.2.4\"\n---\nA cross-tenant isolation vulnerability was found in Grafana’s Correlations feature affecting legacy correlation records. Due to a backward compatibility condition allowing org_id = 0 records to be returned across organizations, a user with datasource management privileges could read and permanently delete legacy correlation data belonging to another organization. This issue affects correlations created prior to Grafana 10.2 and is fixed in >=11.6.11, >=12.0.9, >=12.1.6, and >=12.2.4.\n\nThanks to Gyu-hyeok Lee (g2h) for reporting this vulnerability."}],"affected":[{"source":"security@grafana.com","affectedData":[{"vendor":"Grafana","product":"Grafana Correlations","defaultStatus":"unaffected","versions":[{"version":"10.2.0","lessThan":"12.4.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@grafana.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":0.7,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-15T19:56:51.668906Z","id":"CVE-2026-21727","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-732"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionEndExcluding":"11.6.11","matchCriteriaId":"E222AE63-CF86-4357-8D11-A35DCB08CF04"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.0.0","versionEndExcluding":"12.0.9","matchCriteriaId":"303497E8-487F-438B-BD49-0B5494FE1D9C"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.1.0","versionEndExcluding":"12.1.6","matchCriteriaId":"6DFA2773-579E-444B-A8DC-200D8211D231"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.2.0","versionEndExcluding":"12.2.4","matchCriteriaId":"C2BDFDFB-565D-4E2C-B32F-E4B66630CA19"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.3.0","versionEndExcluding":"12.3.3","matchCriteriaId":"E33CA4BF-8698-4307-87FB-7C6B56287003"}]}]}],"references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-21727","source":"security@grafana.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-31456","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-22T14:16:40.203","lastModified":"2026-06-17T14:17:46.867","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/pagewalk: fix race between concurrent split and refault\n\nThe splitting of a PUD entry in walk_pud_range() can race with a\nconcurrent thread refaulting the PUD leaf entry causing it to try walking\na PMD range that has disappeared.\n\nAn example and reproduction of this is to try reading numa_maps of a\nprocess while VFIO-PCI is setting up DMA (specifically the\nvfio_pin_pages_remote call) on a large BAR for that process.\n\nThis will trigger a kernel BUG:\nvfio-pci 0000:03:00.0: enabling device (0000 -> 0002)\nBUG: unable to handle page fault for address: ffffa23980000000\nPGD 0 P4D 0\nOops: Oops: 0000 [#1] SMP NOPTI\n...\nRIP: 0010:walk_pgd_range+0x3b5/0x7a0\nCode: 8d 43 ff 48 89 44 24 28 4d 89 ce 4d 8d a7 00 00 20 00 48 8b 4c 24\n28 49 81 e4 00 00 e0 ff 49 8d 44 24 ff 48 39 c8 4c 0f 43 e3 <49> f7 06\n   9f ff ff ff 75 3b 48 8b 44 24 20 48 8b 40 28 48 85 c0 74\nRSP: 0018:ffffac23e1ecf808 EFLAGS: 00010287\nRAX: 00007f44c01fffff RBX: 00007f4500000000 RCX: 00007f44ffffffff\nRDX: 0000000000000000 RSI: 000ffffffffff000 RDI: ffffffff93378fe0\nRBP: ffffac23e1ecf918 R08: 0000000000000004 R09: ffffa23980000000\nR10: 0000000000000020 R11: 0000000000000004 R12: 00007f44c0200000\nR13: 00007f44c0000000 R14: ffffa23980000000 R15: 00007f44c0000000\nFS:  00007fe884739580(0000) GS:ffff9b7d7a9c0000(0000)\nknlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: ffffa23980000000 CR3: 000000c0650e2005 CR4: 0000000000770ef0\nPKRU: 55555554\nCall Trace:\n <TASK>\n __walk_page_range+0x195/0x1b0\n walk_page_vma+0x62/0xc0\n show_numa_map+0x12b/0x3b0\n seq_read_iter+0x297/0x440\n seq_read+0x11d/0x140\n vfs_read+0xc2/0x340\n ksys_read+0x5f/0xe0\n do_syscall_64+0x68/0x130\n ? get_page_from_freelist+0x5c2/0x17e0\n ? mas_store_prealloc+0x17e/0x360\n ? vma_set_page_prot+0x4c/0xa0\n ? __alloc_pages_noprof+0x14e/0x2d0\n ? __mod_memcg_lruvec_state+0x8d/0x140\n ? __lruvec_stat_mod_folio+0x76/0xb0\n ? __folio_mod_stat+0x26/0x80\n ? do_anonymous_page+0x705/0x900\n ? __handle_mm_fault+0xa8d/0x1000\n ? __count_memcg_events+0x53/0xf0\n ? handle_mm_fault+0xa5/0x360\n ? do_user_addr_fault+0x342/0x640\n ? arch_exit_to_user_mode_prepare.constprop.0+0x16/0xa0\n ? irqentry_exit_to_user_mode+0x24/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7fe88464f47e\nCode: c0 e9 b6 fe ff ff 50 48 8d 3d be 07 0b 00 e8 69 01 02 00 66 0f 1f\n84 00 00 00 00 00 64 8b 04 25 18 00 00 00 85 c0 75 14 0f 05 <48> 3d 00\n   f0 ff ff 77 5a c3 66 0f 1f 84 00 00 00 00 00 48 83 ec 28\nRSP: 002b:00007ffe6cd9a9b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000\nRAX: ffffffffffffffda RBX: 0000000000020000 RCX: 00007fe88464f47e\nRDX: 0000000000020000 RSI: 00007fe884543000 RDI: 0000000000000003\nRBP: 00007fe884543000 R08: 00007fe884542010 R09: 0000000000000000\nR10: fffffffffffffbc5 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000003 R14: 0000000000020000 R15: 0000000000020000\n </TASK>\n\nFix this by validating the PUD entry in walk_pmd_range() using a stable\nsnapshot (pudp_get()).  If the PUD is not present or is a leaf, retry the\nwalk via ACTION_AGAIN instead of descending further.  This mirrors the\nretry logic in walk_pte_range(), which lets walk_pmd_range() retry if the\nPTE is not being got by pte_offset_map_lock()."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["mm/pagewalk.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"f9e54c3a2f5b79ecc57c7bc7d0d3521e461a2101","lessThan":"138ada1337b47cc5efb08e517674d46f86268274","versionType":"git","status":"affected"},{"version":"f9e54c3a2f5b79ecc57c7bc7d0d3521e461a2101","lessThan":"38ec58670a0c5fc1edabdeccd857e586b7b3f318","versionType":"git","status":"affected"},{"version":"f9e54c3a2f5b79ecc57c7bc7d0d3521e461a2101","lessThan":"9bbbebd94dd5be25ec8c899d46ef01b33d5d22c0","versionType":"git","status":"affected"},{"version":"f9e54c3a2f5b79ecc57c7bc7d0d3521e461a2101","lessThan":"3b89863c3fa482912911cd65a12a3aeef662c250","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["mm/pagewalk.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.12","status":"affected"},{"version":"0","lessThan":"6.12","versionType":"semver","status":"unaffected"},{"version":"6.12.84","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.21","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.11","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-362"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12","versionEndExcluding":"6.18.21","matchCriteriaId":"93477C16-86F4-42D8-A83F-3E95FF0B26F8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.11","matchCriteriaId":"4CA2E747-A9EC-4518-9AA2-B4247FC748B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/138ada1337b47cc5efb08e517674d46f86268274","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/38ec58670a0c5fc1edabdeccd857e586b7b3f318","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3b89863c3fa482912911cd65a12a3aeef662c250","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9bbbebd94dd5be25ec8c899d46ef01b33d5d22c0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-31688","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-27T18:16:54.287","lastModified":"2026-06-17T19:17:19.300","vulnStatus":"Rejected","cveTags":[],"descriptions":[{"lang":"en","value":"Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."}],"metrics":{},"references":[]}},{"cve":{"id":"CVE-2026-42510","sourceIdentifier":"cve@mitre.org","published":"2026-04-28T06:16:04.100","lastModified":"2026-06-17T21:18:38.280","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OpenStack Ironic before 35.0.1 allows ipmitool execution in a non-default configuration that has a console interface."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"OpenStack","product":"Ironic","defaultStatus":"unaffected","versions":[{"version":"4.3.0","lessThanOrEqual":"26.1.6","versionType":"semver","status":"affected"},{"version":"27.0.0","lessThanOrEqual":"29.0.5","versionType":"semver","status":"affected"},{"version":"30.0.0","lessThanOrEqual":"32.0.1","versionType":"semver","status":"affected"},{"version":"33.0.0","lessThanOrEqual":"35.0.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.7,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-28T12:35:30.564628Z","id":"CVE-2026-42510","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-829"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openstack:ironic:*:*:*:*:*:*:*:*","versionStartIncluding":"4.3.0","versionEndExcluding":"26.1.6","matchCriteriaId":"F81E2BEA-26C0-4CFD-B191-3A6F9E349844"},{"vulnerable":true,"criteria":"cpe:2.3:a:openstack:ironic:*:*:*:*:*:*:*:*","versionStartIncluding":"27.0.0","versionEndExcluding":"29.0.5","matchCriteriaId":"4F948886-9748-40E0-A3C2-2C95CCB2D498"},{"vulnerable":true,"criteria":"cpe:2.3:a:openstack:ironic:*:*:*:*:*:*:*:*","versionStartIncluding":"30.0.0","versionEndExcluding":"32.0.1","matchCriteriaId":"23B410FC-0DC1-4BB8-98C2-6EB01DF839CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:openstack:ironic:*:*:*:*:*:*:*:*","versionStartIncluding":"33.0.0","versionEndExcluding":"35.0.1","matchCriteriaId":"40C73777-6AE0-4FAE-BBE6-C499CD51A3C0"}]}]}],"references":[{"url":"https://bugs.launchpad.net/ironic/+bug/2148331","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://security.openstack.org/ossa/OSSA-2026-008.html","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/04/30/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2025-14543","sourceIdentifier":"3f572a00-62e2-4423-959a-7ea25eff1638","published":"2026-04-30T16:16:40.420","lastModified":"2026-06-17T18:17:33.320","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Core Libraries) allows Serialized Data External Linking.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x before 5.2.*."}],"affected":[{"source":"3f572a00-62e2-4423-959a-7ea25eff1638","affectedData":[{"vendor":"RTI","product":"Connext Professional","defaultStatus":"unaffected","packageName":"connext_professional","modules":["Core Libraries"],"packageURL":"pkg:generic/connext_professional","versions":[{"version":"7.4.0","lessThan":"7.7.0","versionType":"custom","status":"affected"},{"version":"7.0.0","lessThan":"7.3.1.1","versionType":"custom","status":"affected"},{"version":"6.1.0","lessThan":"6.1.*","versionType":"custom","status":"affected"},{"version":"6.0.0","lessThan":"6.0.*","versionType":"custom","status":"affected"},{"version":"5.3.0","lessThan":"5.3.*","versionType":"custom","status":"affected"},{"version":"4.3x","lessThan":"5.2.*","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"3f572a00-62e2-4423-959a-7ea25eff1638","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-30T15:42:00.570103Z","id":"CVE-2025-14543","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"3f572a00-62e2-4423-959a-7ea25eff1638","type":"Secondary","description":[{"lang":"en","value":"CWE-611"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*","versionStartIncluding":"4.3.0","versionEndIncluding":"5.2.3","matchCriteriaId":"1D94CB04-B781-49BA-AD24-F7FBAB83C897"},{"vulnerable":true,"criteria":"cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3.0","versionEndIncluding":"5.3.1.45","matchCriteriaId":"F8B1FE0A-A2E0-45AA-9ED2-CED9BDA02047"},{"vulnerable":true,"criteria":"cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.0","versionEndIncluding":"6.0.1.40","matchCriteriaId":"8369CEAE-4767-4910-AD55-3C6E8898EE5F"},{"vulnerable":true,"criteria":"cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.0","versionEndIncluding":"6.1.2.27","matchCriteriaId":"2042782E-93AB-4D92-9DB0-3377557B5B46"},{"vulnerable":true,"criteria":"cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.3.1.1","matchCriteriaId":"9F77FCD6-D5AC-46DF-99BF-D9E30919B5E4"},{"vulnerable":true,"criteria":"cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.0","versionEndExcluding":"7.7.0","matchCriteriaId":"DF87EB0F-A1CD-40D1-96F0-53D964E34BFC"}]}]}],"references":[{"url":"https://www.rti.com/vulnerabilities/#cve-2025-14543","source":"3f572a00-62e2-4423-959a-7ea25eff1638","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-43122","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-06T12:16:29.067","lastModified":"2026-06-17T20:17:03.377","vulnStatus":"Rejected","cveTags":[],"descriptions":[{"lang":"en","value":"Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."}],"metrics":{},"references":[]}},{"cve":{"id":"CVE-2026-7936","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-06T19:16:41.933","lastModified":"2026-06-17T13:21:06.543","vulnStatus":"Rejected","cveTags":[],"descriptions":[{"lang":"en","value":"Rejected reason: Determined not a vulnerability"}],"metrics":{},"references":[]}},{"cve":{"id":"CVE-2026-43422","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:54.290","lastModified":"2026-06-17T19:17:36.543","vulnStatus":"Rejected","cveTags":[],"descriptions":[{"lang":"en","value":"Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."}],"metrics":{},"references":[]}},{"cve":{"id":"CVE-2026-43423","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T15:16:54.390","lastModified":"2026-06-17T19:17:50.973","vulnStatus":"Rejected","cveTags":[],"descriptions":[{"lang":"en","value":"Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."}],"metrics":{},"references":[]}},{"cve":{"id":"CVE-2026-33841","sourceIdentifier":"secure@microsoft.com","published":"2026-05-12T18:17:06.297","lastModified":"2026-06-17T20:16:51.387","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Windows 10 Version 21H2","platforms":["32-bit Systems","ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.19044.0","lessThan":"10.0.19044.7291","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 22H2","platforms":["32-bit Systems","ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.19045.0","lessThan":"10.0.19045.7417","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 version 23H2","platforms":["ARM64-based Systems"],"versions":[{"version":"10.0.22631.0","lessThan":"10.0.22631.7079","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 23H2","platforms":["x64-based Systems"],"versions":[{"version":"10.0.22631.0","lessThan":"10.0.22631.7219","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 24H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.8457","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 25H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26200.0","lessThan":"10.0.26200.8457","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 version 26H1","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.28000.0","lessThan":"10.0.28000.2113","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2022","platforms":["x64-based Systems"],"versions":[{"version":"10.0.20348.0","lessThan":"10.0.20348.5139","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2022, 23H2 Edition (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.25398.0","lessThan":"10.0.25398.2330","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.32860","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.32860","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-13T03:56:46.307679Z","id":"CVE-2026-33841","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.19044.7291","matchCriteriaId":"92E25E15-66FF-45E3-A044-88A7CFDEA9DF"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.19044.7291","matchCriteriaId":"0D04D4AA-D1A5-45D4-A27A-F80D3F6171AF"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.19044.7291","matchCriteriaId":"12B4D343-5326-4CF2-913D-F642C34B458A"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.19045.7291","matchCriteriaId":"6BB3BCA4-519F-4BAB-B7C7-9E3BBCE5A6AB"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.19045.7291","matchCriteriaId":"65466E7E-0BDC-4ECC-AE5F-2E4B8615D205"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.19045.7291","matchCriteriaId":"A722684E-1073-4076-82AE-3235AA1C4C9F"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.22631.7079","matchCriteriaId":"D039A905-2FE4-4A10-85BF-175947E6A017"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.22631.7079","matchCriteriaId":"4904DDBD-B183-4AA2-ABD6-47BAF1A28861"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.26100.8390","matchCriteriaId":"048AD3CD-DD62-4B62-9302-61779D998B4A"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.26100.8390","matchCriteriaId":"3682F4DD-0870-4E39-B75E-649C89BB1E08"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.26200.8390","matchCriteriaId":"C2C93D38-DFD7-4DE1-95B8-6D73E4A545D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.26200.8390","matchCriteriaId":"05EB89A0-2ADD-4B67-A644-41FE1DE69E4A"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.28000.2113","matchCriteriaId":"D45A5D2F-E058-4033-B184-BAE224FC1CEA"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.28000.2113","matchCriteriaId":"5127F350-9271-4B74-84E0-D7E5D2D5640E"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.20348.5074","matchCriteriaId":"10060868-96D5-47E4-8FEB-80A79DCC1134"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.25398.2330","matchCriteriaId":"E3F26150-16EA-4D34-8BE9-2EE7C745D707"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.26100.32772","matchCriteriaId":"9ABAB3B9-28AF-4278-8E78-E1191B1AFC0C"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33841","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-42937","sourceIdentifier":"f5sirt@f5.com","published":"2026-05-13T16:16:50.050","lastModified":"2026-06-17T18:10:16.620","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell (tmsh) arp and ndp commands, and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attacker to view adjacent network information. \n\n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}],"affected":[{"source":"f5sirt@f5.com","affectedData":[{"vendor":"F5","product":"BIG-IP","defaultStatus":"unknown","modules":["All Modules"],"versions":[{"version":"21.1.0","lessThan":"*","versionType":"custom","status":"unaffected"},{"version":"21.0.0","lessThan":"21.0.0.2","versionType":"custom","status":"affected"},{"version":"17.5.0","lessThan":"17.5.1.6","versionType":"custom","status":"affected"},{"version":"17.1.0","lessThan":"17.1.3.2","versionType":"custom","status":"affected"},{"version":"16.1.0","lessThan":"*","versionType":"custom","status":"affected"}]},{"vendor":"F5","product":"BIG-IQ","defaultStatus":"unknown","versions":[{"version":"8.4.0","lessThan":"*","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-13T16:02:58.207895Z","id":"CVE-2026-42937","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"f5sirt@f5.com","type":"Secondary","description":[{"lang":"en","value":"CWE-732"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"BD3A2286-B181-47DA-BCB3-A9D0E0B357AC"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"004CBB88-E617-4A0A-BE42-E1E6BB52D736"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"920FA89D-E154-4936-B88E-8B60D5B39B40"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"94ADD021-8229-4CDE-AE73-33FB1BD4A3C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"216A1ED3-D0CD-4A08-B9E8-A5B54942E831"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"CA7B9727-7694-4D1B-8B48-175196544050"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"5481F477-166F-4321-80A0-539095C6B829"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"5462B02C-4414-4B14-A671-D8993BD9511D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"4A6B33EA-BD41-45A1-801F-BF2439E4F501"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"972BEB00-AAC3-42F7-BB45-881E1A3D1131"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"226B7285-7977-4BBC-947E-E9541E1AAB89"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"8B49FF41-861D-488F-94DC-DAE222A9BE0D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"4962EDD5-384F-4ABC-8696-8C4AACEE19BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"CE7A5976-AAA0-4FF1-ADAC-4547F24765FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"5728B748-0795-4056-91E8-B3A0DB3A3081"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"C453B7CE-FBA6-46E7-975D-61D7A18773F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"EC77DFC2-A3DC-46E6-9419-0ABA84CD275E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"25701935-02F5-4BD8-95F0-6693C6606558"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"AC71E265-C7B7-4A78-B73A-32B5FECE5D36"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"8B029869-31AB-4FE2-846E-FC6F7133ADF8"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"2760AEE2-DCA4-4ED8-92DE-F409EED1A7D9"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3.1","matchCriteriaId":"5317A6D5-D918-4BE0-9084-36E9E2DE6473"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1.4","matchCriteriaId":"67A7F8C7-B295-4666-BC8B-FD3F086B731A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3.1","matchCriteriaId":"5D32F168-182B-44C6-B0E0-EA35FFEF085D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1.4","matchCriteriaId":"9D40D996-431C-4A80-8286-0DDE9CABE7D0"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3.1","matchCriteriaId":"321F241A-C271-4935-BFCC-285147C29499"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1.4","matchCriteriaId":"074343C5-CD56-4E06-9FCD-2D81BFE889A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3.1","matchCriteriaId":"00682C22-1F4E-4DDC-A821-123962660F7A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1.4","matchCriteriaId":"117301F9-F283-484E-B14B-1D64FF56D26D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3.1","matchCriteriaId":"3565D432-B53A-47E6-AE2E-1C787EE7B630"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1.4","matchCriteriaId":"598B7A83-1889-4993-B1FD-825102FF94D5"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3.1","matchCriteriaId":"1D31ACBC-74FE-4AB9-A9A9-EDFAFDBDD3F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1.4","matchCriteriaId":"699581D9-7F53-4049-BD8E-BABD3BE8FC8A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3.1","matchCriteriaId":"EA9F4B92-8FBF-4D8E-A7B0-9764349E20F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1.4","matchCriteriaId":"9531F9FE-3E20-4F00-B2E3-A09E3DDB5CA5"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3.1","matchCriteriaId":"68D0B5B9-8136-4E1E-9B12-46268C553C29"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1.4","matchCriteriaId":"49A6ED3D-DFFB-417D-8365-F4D6E14C4200"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3.1","matchCriteriaId":"55CEADD5-ACEE-49CC-A927-EBC854918D1E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1.4","matchCriteriaId":"D5225A6E-CBE6-425B-BFF9-87782B683CDC"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3.1","matchCriteriaId":"321D28A5-6482-4DA4-B4A4-DF4B1B62664C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1.4","matchCriteriaId":"C188C945-26B9-4D2C-B001-016D36C88917"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3.1","matchCriteriaId":"2B8AE9DF-2058-496A-AC23-75976EE1C542"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1.4","matchCriteriaId":"A4F87ADD-0149-4AE0-AFEB-BB1AA123F2D5"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3.1","matchCriteriaId":"71DCA085-CCEA-4D2D-AB31-A2BA49D4502F"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1.4","matchCriteriaId":"23056306-3CD8-433F-BC25-483202073C43"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3.1","matchCriteriaId":"FCC00A74-D454-411F-9BE2-CC2F821992D6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1.4","matchCriteriaId":"21157077-84EB-4497-9BA9-8A392E890D07"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3.1","matchCriteriaId":"F7D3043B-3A5D-4DE4-852C-60554B3E5DE2"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1.4","matchCriteriaId":"E32987D3-58EA-442D-8112-2C738862DADD"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3.1","matchCriteriaId":"5A8DE07C-B8C8-4E7C-8AB7-C9509484CAD9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1.4","matchCriteriaId":"CF1BBEE0-9D86-4774-A548-E311A0C8679B"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3.1","matchCriteriaId":"A23687DC-EE3E-46BC-8866-066D832FC6F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0.","versionEndIncluding":"17.5.1.4","matchCriteriaId":"FABD955F-7BF9-40EF-AAF7-619BE4E50CE7"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3.1","matchCriteriaId":"EB24F2B3-1D94-4202-B33E-17044A8D3148"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1.4","matchCriteriaId":"E15C8107-BC7C-45FB-BC23-37C28F68F43F"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3.1","matchCriteriaId":"8A0BD2D5-CCA6-43D5-8B98-10CF68D61504"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1.4","matchCriteriaId":"C1D271F5-159C-4A6A-915F-DDCA2A9466F1"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3.1","matchCriteriaId":"FB1EE0AF-906C-4C50-AB74-993AEF932E2D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1.4","matchCriteriaId":"F0360D51-AAF3-4543-9762-2DFFD8D756C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3.1","matchCriteriaId":"A7523553-C008-4FB1-9CDD-92997E7B1BBD"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1.4","matchCriteriaId":"C31D653A-C3F4-4CFA-9CBF-B10B954B7D2C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3.1","matchCriteriaId":"88F96EB4-332E-45A9-A6FC-457ADE8B63E1"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1.4","matchCriteriaId":"C665E549-E8AB-454D-9E19-539B0F27A3F0"}]}]}],"references":[{"url":"https://my.f5.com/manage/s/article/K000161018","source":"f5sirt@f5.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-28374","sourceIdentifier":"security@grafana.com","published":"2026-05-13T20:16:19.583","lastModified":"2026-06-17T13:20:14.370","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Editors could delete any annotation, even those they do not have read access to. The editor user cannot create or read the annotations."}],"affected":[{"source":"security@grafana.com","affectedData":[{"vendor":"Grafana","product":"Grafana OSS","defaultStatus":"unaffected","versions":[{"version":"8.5.0","lessThanOrEqual":"11.6.14","versionType":"semver","status":"affected"},{"version":"11.6.14","lessThan":"11.6.14+security-04","versionType":"custom","status":"affected"},{"version":"12.0.0","lessThanOrEqual":"12.2.8","versionType":"semver","status":"affected"},{"version":"12.2.8","lessThan":"12.2.8+security-04","versionType":"custom","status":"affected"},{"version":"12.3.0","lessThanOrEqual":"12.3.6","versionType":"semver","status":"affected"},{"version":"12.3.6","lessThan":"12.3.6+security-04","versionType":"custom","status":"affected"},{"version":"12.4.0","lessThanOrEqual":"12.4.3","versionType":"semver","status":"affected"},{"version":"12.4.3","lessThan":"12.4.3+security-02","versionType":"custom","status":"affected"},{"version":"13.0.0","lessThanOrEqual":"13.0.1","versionType":"semver","status":"affected"},{"version":"13.0.1","lessThan":"13.0.1+security-01","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@grafana.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-14T12:32:58.713813Z","id":"CVE-2026-28374","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"8.5.0","versionEndExcluding":"11.6.14","matchCriteriaId":"3EB52192-B43E-44FD-A838-245DD579DF4E"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.2.0","versionEndExcluding":"12.2.8","matchCriteriaId":"37747AB2-8B5F-4BD3-860E-0C092A9F78F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.3.0","versionEndExcluding":"12.3.6","matchCriteriaId":"870FE01F-86F1-4734-9CC3-6FC9AF3012C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.4.0","versionEndExcluding":"12.4.3","matchCriteriaId":"4451FBC6-6277-4DD8-B143-0DAE82175D9A"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:11.6.14:-:*:*:*:*:*:*","matchCriteriaId":"548C63DC-4E7F-4D9E-B2F0-AB24A66E0F7F"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:11.6.14:security01:*:*:*:*:*:*","matchCriteriaId":"5F103470-1371-498E-9442-11EA7C2E3A6B"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.2.8:-:*:*:*:*:*:*","matchCriteriaId":"4ACC0DB6-8BC4-4975-AD26-D41F69571EF6"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.2.8:security01:*:*:*:*:*:*","matchCriteriaId":"9EBE773D-17BB-4402-B0B8-74D3DD79B32C"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.3.6:-:*:*:*:*:*:*","matchCriteriaId":"6A58801D-1713-4A52-8713-9DD31F75698D"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.3.6:security01:*:*:*:*:*:*","matchCriteriaId":"5C930B25-FD06-477C-B226-DEB486A46DAA"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.4.3:-:*:*:*:*:*:*","matchCriteriaId":"172F03B1-E693-4EF3-90A0-D40773E4ACB4"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:13.0.0:*:*:*:*:*:*:*","matchCriteriaId":"0F0B8E4F-ADE7-4594-9241-966B1F0BC440"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:13.0.1:-:*:*:*:*:*:*","matchCriteriaId":"2AD87DC5-DF20-4993-A11B-91EBB313A40A"}]}]}],"references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-28374","source":"security@grafana.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-28376","sourceIdentifier":"security@grafana.com","published":"2026-05-13T20:16:19.760","lastModified":"2026-06-17T13:20:14.627","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a large or streaming request body, potentially leading to out-of-memory conditions. An authenticated user with access to the Grafana Live API can trigger this issue."}],"affected":[{"source":"security@grafana.com","affectedData":[{"vendor":"Grafana","product":"Grafana OSS","defaultStatus":"unaffected","versions":[{"version":"8.0.0","lessThanOrEqual":"11.6.14","versionType":"semver","status":"affected"},{"version":"11.6.14","lessThan":"11.6.14+security-04","versionType":"custom","status":"affected"},{"version":"12.0.0","lessThanOrEqual":"12.2.8","versionType":"semver","status":"affected"},{"version":"12.2.8","lessThan":"12.2.8+security-04","versionType":"custom","status":"affected"},{"version":"12.3.0","lessThanOrEqual":"12.3.6","versionType":"semver","status":"affected"},{"version":"12.3.6","lessThan":"12.3.6+security-04","versionType":"custom","status":"affected"},{"version":"12.4.0","lessThanOrEqual":"12.4.3","versionType":"semver","status":"affected"},{"version":"12.4.3","lessThan":"12.4.3+security-02","versionType":"custom","status":"affected"},{"version":"13.0.0","lessThanOrEqual":"13.0.1","versionType":"semver","status":"affected"},{"version":"13.0.1","lessThan":"13.0.1+security-01","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@grafana.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-14T18:10:50.762919Z","id":"CVE-2026-28376","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"11.6.14","matchCriteriaId":"8E135E10-C076-4250-A33D-ACFE7A77DB9D"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.0.0","versionEndExcluding":"12.2.8","matchCriteriaId":"80B49F3F-8139-4DEB-971F-1B4F05BDE98E"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.3.0","versionEndExcluding":"12.3.6","matchCriteriaId":"870FE01F-86F1-4734-9CC3-6FC9AF3012C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.4.0","versionEndExcluding":"12.4.3","matchCriteriaId":"4451FBC6-6277-4DD8-B143-0DAE82175D9A"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:11.6.14:-:*:*:*:*:*:*","matchCriteriaId":"548C63DC-4E7F-4D9E-B2F0-AB24A66E0F7F"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:11.6.14:security01:*:*:*:*:*:*","matchCriteriaId":"5F103470-1371-498E-9442-11EA7C2E3A6B"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.2.8:-:*:*:*:*:*:*","matchCriteriaId":"4ACC0DB6-8BC4-4975-AD26-D41F69571EF6"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.2.8:security01:*:*:*:*:*:*","matchCriteriaId":"9EBE773D-17BB-4402-B0B8-74D3DD79B32C"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.3.6:-:*:*:*:*:*:*","matchCriteriaId":"6A58801D-1713-4A52-8713-9DD31F75698D"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.3.6:security01:*:*:*:*:*:*","matchCriteriaId":"5C930B25-FD06-477C-B226-DEB486A46DAA"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.4.3:-:*:*:*:*:*:*","matchCriteriaId":"172F03B1-E693-4EF3-90A0-D40773E4ACB4"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:13.0.0:*:*:*:*:*:*:*","matchCriteriaId":"0F0B8E4F-ADE7-4594-9241-966B1F0BC440"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:13.0.1:-:*:*:*:*:*:*","matchCriteriaId":"2AD87DC5-DF20-4993-A11B-91EBB313A40A"}]}]}],"references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-28376","source":"security@grafana.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-28379","sourceIdentifier":"security@grafana.com","published":"2026-05-13T20:16:19.920","lastModified":"2026-06-17T13:20:14.880","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A race condition in Grafana Live allows authenticated users with Viewer role to trigger a server crash by sending concurrent requests that cause a fatal map access error. This results in complete service unavailability requiring restart of the Grafana server."}],"affected":[{"source":"security@grafana.com","affectedData":[{"vendor":"Grafana","product":"Grafana OSS","defaultStatus":"unaffected","versions":[{"version":"8.2.0","lessThanOrEqual":"11.6.14","versionType":"semver","status":"affected"},{"version":"11.6.14","lessThan":"11.6.14+security-04","versionType":"custom","status":"affected"},{"version":"12.0.0","lessThanOrEqual":"12.2.8","versionType":"semver","status":"affected"},{"version":"12.2.8","lessThan":"12.2.8+security-04","versionType":"custom","status":"affected"},{"version":"12.3.0","lessThanOrEqual":"12.3.6","versionType":"semver","status":"affected"},{"version":"12.3.6","lessThan":"12.3.6+security-04","versionType":"custom","status":"affected"},{"version":"12.4.0","lessThanOrEqual":"12.4.3","versionType":"semver","status":"affected"},{"version":"12.4.3","lessThan":"12.4.3+security-02","versionType":"custom","status":"affected"},{"version":"13.0.0","lessThanOrEqual":"13.0.1","versionType":"semver","status":"affected"},{"version":"13.0.1","lessThan":"13.0.1+security-01","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@grafana.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-14T18:12:23.118907Z","id":"CVE-2026-28379","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-362"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-362"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"8.5.0","versionEndExcluding":"11.6.14","matchCriteriaId":"3EB52192-B43E-44FD-A838-245DD579DF4E"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.2.0","versionEndExcluding":"12.2.8","matchCriteriaId":"37747AB2-8B5F-4BD3-860E-0C092A9F78F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.3.0","versionEndExcluding":"12.3.6","matchCriteriaId":"870FE01F-86F1-4734-9CC3-6FC9AF3012C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.4.0","versionEndExcluding":"12.4.3","matchCriteriaId":"4451FBC6-6277-4DD8-B143-0DAE82175D9A"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:11.6.14:-:*:*:*:*:*:*","matchCriteriaId":"548C63DC-4E7F-4D9E-B2F0-AB24A66E0F7F"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:11.6.14:security01:*:*:*:*:*:*","matchCriteriaId":"5F103470-1371-498E-9442-11EA7C2E3A6B"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.2.8:-:*:*:*:*:*:*","matchCriteriaId":"4ACC0DB6-8BC4-4975-AD26-D41F69571EF6"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.2.8:security01:*:*:*:*:*:*","matchCriteriaId":"9EBE773D-17BB-4402-B0B8-74D3DD79B32C"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.3.6:-:*:*:*:*:*:*","matchCriteriaId":"6A58801D-1713-4A52-8713-9DD31F75698D"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.3.6:security01:*:*:*:*:*:*","matchCriteriaId":"5C930B25-FD06-477C-B226-DEB486A46DAA"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.4.3:-:*:*:*:*:*:*","matchCriteriaId":"172F03B1-E693-4EF3-90A0-D40773E4ACB4"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:13.0.0:*:*:*:*:*:*:*","matchCriteriaId":"0F0B8E4F-ADE7-4594-9241-966B1F0BC440"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:13.0.1:-:*:*:*:*:*:*","matchCriteriaId":"2AD87DC5-DF20-4993-A11B-91EBB313A40A"}]}]}],"references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-28379","source":"security@grafana.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-28380","sourceIdentifier":"security@grafana.com","published":"2026-05-13T20:16:20.023","lastModified":"2026-06-17T13:20:14.997","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Any Editor could delete any snapshot, even if they have no access to read or write them."}],"affected":[{"source":"security@grafana.com","affectedData":[{"vendor":"Grafana","product":"Grafana OSS","defaultStatus":"unaffected","versions":[{"version":"9.4.0","lessThanOrEqual":"11.6.14","versionType":"semver","status":"affected"},{"version":"11.6.14","lessThan":"11.6.14+security-04","versionType":"custom","status":"affected"},{"version":"12.0.0","lessThanOrEqual":"12.2.8","versionType":"semver","status":"affected"},{"version":"12.2.8","lessThan":"12.2.8+security-04","versionType":"custom","status":"affected"},{"version":"12.3.0","lessThanOrEqual":"12.3.6","versionType":"semver","status":"affected"},{"version":"12.3.6","lessThan":"12.3.6+security-04","versionType":"custom","status":"affected"},{"version":"12.4.0","lessThanOrEqual":"12.4.3","versionType":"semver","status":"affected"},{"version":"12.4.3","lessThan":"12.4.3+security-02","versionType":"custom","status":"affected"},{"version":"13.0.0","lessThanOrEqual":"13.0.1","versionType":"semver","status":"affected"},{"version":"13.0.1","lessThan":"13.0.1+security-01","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@grafana.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-14T15:54:58.435055Z","id":"CVE-2026-28380","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"8.5.0","versionEndExcluding":"11.6.14","matchCriteriaId":"3EB52192-B43E-44FD-A838-245DD579DF4E"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.2.0","versionEndExcluding":"12.2.8","matchCriteriaId":"37747AB2-8B5F-4BD3-860E-0C092A9F78F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.3.0","versionEndExcluding":"12.3.6","matchCriteriaId":"870FE01F-86F1-4734-9CC3-6FC9AF3012C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.4.0","versionEndExcluding":"12.4.3","matchCriteriaId":"4451FBC6-6277-4DD8-B143-0DAE82175D9A"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:11.6.14:-:*:*:*:*:*:*","matchCriteriaId":"548C63DC-4E7F-4D9E-B2F0-AB24A66E0F7F"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:11.6.14:security01:*:*:*:*:*:*","matchCriteriaId":"5F103470-1371-498E-9442-11EA7C2E3A6B"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.2.8:-:*:*:*:*:*:*","matchCriteriaId":"4ACC0DB6-8BC4-4975-AD26-D41F69571EF6"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.2.8:security01:*:*:*:*:*:*","matchCriteriaId":"9EBE773D-17BB-4402-B0B8-74D3DD79B32C"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.3.6:-:*:*:*:*:*:*","matchCriteriaId":"6A58801D-1713-4A52-8713-9DD31F75698D"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.3.6:security01:*:*:*:*:*:*","matchCriteriaId":"5C930B25-FD06-477C-B226-DEB486A46DAA"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.4.3:-:*:*:*:*:*:*","matchCriteriaId":"172F03B1-E693-4EF3-90A0-D40773E4ACB4"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:13.0.0:*:*:*:*:*:*:*","matchCriteriaId":"0F0B8E4F-ADE7-4594-9241-966B1F0BC440"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:13.0.1:-:*:*:*:*:*:*","matchCriteriaId":"2AD87DC5-DF20-4993-A11B-91EBB313A40A"}]}]}],"references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-28380","source":"security@grafana.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-28383","sourceIdentifier":"security@grafana.com","published":"2026-05-13T20:16:20.130","lastModified":"2026-06-17T13:20:15.113","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A request to the Grafana plugin resources endpoint can cause unbounded memory allocation by reading the entire request body into memory. An authenticated user can exploit this to trigger an out-of-memory condition, potentially causing a denial of service."}],"affected":[{"source":"security@grafana.com","affectedData":[{"vendor":"Grafana","product":"Grafana OSS","defaultStatus":"unaffected","versions":[{"version":"6.7.0","lessThanOrEqual":"11.6.14","versionType":"semver","status":"affected"},{"version":"11.6.14","lessThan":"11.6.14+security-04","versionType":"custom","status":"affected"},{"version":"12.0.0","lessThanOrEqual":"12.2.8","versionType":"semver","status":"affected"},{"version":"12.2.8","lessThan":"12.2.8+security-04","versionType":"custom","status":"affected"},{"version":"12.3.0","lessThanOrEqual":"12.3.6","versionType":"semver","status":"affected"},{"version":"12.3.6","lessThan":"12.3.6+security-04","versionType":"custom","status":"affected"},{"version":"12.4.0","lessThanOrEqual":"12.4.3","versionType":"semver","status":"affected"},{"version":"12.4.3","lessThan":"12.4.3+security-02","versionType":"custom","status":"affected"},{"version":"13.0.0","lessThanOrEqual":"13.0.1","versionType":"semver","status":"affected"},{"version":"13.0.1","lessThan":"13.0.1+security-01","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@grafana.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-14T12:35:48.301448Z","id":"CVE-2026-28383","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"8.5.0","versionEndExcluding":"11.6.14","matchCriteriaId":"3EB52192-B43E-44FD-A838-245DD579DF4E"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.2.0","versionEndExcluding":"12.2.8","matchCriteriaId":"37747AB2-8B5F-4BD3-860E-0C092A9F78F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.3.0","versionEndExcluding":"12.3.6","matchCriteriaId":"870FE01F-86F1-4734-9CC3-6FC9AF3012C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.4.0","versionEndExcluding":"12.4.3","matchCriteriaId":"4451FBC6-6277-4DD8-B143-0DAE82175D9A"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:11.6.14:-:*:*:*:*:*:*","matchCriteriaId":"548C63DC-4E7F-4D9E-B2F0-AB24A66E0F7F"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:11.6.14:security01:*:*:*:*:*:*","matchCriteriaId":"5F103470-1371-498E-9442-11EA7C2E3A6B"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.2.8:-:*:*:*:*:*:*","matchCriteriaId":"4ACC0DB6-8BC4-4975-AD26-D41F69571EF6"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.2.8:security01:*:*:*:*:*:*","matchCriteriaId":"9EBE773D-17BB-4402-B0B8-74D3DD79B32C"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.3.6:-:*:*:*:*:*:*","matchCriteriaId":"6A58801D-1713-4A52-8713-9DD31F75698D"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.3.6:security01:*:*:*:*:*:*","matchCriteriaId":"5C930B25-FD06-477C-B226-DEB486A46DAA"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.4.3:-:*:*:*:*:*:*","matchCriteriaId":"172F03B1-E693-4EF3-90A0-D40773E4ACB4"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:13.0.0:*:*:*:*:*:*:*","matchCriteriaId":"0F0B8E4F-ADE7-4594-9241-966B1F0BC440"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:13.0.1:-:*:*:*:*:*:*","matchCriteriaId":"2AD87DC5-DF20-4993-A11B-91EBB313A40A"}]}]}],"references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-28383","source":"security@grafana.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-33376","sourceIdentifier":"security@grafana.com","published":"2026-05-13T20:16:20.367","lastModified":"2026-06-17T13:20:16.480","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"When using an IPv6 allow-list for the Auth Proxy feature, it defaults to /32 addresses. Addresses specifying a mask explicitly are not affected; to mitigate easily, add the desired mask (usually /128) to the addresses. Only auth proxy is affected; Okta, SAML, LDAP, etc are unaffected here."}],"affected":[{"source":"security@grafana.com","affectedData":[{"vendor":"Grafana","product":"Grafana OSS","defaultStatus":"unaffected","versions":[{"version":"9.4.0","lessThanOrEqual":"11.6.14","versionType":"semver","status":"affected"},{"version":"11.6.14","lessThan":"11.6.14+security-04","versionType":"custom","status":"affected"},{"version":"12.0.0","lessThanOrEqual":"12.2.8","versionType":"semver","status":"affected"},{"version":"12.2.8","lessThan":"12.2.8+security-04","versionType":"custom","status":"affected"},{"version":"12.3.0","lessThanOrEqual":"12.3.6","versionType":"semver","status":"affected"},{"version":"12.3.6","lessThan":"12.3.6+security-04","versionType":"custom","status":"affected"},{"version":"12.4.0","lessThanOrEqual":"12.4.3","versionType":"semver","status":"affected"},{"version":"12.4.3","lessThan":"12.4.3+security-02","versionType":"custom","status":"affected"},{"version":"13.0.0","lessThanOrEqual":"13.0.1","versionType":"semver","status":"affected"},{"version":"13.0.1","lessThan":"13.0.1+security-01","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@grafana.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-15T00:00:00+00:00","id":"CVE-2026-33376","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-1188"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"8.5.0","versionEndExcluding":"11.6.14","matchCriteriaId":"3EB52192-B43E-44FD-A838-245DD579DF4E"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.2.0","versionEndExcluding":"12.2.8","matchCriteriaId":"37747AB2-8B5F-4BD3-860E-0C092A9F78F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.3.0","versionEndExcluding":"12.3.6","matchCriteriaId":"870FE01F-86F1-4734-9CC3-6FC9AF3012C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.4.0","versionEndExcluding":"12.4.3","matchCriteriaId":"4451FBC6-6277-4DD8-B143-0DAE82175D9A"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:11.6.14:-:*:*:*:*:*:*","matchCriteriaId":"548C63DC-4E7F-4D9E-B2F0-AB24A66E0F7F"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:11.6.14:security01:*:*:*:*:*:*","matchCriteriaId":"5F103470-1371-498E-9442-11EA7C2E3A6B"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.2.8:-:*:*:*:*:*:*","matchCriteriaId":"4ACC0DB6-8BC4-4975-AD26-D41F69571EF6"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.2.8:security01:*:*:*:*:*:*","matchCriteriaId":"9EBE773D-17BB-4402-B0B8-74D3DD79B32C"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.3.6:-:*:*:*:*:*:*","matchCriteriaId":"6A58801D-1713-4A52-8713-9DD31F75698D"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.3.6:security01:*:*:*:*:*:*","matchCriteriaId":"5C930B25-FD06-477C-B226-DEB486A46DAA"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.4.3:-:*:*:*:*:*:*","matchCriteriaId":"172F03B1-E693-4EF3-90A0-D40773E4ACB4"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:13.0.0:*:*:*:*:*:*:*","matchCriteriaId":"0F0B8E4F-ADE7-4594-9241-966B1F0BC440"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:13.0.1:-:*:*:*:*:*:*","matchCriteriaId":"2AD87DC5-DF20-4993-A11B-91EBB313A40A"}]}]}],"references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-33376","source":"security@grafana.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-33377","sourceIdentifier":"security@grafana.com","published":"2026-05-13T20:16:20.470","lastModified":"2026-06-17T13:20:16.610","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard. The user must have write access to the dashboard to escalate privilege."}],"affected":[{"source":"security@grafana.com","affectedData":[{"vendor":"Grafana","product":"Grafana OSS","defaultStatus":"unaffected","versions":[{"version":"8.5.0","lessThanOrEqual":"11.6.14","versionType":"semver","status":"affected"},{"version":"11.6.14","lessThan":"11.6.14+security-04","versionType":"custom","status":"affected"},{"version":"12.0.0","lessThanOrEqual":"12.2.8","versionType":"semver","status":"affected"},{"version":"12.2.8","lessThan":"12.2.8+security-04","versionType":"custom","status":"affected"},{"version":"12.3.0","lessThanOrEqual":"12.3.6","versionType":"semver","status":"affected"},{"version":"12.3.6","lessThan":"12.3.6+security-04","versionType":"custom","status":"affected"},{"version":"12.4.0","lessThanOrEqual":"12.4.3","versionType":"semver","status":"affected"},{"version":"12.4.3","lessThan":"12.4.3+security-02","versionType":"custom","status":"affected"},{"version":"13.0.0","lessThanOrEqual":"13.0.1","versionType":"semver","status":"affected"},{"version":"13.0.1","lessThan":"13.0.1+security-01","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@grafana.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-16T03:55:59.661383Z","id":"CVE-2026-33377","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"8.5.0","versionEndExcluding":"11.6.14","matchCriteriaId":"3EB52192-B43E-44FD-A838-245DD579DF4E"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.2.0","versionEndExcluding":"12.2.8","matchCriteriaId":"37747AB2-8B5F-4BD3-860E-0C092A9F78F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.3.0","versionEndExcluding":"12.3.6","matchCriteriaId":"870FE01F-86F1-4734-9CC3-6FC9AF3012C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.4.0","versionEndExcluding":"12.4.3","matchCriteriaId":"4451FBC6-6277-4DD8-B143-0DAE82175D9A"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:11.6.14:-:*:*:*:*:*:*","matchCriteriaId":"548C63DC-4E7F-4D9E-B2F0-AB24A66E0F7F"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:11.6.14:security01:*:*:*:*:*:*","matchCriteriaId":"5F103470-1371-498E-9442-11EA7C2E3A6B"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.2.8:-:*:*:*:*:*:*","matchCriteriaId":"4ACC0DB6-8BC4-4975-AD26-D41F69571EF6"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.2.8:security01:*:*:*:*:*:*","matchCriteriaId":"9EBE773D-17BB-4402-B0B8-74D3DD79B32C"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.3.6:-:*:*:*:*:*:*","matchCriteriaId":"6A58801D-1713-4A52-8713-9DD31F75698D"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.3.6:security01:*:*:*:*:*:*","matchCriteriaId":"5C930B25-FD06-477C-B226-DEB486A46DAA"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.4.3:-:*:*:*:*:*:*","matchCriteriaId":"172F03B1-E693-4EF3-90A0-D40773E4ACB4"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:13.0.0:*:*:*:*:*:*:*","matchCriteriaId":"0F0B8E4F-ADE7-4594-9241-966B1F0BC440"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:13.0.1:-:*:*:*:*:*:*","matchCriteriaId":"2AD87DC5-DF20-4993-A11B-91EBB313A40A"}]}]}],"references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-33377","source":"security@grafana.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-33378","sourceIdentifier":"security@grafana.com","published":"2026-05-13T20:16:20.583","lastModified":"2026-06-17T13:20:16.740","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Using the $__timeGroup macro, one can achieve an OOM by overloading the server. This requires a SQL datasource. If the server is set up to auto-restart, the impact is minimal or non-existent, as the attack can take upwards of half an hour to crash the server."}],"affected":[{"source":"security@grafana.com","affectedData":[{"vendor":"Grafana","product":"Grafana OSS","defaultStatus":"unaffected","versions":[{"version":"8.0.0","lessThanOrEqual":"11.6.14","versionType":"semver","status":"affected"},{"version":"11.6.14","lessThan":"11.6.14+security-04","versionType":"custom","status":"affected"},{"version":"12.0.0","lessThanOrEqual":"12.2.8","versionType":"semver","status":"affected"},{"version":"12.2.8","lessThan":"12.2.8+security-04","versionType":"custom","status":"affected"},{"version":"12.3.0","lessThanOrEqual":"12.3.6","versionType":"semver","status":"affected"},{"version":"12.3.6","lessThan":"12.3.6+security-04","versionType":"custom","status":"affected"},{"version":"12.4.0","lessThanOrEqual":"12.4.3","versionType":"semver","status":"affected"},{"version":"12.4.3","lessThan":"12.4.3+security-02","versionType":"custom","status":"affected"},{"version":"13.0.0","lessThanOrEqual":"13.0.1","versionType":"semver","status":"affected"},{"version":"13.0.1","lessThan":"13.0.1+security-01","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@grafana.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-14T12:33:44.094482Z","id":"CVE-2026-33378","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"11.6.14","matchCriteriaId":"8E135E10-C076-4250-A33D-ACFE7A77DB9D"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.0.0","versionEndExcluding":"12.2.8","matchCriteriaId":"80B49F3F-8139-4DEB-971F-1B4F05BDE98E"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.3.0","versionEndExcluding":"12.3.6","matchCriteriaId":"870FE01F-86F1-4734-9CC3-6FC9AF3012C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.4.0","versionEndExcluding":"12.4.3","matchCriteriaId":"4451FBC6-6277-4DD8-B143-0DAE82175D9A"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:11.6.14:-:*:*:*:*:*:*","matchCriteriaId":"548C63DC-4E7F-4D9E-B2F0-AB24A66E0F7F"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:11.6.14:security01:*:*:*:*:*:*","matchCriteriaId":"5F103470-1371-498E-9442-11EA7C2E3A6B"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.2.8:-:*:*:*:*:*:*","matchCriteriaId":"4ACC0DB6-8BC4-4975-AD26-D41F69571EF6"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.2.8:security01:*:*:*:*:*:*","matchCriteriaId":"9EBE773D-17BB-4402-B0B8-74D3DD79B32C"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.3.6:-:*:*:*:*:*:*","matchCriteriaId":"6A58801D-1713-4A52-8713-9DD31F75698D"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.3.6:security01:*:*:*:*:*:*","matchCriteriaId":"5C930B25-FD06-477C-B226-DEB486A46DAA"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.4.3:-:*:*:*:*:*:*","matchCriteriaId":"172F03B1-E693-4EF3-90A0-D40773E4ACB4"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:13.0.0:*:*:*:*:*:*:*","matchCriteriaId":"0F0B8E4F-ADE7-4594-9241-966B1F0BC440"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:13.0.1:-:*:*:*:*:*:*","matchCriteriaId":"2AD87DC5-DF20-4993-A11B-91EBB313A40A"}]}]}],"references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-33378","source":"security@grafana.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-33380","sourceIdentifier":"security@grafana.com","published":"2026-05-13T20:16:20.697","lastModified":"2026-06-17T13:20:16.867","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server's filesystem. Only instances with the sqlExpressions feature toggle enabled are vulnerable."}],"affected":[{"source":"security@grafana.com","affectedData":[{"vendor":"Grafana","product":"Grafana OSS","defaultStatus":"unaffected","versions":[{"version":"11.6.0","lessThanOrEqual":"11.6.14","versionType":"semver","status":"affected"},{"version":"11.6.14","lessThan":"11.6.14+security-04","versionType":"custom","status":"affected"},{"version":"12.0.0","lessThanOrEqual":"12.2.8","versionType":"semver","status":"affected"},{"version":"12.2.8","lessThan":"12.2.8+security-04","versionType":"custom","status":"affected"},{"version":"12.3.0","lessThanOrEqual":"12.3.6","versionType":"semver","status":"affected"},{"version":"12.3.6","lessThan":"12.3.6+security-04","versionType":"custom","status":"affected"},{"version":"12.4.0","lessThanOrEqual":"12.4.3","versionType":"semver","status":"affected"},{"version":"12.4.3","lessThan":"12.4.3+security-02","versionType":"custom","status":"affected"},{"version":"13.0.0","lessThanOrEqual":"13.0.1","versionType":"semver","status":"affected"},{"version":"13.0.1","lessThan":"13.0.1+security-01","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@grafana.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":4.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-14T15:12:34.365612Z","id":"CVE-2026-33380","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-552"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"11.6.0","versionEndExcluding":"11.6.14","matchCriteriaId":"04916693-D14C-4B90-A469-51C2A2A66782"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.2.0","versionEndExcluding":"12.2.8","matchCriteriaId":"37747AB2-8B5F-4BD3-860E-0C092A9F78F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.3.0","versionEndExcluding":"12.3.6","matchCriteriaId":"870FE01F-86F1-4734-9CC3-6FC9AF3012C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.4.0","versionEndExcluding":"12.4.3","matchCriteriaId":"4451FBC6-6277-4DD8-B143-0DAE82175D9A"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"13.0.0","versionEndExcluding":"13.0.1","matchCriteriaId":"EE07D597-63A4-4EF4-B2E2-DCA40D943D61"}]}]}],"references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-33380","source":"security@grafana.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-33381","sourceIdentifier":"security@grafana.com","published":"2026-05-13T20:16:20.803","lastModified":"2026-06-17T13:20:16.993","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"When a user's access to mint tokens for a service account is revoked, it is sometimes still possible to do so for a few seconds after the event. The user will eventually lose access to do this."}],"affected":[{"source":"security@grafana.com","affectedData":[{"vendor":"Grafana","product":"Grafana OSS","defaultStatus":"unaffected","versions":[{"version":"9.2.0","lessThanOrEqual":"11.6.14","versionType":"semver","status":"affected"},{"version":"11.6.14","lessThan":"11.6.14+security-04","versionType":"custom","status":"affected"},{"version":"12.0.0","lessThanOrEqual":"12.2.8","versionType":"semver","status":"affected"},{"version":"12.2.8","lessThan":"12.2.8+security-04","versionType":"custom","status":"affected"},{"version":"12.3.0","lessThanOrEqual":"12.3.6","versionType":"semver","status":"affected"},{"version":"12.3.6","lessThan":"12.3.6+security-04","versionType":"custom","status":"affected"},{"version":"12.4.0","lessThanOrEqual":"12.4.3","versionType":"semver","status":"affected"},{"version":"12.4.3","lessThan":"12.4.3+security-02","versionType":"custom","status":"affected"},{"version":"13.0.0","lessThanOrEqual":"13.0.1","versionType":"semver","status":"affected"},{"version":"13.0.1","lessThan":"13.0.1+security-01","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@grafana.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":0.7,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-15T00:00:00+00:00","id":"CVE-2026-33381","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"11.6.0","versionEndExcluding":"11.6.14","matchCriteriaId":"04916693-D14C-4B90-A469-51C2A2A66782"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.2.0","versionEndExcluding":"12.2.8","matchCriteriaId":"37747AB2-8B5F-4BD3-860E-0C092A9F78F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.3.0","versionEndExcluding":"12.3.6","matchCriteriaId":"870FE01F-86F1-4734-9CC3-6FC9AF3012C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.4.0","versionEndExcluding":"12.4.3","matchCriteriaId":"4451FBC6-6277-4DD8-B143-0DAE82175D9A"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"13.0.0","versionEndExcluding":"13.0.1","matchCriteriaId":"EE07D597-63A4-4EF4-B2E2-DCA40D943D61"}]}]}],"references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-33381","source":"security@grafana.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44919","sourceIdentifier":"cve@mitre.org","published":"2026-05-14T02:17:21.773","lastModified":"2026-06-17T21:11:59.893","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"OpenStack","product":"Ironic","defaultStatus":"unaffected","repo":"https://opendev.org/openstack/ironic","versions":[{"version":"23.0.4","lessThan":"29.0.6","versionType":"semver","status":"affected"},{"version":"30.0.0","lessThan":"32.0.2","versionType":"semver","status":"affected"},{"version":"33.0.0","lessThan":"35.0.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-14T13:53:26.759828Z","id":"CVE-2026-44919","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-696"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openstack:ironic:*:*:*:*:*:*:*:*","versionStartIncluding":"23.0.4","versionEndExcluding":"29.0.6","matchCriteriaId":"EC23B072-EBFA-479C-8255-C66BCEE07F82"},{"vulnerable":true,"criteria":"cpe:2.3:a:openstack:ironic:*:*:*:*:*:*:*:*","versionStartIncluding":"30.0.0","versionEndExcluding":"32.0.2","matchCriteriaId":"D9F7CCC1-79C3-46B3-8A70-9074EEC0253F"},{"vulnerable":true,"criteria":"cpe:2.3:a:openstack:ironic:*:*:*:*:*:*:*:*","versionStartIncluding":"33.0.0","versionEndExcluding":"35.0.2","matchCriteriaId":"4EDE56FA-F5A7-4CB3-AF67-C936A03560DE"}]}]}],"references":[{"url":"https://bugs.launchpad.net/ironic/+bug/2150332","source":"cve@mitre.org","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"https://opendev.org/openstack/ironic/commit/a3f6d735ac3642ab95b49142c7305f072ae748d0","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://security.openstack.org/ossa/OSSA-2026-013.html","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://bugs.launchpad.net/ironic/+bug/2150332","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Issue Tracking","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-20182","sourceIdentifier":"psirt@cisco.com","published":"2026-05-14T17:16:19.387","lastModified":"2026-06-17T15:06:02.767","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the  was disclosed in February 2026. This new advisory is for a new vulnerability in the control connection handshaking. The  section of this advisory includes Show Control Connections guidance to help with system checks.&nbsp;\r\n\r\nA vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.\r\nThis vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to the affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric."}],"affected":[{"source":"psirt@cisco.com","affectedData":[{"vendor":"Cisco","product":"Cisco Catalyst SD-WAN Controller","defaultStatus":"unknown","versions":[{"version":"20.6.4","status":"affected"},{"version":"20.9.2","status":"affected"},{"version":"20.3.6","status":"affected"},{"version":"20.7.2","status":"affected"},{"version":"20.7.1","status":"affected"},{"version":"20.5.1","status":"affected"},{"version":"20.6.2","status":"affected"},{"version":"19.3.0","status":"affected"},{"version":"20.6.1","status":"affected"},{"version":"17.2.4","status":"affected"},{"version":"18.2.0","status":"affected"},{"version":"18.4.6","status":"affected"},{"version":"19.1.0","status":"affected"},{"version":"19.2.4","status":"affected"},{"version":"19.2.929","status":"affected"},{"version":"18.3.8","status":"affected"},{"version":"18.4.303","status":"affected"},{"version":"18.3.7","status":"affected"},{"version":"18.4.1","status":"affected"},{"version":"19.2.097","status":"affected"},{"version":"19.2.0","status":"affected"},{"version":"19.2.099","status":"affected"},{"version":"18.3.6","status":"affected"},{"version":"20.4.2","status":"affected"},{"version":"19.0.0","status":"affected"},{"version":"20.9.1","status":"affected"},{"version":"20.3.5","status":"affected"},{"version":"20.3.1","status":"affected"},{"version":"18.3.5","status":"affected"},{"version":"20.6.3","status":"affected"},{"version":"18.4.3","status":"affected"},{"version":"18.4.4","status":"affected"},{"version":"18.3.3","status":"affected"},{"version":"17.2.8","status":"affected"},{"version":"20.8.1","status":"affected"},{"version":"19.2.32","status":"affected"},{"version":"19.2.2","status":"affected"},{"version":"17.2.5","status":"affected"},{"version":"18.4.0","status":"affected"},{"version":"20.4.1.1","status":"affected"},{"version":"20.1.3","status":"affected"},{"version":"20.1.2","status":"affected"},{"version":"17.2.10","status":"affected"},{"version":"19.2.098","status":"affected"},{"version":"20.1.1","status":"affected"},{"version":"17.2.6","status":"affected"},{"version":"19.2.1","status":"affected"},{"version":"18.3.4","status":"affected"},{"version":"20.4.1","status":"affected"},{"version":"17.2.9","status":"affected"},{"version":"19.2.31","status":"affected"},{"version":"19.0.1a","status":"affected"},{"version":"18.3.0","status":"affected"},{"version":"17.2.7","status":"affected"},{"version":"18.4.5","status":"affected"},{"version":"20.3.4","status":"affected"},{"version":"20.3.3","status":"affected"},{"version":"20.4.1.2","status":"affected"},{"version":"20.3.2","status":"affected"},{"version":"18.3.1","status":"affected"},{"version":"20.1.12","status":"affected"},{"version":"19.2.3","status":"affected"},{"version":"20.10.1","status":"affected"},{"version":"20.6.5","status":"affected"},{"version":"20.3.7","status":"affected"},{"version":"20.9.3","status":"affected"},{"version":"20.11.1","status":"affected"},{"version":"20.6.3.2","status":"affected"},{"version":"20.4.2.3","status":"affected"},{"version":"20.3.5.1","status":"affected"},{"version":"20.3.4.3","status":"affected"},{"version":"20.9.3.1","status":"affected"},{"version":"20.6.4.1","status":"affected"},{"version":"20.3.3.2","status":"affected"},{"version":"20.6.5.2","status":"affected"},{"version":"20.3.7.1","status":"affected"},{"version":"20.11.1.1","status":"affected"},{"version":"20.10.1.1","status":"affected"},{"version":"20.6.1.2","status":"affected"},{"version":"20.1.3.1","status":"affected"},{"version":"20.9.2.2","status":"affected"},{"version":"20.6.5.3","status":"affected"},{"version":"20.6.3.3","status":"affected"},{"version":"20.3.7.2","status":"affected"},{"version":"20.6.5.4","status":"affected"},{"version":"20.9.2.3","status":"affected"},{"version":"20.9.4","status":"affected"},{"version":"20.12.1","status":"affected"},{"version":"20.3.8","status":"affected"},{"version":"20.6.6","status":"affected"},{"version":"20.12.2","status":"affected"},{"version":"20.13.1","status":"affected"},{"version":"20.9.5","status":"affected"},{"version":"20.12.3","status":"affected"},{"version":"20.6.7","status":"affected"},{"version":"20.9.5.1","status":"affected"},{"version":"20.14.1","status":"affected"},{"version":"20.12.3.1","status":"affected"},{"version":"20.12.4","status":"affected"},{"version":"20.15.1","status":"affected"},{"version":"20.9.6","status":"affected"},{"version":"20.6.8","status":"affected"},{"version":"20.16.1","status":"affected"},{"version":"20.9.5.3","status":"affected"},{"version":"20.12.4.1","status":"affected"},{"version":"20.15.2","status":"affected"},{"version":"20.12.5","status":"affected"},{"version":"20.9.7","status":"affected"},{"version":"20.15.3","status":"affected"},{"version":"20.12.5.1","status":"affected"},{"version":"20.12.5.2","status":"affected"},{"version":"20.15.4","status":"affected"},{"version":"20.9.7.1","status":"affected"},{"version":"20.12.6","status":"affected"},{"version":"20.9.8","status":"affected"},{"version":"20.15.4.1","status":"affected"},{"version":"20.15.4.2","status":"affected"},{"version":"20.12.5.3","status":"affected"},{"version":"20.12.6.1","status":"affected"},{"version":"20.9.8.2","status":"affected"},{"version":"20.15.5","status":"affected"},{"version":"20.12.7","status":"affected"},{"version":"20.9.9","status":"affected"},{"version":"20.15.5.1","status":"affected"},{"version":"20.15.4.3","status":"affected"},{"version":"20.15.4.5","status":"affected"},{"version":"20.15.5.3","status":"affected"},{"version":"20.12.7.2","status":"affected"},{"version":"20.9.9.2","status":"affected"}]},{"vendor":"Cisco","product":"Cisco Catalyst SD-WAN Manager","defaultStatus":"unknown","versions":[{"version":"20.1.12","status":"affected"},{"version":"19.2.1","status":"affected"},{"version":"18.4.4","status":"affected"},{"version":"18.4.5","status":"affected"},{"version":"20.1.1.1","status":"affected"},{"version":"20.1.1","status":"affected"},{"version":"19.2.099","status":"affected"},{"version":"18.3.6","status":"affected"},{"version":"18.3.7","status":"affected"},{"version":"19.2.0","status":"affected"},{"version":"19.1.0","status":"affected"},{"version":"18.4.303","status":"affected"},{"version":"19.2.098","status":"affected"},{"version":"18.3.6.1","status":"affected"},{"version":"18.2.0","status":"affected"},{"version":"17.2.8","status":"affected"},{"version":"18.3.3.1","status":"affected"},{"version":"18.4.0","status":"affected"},{"version":"18.3.1","status":"affected"},{"version":"17.2.6","status":"affected"},{"version":"17.2.9","status":"affected"},{"version":"17.2.5","status":"affected"},{"version":"18.4.0.1","status":"affected"},{"version":"18.3.3","status":"affected"},{"version":"18.3.0","status":"affected"},{"version":"19.2.3","status":"affected"},{"version":"18.4.501_ES","status":"affected"},{"version":"20.1.2","status":"affected"},{"version":"19.2.929","status":"affected"},{"version":"19.2.31","status":"affected"},{"version":"20.3.2","status":"affected"},{"version":"19.2.4","status":"affected"},{"version":"19.2.4.0.9","status":"affected"},{"version":"20.1.3.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-14T00:00:00+00:00","id":"CVE-2026-20182","options":[{"exploitation":"active"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"cisaExploitAdd":"2026-05-14","cisaActionDue":"2026-05-17","cisaRequiredAction":"Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlined in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.","cisaVulnerabilityName":"Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability","weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"20.9.9.1","matchCriteriaId":"5021D679-E23A-4D7F-B3B6-D664634A639C"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"20.10","versionEndExcluding":"20.12.5.4","matchCriteriaId":"26022018-2273-4589-BE4F-AD92DA31CB58"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"20.12.6","versionEndExcluding":"20.12.6.2","matchCriteriaId":"FDA5CA36-86B6-443D-B772-37A5901F3E83"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"20.13","versionEndExcluding":"20.15.4.4","matchCriteriaId":"32A83687-B363-476B-89EF-B35C82575237"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"20.15.5","versionEndExcluding":"20.15.5.2","matchCriteriaId":"709D0805-4B76-46A0-82D3-93C89926B389"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"20.16","versionEndExcluding":"20.18.2.2","matchCriteriaId":"BB6A9216-3D47-4B33-B502-72B99859992E"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"26.1","versionEndExcluding":"26.1.1.1","matchCriteriaId":"C34C0AB2-3E8E-4B12-BEA2-446F8F248B9A"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.12.7:*:*:*:*:*:*:*","matchCriteriaId":"6A03BCEF-DC25-488D-91D3-0A16F3B872E3"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:*:*:*:*:*:*:*:*","versionEndExcluding":"20.9.9.1","matchCriteriaId":"F9862A7B-0BC5-435C-A0CB-07C2298941C1"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"20.10","versionEndExcluding":"20.12.5.4","matchCriteriaId":"5C7B3B37-A914-4CFA-BD8E-665797F6BCDD"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"20.12.6","versionEndExcluding":"20.12.6.2","matchCriteriaId":"AB807AF9-6D8F-4C3F-8E78-204E6746AC81"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"20.13","versionEndExcluding":"20.15.4.4","matchCriteriaId":"006F885A-8F1F-4BD6-866D-44E3CE6ACA04"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"20.15.5","versionEndExcluding":"20.15.5.2","matchCriteriaId":"A37A9327-F362-4B23-AE6C-9EB1BACAF523"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"20.16","versionEndExcluding":"20.18.2.2","matchCriteriaId":"2D99C7C7-3071-4F7E-ADC4-7201A1A6A66F"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"26.1","versionEndExcluding":"26.1.1.1","matchCriteriaId":"45F124D5-073B-492F-987F-9726B7D0DFFE"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:20.12.7:*:*:*:*:*:*:*","matchCriteriaId":"E8FF1B18-9D34-4B77-8AD4-84BF5FE3C8BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:sd-wan_vsmart_controller:*:*:*:*:*:*:*:*","versionEndExcluding":"20.9.9.1","matchCriteriaId":"0824EC8B-3153-4298-8570-C115A95FCCF1"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:sd-wan_vsmart_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"20.10","versionEndExcluding":"20.12.5.4","matchCriteriaId":"86D90EAF-0EB3-4412-8D15-14F5151E36FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:sd-wan_vsmart_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"20.12.6","versionEndExcluding":"20.12.6.2","matchCriteriaId":"CAA36394-30A2-4668-AF03-1C596D8AC2E0"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:sd-wan_vsmart_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"20.13","versionEndExcluding":"20.15.4.4","matchCriteriaId":"EEC9B48C-3149-4662-9DD4-DC4ACE4460E3"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:sd-wan_vsmart_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"20.15.5","versionEndExcluding":"20.15.5.2","matchCriteriaId":"9E964DF6-E2FB-4305-9AD6-42904FC4FE9A"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:sd-wan_vsmart_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"20.16","versionEndExcluding":"20.18.2.2","matchCriteriaId":"4D40D018-E4EB-4CC8-A2B0-F8E1DA2E3350"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:sd-wan_vsmart_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"26.1","versionEndExcluding":"26.1.1.1","matchCriteriaId":"788140A2-0378-487E-9C9A-84080C9BC7A5"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:sd-wan_vsmart_controller:20.12.7:*:*:*:*:*:*:*","matchCriteriaId":"0F4FFF4B-5C26-4014-A9B2-EE342F3FE3C8"}]}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk","source":"psirt@cisco.com","tags":["Not Applicable"]},{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa2-v69WY2SW","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20182","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}},{"cve":{"id":"CVE-2026-8568","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-14T20:17:19.017","lastModified":"2026-06-17T13:21:22.603","vulnStatus":"Rejected","cveTags":[],"descriptions":[{"lang":"en","value":"Rejected reason: Determined not a vulnerability"}],"metrics":{},"references":[]}},{"cve":{"id":"CVE-2026-46173","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:32.923","lastModified":"2026-06-17T13:20:41.000","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nexit: prevent preemption of oopsing TASK_DEAD task\n\nWhen an already-exiting task oopses, make_task_dead() currently calls\ndo_task_dead() with preemption enabled.  That is forbidden:\ndo_task_dead() calls __schedule(), which has a comment saying \"WARNING:\nmust be called with preemption disabled!\".\n\nIf an oopsing task is preempted in do_task_dead(), between becoming\nTASK_DEAD and entering the scheduler explicitly, bad things happen:\nfinish_task_switch() assumes that once the scheduler has switched away\nfrom a TASK_DEAD task, the task can never run again and its stack is no\nlonger needed; but that assumption apparently doesn't hold if the dead\ntask was preempted (the SM_PREEMPT case).\n\nThis means that the scheduler ends up repeatedly dropping references on\nthe dead task's stack, which can lead to use-after-free or double-free\nof the entire task stack; in other words, two tasks can end up running\non the same stack, resulting in various kinds of memory corruption.\n\n(This does not just affect \"recursively oopsing\" tasks; it is enough to\noops once during task exit, for example in a file_operations::release\nhandler)"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["kernel/exit.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"7f80a2fd7db9a55894fd841915236aca611291b5","lessThan":"3d6fb8a7690c23e3213c4b008f64d89a44b98737","versionType":"git","status":"affected"},{"version":"7f80a2fd7db9a55894fd841915236aca611291b5","lessThan":"640b4c00fb0e2920327435f6176cbefc3c546165","versionType":"git","status":"affected"},{"version":"7f80a2fd7db9a55894fd841915236aca611291b5","lessThan":"7b2800ba5f5f77a8ee7f4cbadb19cf1264597a34","versionType":"git","status":"affected"},{"version":"7f80a2fd7db9a55894fd841915236aca611291b5","lessThan":"6f49f94f3b11fe8bff1bf2a054143789e76aaf17","versionType":"git","status":"affected"},{"version":"7f80a2fd7db9a55894fd841915236aca611291b5","lessThan":"9756b3db5db6c2f5eccb32dddbd88eb4c54f575e","versionType":"git","status":"affected"},{"version":"7f80a2fd7db9a55894fd841915236aca611291b5","lessThan":"c1fa0bb633e4a6b11e83ffc57fa5abe8ebb87891","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["kernel/exit.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.17","status":"affected"},{"version":"0","lessThan":"5.17","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.17","versionEndExcluding":"6.1.175","matchCriteriaId":"51CAD64E-2216-4DC6-BD41-143581752F8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.88","matchCriteriaId":"5AFBE0EC-CCDF-4207-AE92-ABF958125CA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3d6fb8a7690c23e3213c4b008f64d89a44b98737","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/640b4c00fb0e2920327435f6176cbefc3c546165","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6f49f94f3b11fe8bff1bf2a054143789e76aaf17","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7b2800ba5f5f77a8ee7f4cbadb19cf1264597a34","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9756b3db5db6c2f5eccb32dddbd88eb4c54f575e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c1fa0bb633e4a6b11e83ffc57fa5abe8ebb87891","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://project-zero.issues.chromium.org/issues/510793286","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-47294","sourceIdentifier":"secure@microsoft.com","published":"2026-06-01T19:16:53.897","lastModified":"2026-06-17T20:17:21.773","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper neutralization of special elements used in an os command ('os command injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Microsoft SharePoint Enterprise Server 2016","platforms":["x64-based Systems"],"versions":[{"version":"16.0.0","lessThan":"16.0.5552.1002","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft SharePoint Server 2019","platforms":["x64-based Systems"],"versions":[{"version":"16.0.0","lessThan":"16.0.10417.20128","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft SharePoint Server Subscription Edition","platforms":["x64-based Systems"],"versions":[{"version":"16.0.0","lessThan":"16.0.19725.20280","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-02T03:56:03.046940Z","id":"CVE-2026-47294","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*","versionEndExcluding":"16.0.19725.20280","matchCriteriaId":"E9919927-DE08-4AE4-B9F6-2A83117EE14A"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*","matchCriteriaId":"F815EF1D-7B60-47BE-9AC2-2548F99F10E4"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*","matchCriteriaId":"6122D014-5BF1-4AF4-8B4D-80205ED7785E"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47294","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48907","sourceIdentifier":"security@joomla.org","published":"2026-06-05T08:16:30.797","lastModified":"2026-06-17T14:06:35.153","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution."}],"affected":[{"source":"security@joomla.org","affectedData":[{"vendor":"joomlacontenteditor.net","product":"Joomla Content Editor (JCE) extension for Joomla","defaultStatus":"unaffected","versions":[{"version":"1.0.0-2.9.99.4","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@joomla.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:Red","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"ATTACKED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"RED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T00:00:00+00:00","id":"CVE-2026-48907","options":[{"exploitation":"active"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"cisaExploitAdd":"2026-06-16","cisaActionDue":"2026-06-19","cisaRequiredAction":"Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.","cisaVulnerabilityName":"Widget Factory Joomla Content Editor Improper Access Control Vulnerability","weaknesses":[{"source":"security@joomla.org","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:widgetfactorylimited:jce:*:*:*:*:*:joomla\\!:*:*","versionEndExcluding":"2.9.99.5","matchCriteriaId":"D171AAB6-0A67-434A-BE96-1784027F8FEB"}]}]}],"references":[{"url":"https://www.joomlacontenteditor.net/","source":"security@joomla.org","tags":["Product"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-48907","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]},{"url":"https://www.joomlacontenteditor.net/news/jce-security-update-and-a-free-patch-for-older-sites","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Release Notes","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-26236","sourceIdentifier":"security@qnapsecurity.com.tw","published":"2026-06-09T05:16:34.453","lastModified":"2026-06-17T13:20:11.743","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions.\n\nWe have already fixed the vulnerability in the following version:\nQuMagie 2.9.0 and later"}],"affected":[{"source":"security@qnapsecurity.com.tw","affectedData":[{"vendor":"QNAP Systems Inc.","product":"QuMagie","defaultStatus":"unaffected","versions":[{"version":"2.9.0","lessThan":"2.9.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@qnapsecurity.com.tw","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-09T13:17:55.705995Z","id":"CVE-2026-26236","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@qnapsecurity.com.tw","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:qnap:qumagie:*:*:*:*:*:*:*:*","versionEndExcluding":"2.9.0","matchCriteriaId":"B04C9EA2-D3DA-4201-9509-E5D601C7A184"}]}]}],"references":[{"url":"https://www.qnap.com/en/security-advisory/qsa-26-35","source":"security@qnapsecurity.com.tw"}]}},{"cve":{"id":"CVE-2026-32193","sourceIdentifier":"secure@microsoft.com","published":"2026-06-09T17:17:03.600","lastModified":"2026-06-17T20:56:43.347","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Azure Kubernetes Service allows an authorized attacker to execute code locally."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Azure Kubernetes Service","versions":[{"version":"1.0","lessThan":"v0.20260213.5","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-10T03:55:57.295079Z","id":"CVE-2026-32193","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:azure_kubernetes_service:*:*:*:*:*:*:*:*","versionEndExcluding":"2026-02-13.5","matchCriteriaId":"AA0B155F-C446-4639-8567-D821842EC1F8"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32193","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-40371","sourceIdentifier":"secure@microsoft.com","published":"2026-06-09T17:17:05.970","lastModified":"2026-06-17T14:53:33.967","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to elevate privileges over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Microsoft Dynamics 365 (on-premises) version 9.1","versions":[{"version":"9.0","lessThan":"9.1.0045.0011","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-10T03:56:01.123628Z","id":"CVE-2026-40371","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-280"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-755"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:dynamics_365:*:*:*:*:on-premises:*:*:*","versionStartIncluding":"9.1","versionEndExcluding":"9.1.45.11","matchCriteriaId":"F717CDF4-FD7A-4170-AB31-26A5FCF7DD8C"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40371","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41098","sourceIdentifier":"secure@microsoft.com","published":"2026-06-09T17:17:06.793","lastModified":"2026-06-17T14:53:00.840","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper neutralization of input during web page generation ('cross-site scripting') in Azure Stack Edge allows an authorized attacker to perform spoofing over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Azure Stack Edge","versions":[{"version":"2.2.0","lessThan":"3.3.2604.3097","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.7,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-09T19:21:25.309262Z","id":"CVE-2026-41098","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:azure_stack_edge:*:*:*:*:*:*:*:*","versionEndExcluding":"3.3.2604.3097","matchCriteriaId":"0639500B-7B26-4E4A-B3F2-20692F3B29DA"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41098","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-42908","sourceIdentifier":"secure@microsoft.com","published":"2026-06-09T17:17:10.597","lastModified":"2026-06-17T14:52:36.643","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Windows 10 Version 1607","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"10.0.14393.0","lessThan":"10.0.14393.9234","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 1809","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.8880","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 21H2","platforms":["32-bit Systems","ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.19044.0","lessThan":"10.0.19044.7417","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 22H2","platforms":["32-bit Systems","ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.19045.0","lessThan":"10.0.19045.7417","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 version 23H2","platforms":["ARM64-based Systems"],"versions":[{"version":"10.0.22631.0","lessThan":"10.0.22631.7219","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 23H2","platforms":["x64-based Systems"],"versions":[{"version":"10.0.22631.0","lessThan":"10.0.22631.7219","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 24H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.8655","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 25H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26200.0","lessThan":"10.0.26200.8655","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 version 26H1","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.28000.0","lessThan":"10.0.28000.2269","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows App Client for Windows Desktop","versions":[{"version":"1.00","lessThan":"2.0.1193.0","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2012","platforms":["x64-based Systems"],"versions":[{"version":"6.2.9200.0","lessThan":"6.2.9200.26132","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2012 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"6.2.9200.0","lessThan":"6.2.9200.26132","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2012 R2","platforms":["x64-based Systems"],"versions":[{"version":"6.3.9600.0","lessThan":"6.3.9600.23228","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2012 R2 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"6.3.9600.0","lessThan":"6.3.9600.23228","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2016","platforms":["x64-based Systems"],"versions":[{"version":"10.0.14393.0","lessThan":"10.0.14393.9234","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2016 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.14393.0","lessThan":"10.0.14393.9234","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2019","platforms":["x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.8880","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2019 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.8880","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2022","platforms":["x64-based Systems"],"versions":[{"version":"10.0.20348.0","lessThan":"10.0.20348.5256","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.32995","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.32995","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-10T13:45:54.911655Z","id":"CVE-2026-42908","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:windows_app:*:*:*:*:*:windows:*:*","versionEndExcluding":"2.0.1193.0","matchCriteriaId":"1E45C1A8-0420-4618-B0B7-47BF62308231"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.14393.9234","matchCriteriaId":"039BC4EF-6E49-4A8C-B1A4-BFAD9F24EC01"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.14393.9234","matchCriteriaId":"2221A0A5-45F3-4903-943A-19E7AA69496B"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.17763.8880","matchCriteriaId":"03A4C97D-FE89-4367-9A0E-E4E65BD49E18"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.17763.8880","matchCriteriaId":"FE809AA0-E917-495F-BB11-59215F47E14F"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.19044.7417","matchCriteriaId":"3E87DD4E-44FC-4B9A-99AB-D1DB3C67EF79"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.19044.7417","matchCriteriaId":"A21A9BC4-DE4F-46BE-944F-AD6CAA92BF32"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.19044.7417","matchCriteriaId":"911336E9-FAEA-4EB5-96D7-8049AE622C61"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.19045.7417","matchCriteriaId":"B8BB8399-35C5-4654-A679-5E105773615B"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.19045.7417","matchCriteriaId":"55571EDC-8323-4BAE-B363-113ACEF55CB2"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.19045.7417","matchCriteriaId":"D14AC77E-34F3-4704-A068-D9020FF60A8C"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.22631.7219","matchCriteriaId":"92508776-88BE-4872-99DB-1F690F71ADEF"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.22631.7219","matchCriteriaId":"410079AC-180E-4D7F-B7F6-784E36FEA036"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.26100.8655","matchCriteriaId":"32DB4863-6880-40B4-8EC1-9E0F40E81D7F"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.26100.8655","matchCriteriaId":"E691C9E5-5271-436D-A7FD-C25BEA4D447D"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.26200.8655","matchCriteriaId":"1D3DEE4A-9959-4716-BC39-35660AC22BC4"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.26200.8655","matchCriteriaId":"1000C085-A5D7-4027-B9C1-6AE7DA468FB7"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.28000.2269","matchCriteriaId":"9C7AD7ED-307B-40B9-B706-45FB178C36D8"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.28000.2269","matchCriteriaId":"8967AF79-CAD0-4F87-85A5-95D031C9FEFA"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*","matchCriteriaId":"A7DF96F8-BA6A-4780-9CA3-F719B3F81074"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*","matchCriteriaId":"DB18C4CE-5917-401E-ACF7-2747084FD36E"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:-:*:x64:*","versionEndExcluding":"10.0.14393.9234","matchCriteriaId":"EC82C3C4-FCA5-4883-9B14-F5CD18666182"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:-:*:x64:*","versionEndExcluding":"10.0.17763.8880","matchCriteriaId":"4722A8F2-4CA7-4893-940B-7484C47F5352"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:-:*:x64:*","versionEndExcluding":"10.0.20348.5256","matchCriteriaId":"CFA40C1D-0857-4B9A-92CB-5666E35062F2"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.26100.32995","matchCriteriaId":"E127A6E6-C261-4039-8A13-A2FAC4606573"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42908","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-45483","sourceIdentifier":"secure@microsoft.com","published":"2026-06-09T17:17:22.727","lastModified":"2026-06-17T21:50:07.767","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Project Server allows an authorized attacker to perform spoofing over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Microsoft SharePoint Enterprise Server 2016","platforms":["x64-based Systems"],"versions":[{"version":"16.0.0","lessThan":"16.0.5556.1005","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft SharePoint Server 2019","platforms":["x64-based Systems"],"versions":[{"version":"16.0.0","lessThan":"16.0.10417.20153","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft SharePoint Server Subscription Edition","platforms":["x64-based Systems"],"versions":[{"version":"16.0.0","lessThan":"16.0.19725.20384","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-10T14:03:39.803455Z","id":"CVE-2026-45483","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*","versionEndExcluding":"16.0.19725.20384","matchCriteriaId":"78BDED5A-CE5F-4029-9A3E-B81B347388BC"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*","matchCriteriaId":"F815EF1D-7B60-47BE-9AC2-2548F99F10E4"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*","matchCriteriaId":"6122D014-5BF1-4AF4-8B4D-80205ED7785E"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45483","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-45491","sourceIdentifier":"secure@microsoft.com","published":"2026-06-09T17:17:25.567","lastModified":"2026-06-17T22:39:35.773","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper link resolution before file access ('link following') in .NET allows an unauthorized attacker to perform tampering locally."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":".NET 10.0","versions":[{"version":"10.0.0","lessThan":"10.0.9","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":".NET 8.0","versions":[{"version":"8.0","lessThan":"8.0.28","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":".NET 8.0","versions":[{"version":"8.0.0","lessThan":"8.0.28","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":".NET 9.0","versions":[{"version":"9.0.0","lessThan":"9.0.17","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":6.2,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.5,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-10T12:17:16.966103Z","id":"CVE-2026-45491","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-59"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.0.28","matchCriteriaId":"FEA10A10-D6B6-47D8-8F84-6923185D52B1"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*","versionStartIncluding":"9.0.0","versionEndExcluding":"9.0.17","matchCriteriaId":"6291B6CC-A6A1-4136-924F-F482B4C76D3E"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0.0","versionEndExcluding":"10.0.9","matchCriteriaId":"F2A53859-6BAF-4B73-845B-D5822D9D3C6A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.0.28","matchCriteriaId":"FEA10A10-D6B6-47D8-8F84-6923185D52B1"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45491","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-45500","sourceIdentifier":"secure@microsoft.com","published":"2026-06-09T17:17:25.760","lastModified":"2026-06-17T19:19:55.287","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Microsoft Exchange Server 2016 Cumulative Update 23","platforms":["x64-based Systems"],"versions":[{"version":"15.01.0.0","lessThan":"15.01.2507.069","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft Exchange Server 2019 Cumulative Update 14","platforms":["x64-based Systems"],"versions":[{"version":"15.02.0.0","lessThan":"15.02.1544.041","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft Exchange Server 2019 Cumulative Update 15","platforms":["x64-based Systems"],"versions":[{"version":"15.02.0.0","lessThan":"15.02.1748.046","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft Exchange Server Subscription Edition RTM","platforms":["x64-based Systems"],"versions":[{"version":"15.02.0.0","lessThan":"15.02.2562.043","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-10T14:47:30.149691Z","id":"CVE-2026-45500","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_23:*:*:*:*:*:*","matchCriteriaId":"FF76AEDA-E574-40ED-B64F-8FDEF8CAC802"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_14:*:*:*:*:*:*","matchCriteriaId":"8C98993B-82A5-48CC-947F-896CEA0CDB7F"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_15:*:*:*:*:*:*","matchCriteriaId":"7166BCE0-1D55-46B2-96B9-250AB4BB6291"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:exchange_server_subscription_edition:*:*:*:*:*:*:*:*","versionEndExcluding":"15.02.2562.043","matchCriteriaId":"A4DB559B-001D-487D-8EA2-36F8AD7BAF51"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45500","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-45583","sourceIdentifier":"secure@microsoft.com","published":"2026-06-09T17:17:26.440","lastModified":"2026-06-17T19:18:31.997","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper control of generation of code ('code injection') in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Microsoft Exchange Server 2016 Cumulative Update 23","platforms":["x64-based Systems"],"versions":[{"version":"15.01.0.0","lessThan":"15.01.2507.069","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft Exchange Server 2019 Cumulative Update 14","platforms":["x64-based Systems"],"versions":[{"version":"15.02.0.0","lessThan":"15.02.1544.041","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft Exchange Server 2019 Cumulative Update 15","platforms":["x64-based Systems"],"versions":[{"version":"15.02.0.0","lessThan":"15.02.1748.046","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft Exchange Server Subscription Edition RTM","platforms":["x64-based Systems"],"versions":[{"version":"15.02.0.0","lessThan":"15.02.2562.043","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-10T03:56:06.048278Z","id":"CVE-2026-45583","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_23:*:*:*:*:*:*","matchCriteriaId":"FF76AEDA-E574-40ED-B64F-8FDEF8CAC802"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_14:*:*:*:*:*:*","matchCriteriaId":"8C98993B-82A5-48CC-947F-896CEA0CDB7F"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_15:*:*:*:*:*:*","matchCriteriaId":"7166BCE0-1D55-46B2-96B9-250AB4BB6291"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:exchange_server_subscription_edition:*:*:*:*:*:*:*:*","versionEndExcluding":"15.02.2562.043","matchCriteriaId":"A4DB559B-001D-487D-8EA2-36F8AD7BAF51"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45583","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-47293","sourceIdentifier":"secure@microsoft.com","published":"2026-06-09T17:17:34.927","lastModified":"2026-06-17T21:59:15.660","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Microsoft 365 Apps for Enterprise","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"16.0.1","lessThan":"https://aka.ms/OfficeSecurityReleases","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft Office 2019","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"19.0.0","lessThan":"https://aka.ms/OfficeSecurityReleases","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft Office LTSC 2021","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"16.0.1","lessThan":"https://aka.ms/OfficeSecurityReleases","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft Office LTSC 2024","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"16.0.0","lessThan":"https://aka.ms/OfficeSecurityReleases","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-10T03:56:39.788489Z","id":"CVE-2026-47293","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*","matchCriteriaId":"3259EBFE-AE2D-48B8-BE9A-E22BBDB31378"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*","matchCriteriaId":"CD25F492-9272-4836-832C-8439EBE64CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:x64:*","matchCriteriaId":"68F37A38-9BC3-43FD-8E71-4EED079156D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:x86:*","matchCriteriaId":"AFFA09D5-9992-462F-B52E-A1DDE2462064"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_2021:-:*:*:*:ltsc:-:x64:*","matchCriteriaId":"1D518075-3362-4D15-93B1-0E6C61518D16"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_2021:-:*:*:*:ltsc:-:x86:*","matchCriteriaId":"1059BEC6-C30B-4F0F-A878-5267A21CBD85"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_2024:-:*:*:*:ltsc:-:x64:*","matchCriteriaId":"55A9AFDA-D77B-4CC7-ACE5-3A2ABDA257D8"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_2024:-:*:*:*:ltsc:-:x86:*","matchCriteriaId":"8887D177-26A3-4008-89B6-50A9E9830F13"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47293","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-47643","sourceIdentifier":"secure@microsoft.com","published":"2026-06-09T17:17:36.270","lastModified":"2026-06-17T22:03:55.190","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Azure Stack Edge","versions":[{"version":"2.2.0","lessThan":"3.3.2604.3097","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-10T14:10:56.746465Z","id":"CVE-2026-47643","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-73"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-610"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:azure_stack_edge:*:*:*:*:*:*:*:*","versionEndExcluding":"3.3.2604.3097","matchCriteriaId":"0639500B-7B26-4E4A-B3F2-20692F3B29DA"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47643","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-50508","sourceIdentifier":"secure@microsoft.com","published":"2026-06-09T17:17:50.027","lastModified":"2026-06-17T22:07:34.963","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Windows 10 Version 1607","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"10.0.14393.0","lessThan":"10.0.14393.9234","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 version 22H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.22621.0","lessThan":"10.0.22631.7219","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2012","platforms":["x64-based Systems"],"versions":[{"version":"6.2.9200.0","lessThan":"6.2.9200.26132","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2012 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"6.2.9200.0","lessThan":"6.2.9200.26132","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2012 R2","platforms":["x64-based Systems"],"versions":[{"version":"6.3.9600.0","lessThan":"6.3.9600.23228","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2012 R2 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"6.3.9600.0","lessThan":"6.3.9600.23228","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2016","platforms":["x64-based Systems"],"versions":[{"version":"10.0.14393.0","lessThan":"10.0.14393.9234","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2016 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.14393.0","lessThan":"10.0.14393.9234","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2022","platforms":["x64-based Systems"],"versions":[{"version":"10.0.20348.0","lessThan":"10.0.20348.5256","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server version 2004","platforms":["x64-based Systems"],"versions":[{"version":"10.0.0","lessThan":"10.0.19045.7417","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-09T18:02:47.315449Z","id":"CVE-2026-50508","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.14393.9234","matchCriteriaId":"039BC4EF-6E49-4A8C-B1A4-BFAD9F24EC01"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.14393.9234","matchCriteriaId":"2221A0A5-45F3-4903-943A-19E7AA69496B"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.22631.7219","matchCriteriaId":"D9DFAB11-7CE0-4C82-8C71-5F5708402E29"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.22631.7219","matchCriteriaId":"4F21AC3F-4A21-4DAD-8CFC-5EB50DCA2393"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.19045.7417","matchCriteriaId":"89FB9FFB-5EC4-4CC3-904C-E338A5771DE6"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*","matchCriteriaId":"A7DF96F8-BA6A-4780-9CA3-F719B3F81074"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*","matchCriteriaId":"DB18C4CE-5917-401E-ACF7-2747084FD36E"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.14393.9234","matchCriteriaId":"B3F7E1F6-48D5-4ECB-9BF8-4238903FC194"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.20348.5256","matchCriteriaId":"27363D97-D4A9-4709-9854-F78F7EBCFB27"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50508","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-11799","sourceIdentifier":"security@mozilla.org","published":"2026-06-09T21:17:03.410","lastModified":"2026-06-17T19:12:50.120","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"UXSS in Focus for iOS / Klar Webkit navigation. This vulnerability was fixed in Focus for iOS 151.3.1 and Klar for iOS 151.3.1."}],"affected":[{"source":"security@mozilla.org","affectedData":[{"vendor":"Mozilla","product":"Focus for iOS","versions":[{"version":"151.3.1","lessThanOrEqual":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Mozilla","product":"Klar for iOS","versions":[{"version":"151.3.1","lessThanOrEqual":"*","versionType":"rpm","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-10T15:46:23.194997Z","id":"CVE-2026-11799","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:focus:*:*:*:*:*:iphone_os:*:*","versionEndExcluding":"151.3.1","matchCriteriaId":"8339EA66-FC5D-4D7A-B097-35FC7E18D41C"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:klar:*:*:*:*:*:iphone_os:*:*","versionEndExcluding":"151.3.1","matchCriteriaId":"BFD1975B-15CE-4B6B-B4CF-2299E669F46C"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1975667","source":"security@mozilla.org","tags":["Permissions Required"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-55/","source":"security@mozilla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-62851","sourceIdentifier":"security@qnapsecurity.com.tw","published":"2026-06-10T04:17:11.913","lastModified":"2026-06-17T13:19:15.967","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A path traversal vulnerability has been reported to affect License Center. If a local attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data.\n\nWe have already fixed the vulnerability in the following version:\nLicense Center 1.9.56 and later"}],"affected":[{"source":"security@qnapsecurity.com.tw","affectedData":[{"vendor":"QNAP Systems Inc.","product":"License Center","defaultStatus":"unaffected","versions":[{"version":"1.9.0","lessThan":"1.9.56","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@qnapsecurity.com.tw","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-10T15:55:47.995599Z","id":"CVE-2025-62851","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@qnapsecurity.com.tw","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:qnap:license_center:*:*:*:*:*:*:*:*","versionStartIncluding":"1.9.36","versionEndExcluding":"1.9.56","matchCriteriaId":"B2483D14-61B9-4B4A-818F-4B2320659F69"}]}]}],"references":[{"url":"https://www.qnap.com/en/security-advisory/qsa-26-35","source":"security@qnapsecurity.com.tw"}]}},{"cve":{"id":"CVE-2026-22899","sourceIdentifier":"security@qnapsecurity.com.tw","published":"2026-06-10T04:17:16.270","lastModified":"2026-06-17T13:20:09.270","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A NULL pointer dereference vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following version:\nFile Station 5 5.5.6.5208 and later"}],"affected":[{"source":"security@qnapsecurity.com.tw","affectedData":[{"vendor":"QNAP Systems Inc.","product":"File Station 5","defaultStatus":"unaffected","versions":[{"version":"5.5.0","lessThan":"5.5.6.5208","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@qnapsecurity.com.tw","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-10T15:48:27.435909Z","id":"CVE-2026-22899","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@qnapsecurity.com.tw","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:qnap:file_station:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5.6.4691","versionEndExcluding":"5.5.6.5208","matchCriteriaId":"C0E422FA-4EF8-4714-AFAF-E7143DBFA2CE"}]}]}],"references":[{"url":"https://www.qnap.com/en/security-advisory/qsa-26-10","source":"security@qnapsecurity.com.tw"}]}},{"cve":{"id":"CVE-2026-24720","sourceIdentifier":"security@qnapsecurity.com.tw","published":"2026-06-10T04:17:17.127","lastModified":"2026-06-17T13:20:11.053","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource.\n\nWe have already fixed the vulnerability in the following version:\nFile Station 5 5.5.6.5243 and later"}],"affected":[{"source":"security@qnapsecurity.com.tw","affectedData":[{"vendor":"QNAP Systems Inc.","product":"File Station 5","defaultStatus":"unaffected","versions":[{"version":"5.5.0","lessThan":"5.5.6.5243","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@qnapsecurity.com.tw","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-10T15:47:39.848867Z","id":"CVE-2026-24720","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@qnapsecurity.com.tw","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:qnap:file_station:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5.6.4691","versionEndExcluding":"5.5.6.5243","matchCriteriaId":"93B729A0-2E61-4873-9039-4EF08448BD6F"}]}]}],"references":[{"url":"https://www.qnap.com/en/security-advisory/qsa-26-10","source":"security@qnapsecurity.com.tw"}]}},{"cve":{"id":"CVE-2026-24724","sourceIdentifier":"security@qnapsecurity.com.tw","published":"2026-06-10T04:17:17.253","lastModified":"2026-06-17T13:20:11.200","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An incorrect authorization vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass intended access restrictions.\n\nWe have already fixed the vulnerability in the following version:\nFile Station 5 5.5.6.5243 and later"}],"affected":[{"source":"security@qnapsecurity.com.tw","affectedData":[{"vendor":"QNAP Systems Inc.","product":"File Station 5","defaultStatus":"unaffected","versions":[{"version":"5.5.0","lessThan":"5.5.6.5243","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@qnapsecurity.com.tw","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-10T15:09:18.305756Z","id":"CVE-2026-24724","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@qnapsecurity.com.tw","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:qnap:file_station:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5.6.4691","versionEndExcluding":"5.5.6.5243","matchCriteriaId":"93B729A0-2E61-4873-9039-4EF08448BD6F"}]}]}],"references":[{"url":"https://www.qnap.com/en/security-advisory/qsa-26-10","source":"security@qnapsecurity.com.tw"}]}},{"cve":{"id":"CVE-2026-26237","sourceIdentifier":"security@qnapsecurity.com.tw","published":"2026-06-10T04:17:19.067","lastModified":"2026-06-17T13:20:11.903","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions.\n\nWe have already fixed the vulnerability in the following version:\nQuMagie 2.9.0 and later"}],"affected":[{"source":"security@qnapsecurity.com.tw","affectedData":[{"vendor":"QNAP Systems Inc.","product":"QuMagie","defaultStatus":"unaffected","versions":[{"version":"2.9.0","lessThan":"2.9.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@qnapsecurity.com.tw","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-10T15:25:18.868667Z","id":"CVE-2026-26237","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@qnapsecurity.com.tw","type":"Secondary","description":[{"lang":"en","value":"CWE-359"},{"lang":"en","value":"CWE-862"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:qnap:qumagie:*:*:*:*:*:*:*:*","versionEndExcluding":"2.9.0","matchCriteriaId":"B04C9EA2-D3DA-4201-9509-E5D601C7A184"}]}]}],"references":[{"url":"https://www.qnap.com/en/security-advisory/qsa-26-35","source":"security@qnapsecurity.com.tw"}]}},{"cve":{"id":"CVE-2026-26239","sourceIdentifier":"security@qnapsecurity.com.tw","published":"2026-06-10T04:17:21.290","lastModified":"2026-06-17T13:20:12.043","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A buffer overflow vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.\n\nWe have already fixed the vulnerability in the following version:\nFile Station 5 5.5.6.5208 and later"}],"affected":[{"source":"security@qnapsecurity.com.tw","affectedData":[{"vendor":"QNAP Systems Inc.","product":"File Station 5","defaultStatus":"unaffected","versions":[{"version":"5.5.0","lessThan":"5.5.6.5208","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@qnapsecurity.com.tw","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-10T15:10:18.381806Z","id":"CVE-2026-26239","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@qnapsecurity.com.tw","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:qnap:file_station:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5.6.4691","versionEndExcluding":"5.5.6.5208","matchCriteriaId":"C0E422FA-4EF8-4714-AFAF-E7143DBFA2CE"}]}]}],"references":[{"url":"https://www.qnap.com/en/security-advisory/qsa-26-10","source":"security@qnapsecurity.com.tw"}]}},{"cve":{"id":"CVE-2026-26240","sourceIdentifier":"security@qnapsecurity.com.tw","published":"2026-06-10T05:16:38.987","lastModified":"2026-06-17T13:20:12.183","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash processes.\n\nWe have already fixed the vulnerability in the following version:\nFile Station 5 5.5.6.5243 and later"}],"affected":[{"source":"security@qnapsecurity.com.tw","affectedData":[{"vendor":"QNAP Systems Inc.","product":"File Station 5","defaultStatus":"unaffected","versions":[{"version":"5.5.0","lessThan":"5.5.6.5243","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@qnapsecurity.com.tw","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-10T15:03:16.075925Z","id":"CVE-2026-26240","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@qnapsecurity.com.tw","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:qnap:file_station:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5.6.4691","versionEndExcluding":"5.5.6.5243","matchCriteriaId":"93B729A0-2E61-4873-9039-4EF08448BD6F"}]}]}],"references":[{"url":"https://www.qnap.com/en/security-advisory/qsa-26-10","source":"security@qnapsecurity.com.tw"}]}},{"cve":{"id":"CVE-2026-26241","sourceIdentifier":"security@qnapsecurity.com.tw","published":"2026-06-10T05:16:39.103","lastModified":"2026-06-17T13:20:12.333","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash processes.\n\nWe have already fixed the vulnerability in the following version:\nFile Station 5 5.5.6.5243 and later"}],"affected":[{"source":"security@qnapsecurity.com.tw","affectedData":[{"vendor":"QNAP Systems Inc.","product":"File Station 5","defaultStatus":"unaffected","versions":[{"version":"5.5.0","lessThan":"5.5.6.5243","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@qnapsecurity.com.tw","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-10T15:06:36.049896Z","id":"CVE-2026-26241","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@qnapsecurity.com.tw","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:qnap:file_station:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5.6.4691","versionEndExcluding":"5.5.6.5243","matchCriteriaId":"93B729A0-2E61-4873-9039-4EF08448BD6F"}]}]}],"references":[{"url":"https://www.qnap.com/en/security-advisory/qsa-26-10","source":"security@qnapsecurity.com.tw"}]}},{"cve":{"id":"CVE-2026-10846","sourceIdentifier":"sep@nlnetlabs.nl","published":"2026-06-10T07:16:24.443","lastModified":"2026-06-17T14:07:53.217","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in applications as (stub) resolver over UDP, lacks matching the query destination address and port with the response source address and port. Furthermore not the query ID, neither the question of the query is matched with that of the response. This makes applications, that use ldns for (stub) resolver functionality over UDP, vulnerable for off-path poisoning attacks. The drill tool, which is shipped with ldns, suffers from this vulnerability."}],"affected":[{"source":"sep@nlnetlabs.nl","affectedData":[{"vendor":"NLnet Labs","product":"ldns","defaultStatus":"unaffected","versions":[{"version":"1.2.0","lessThan":"1.9.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"sep@nlnetlabs.nl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-10T14:43:35.371858Z","id":"CVE-2026-10846","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"sep@nlnetlabs.nl","type":"Secondary","description":[{"lang":"en","value":"CWE-346"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nlnetlabs:ldns:*:*:*:*:*:*:*:*","versionStartIncluding":"1.2.0","versionEndExcluding":"1.9.1","matchCriteriaId":"0BDEF1E6-EFC9-42D7-925C-550AFF61E2DF"}]}]}],"references":[{"url":"https://www.nlnetlabs.nl/downloads/ldns/CVE-2026-10846.txt","source":"sep@nlnetlabs.nl","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/06/10/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-53469","sourceIdentifier":"secalert@redhat.com","published":"2026-06-10T15:16:41.430","lastModified":"2026-06-17T14:09:32.077","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in migration-planner. An authenticated user can exploit this vulnerability by sending a DELETE request to the /api/v1/sources route, which lacks proper authorization and filtering. This allows for the destruction of all customer data, including sources, agents, and assessments, leading to a critical loss of availability and integrity across the entire SaaS platform."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"defaultStatus":"unaffected","collectionURL":"https://github.com/kubev2v/migration-planner","packageName":"migration-planner","versions":[{"version":"0","lessThan":"0.13.5","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-10T14:48:42.775859Z","id":"CVE-2026-53469","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:kebev2v:migration_assessment:*:*:*:*:*:*:*:*","versionEndExcluding":"0.13.5","matchCriteriaId":"D4EBB8F7-42D3-4F76-B018-C8922D387627"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-53469","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2487065","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/kubev2v/migration-planner/pull/1227","source":"secalert@redhat.com","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-53470","sourceIdentifier":"secalert@redhat.com","published":"2026-06-10T15:16:41.567","lastModified":"2026-06-17T14:28:59.467","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in migration-planner. An authenticated attacker could exploit an improper access control vulnerability in the `/api/v1/sources/{id}/image-url` endpoint. This flaw allows the attacker to bypass an ownership check and obtain presigned S3 URLs for Open Virtual Appliance (OVA) images belonging to other users. Consequently, the attacker can download OVA images containing sensitive information, such as long-lived agent JSON Web Tokens (JWTs) and source configurations, potentially leading to unauthorized access and modification of the victim's source."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"defaultStatus":"unaffected","collectionURL":"https://github.com/kubev2v/migration-planner","packageName":"migration-planner","versions":[{"version":"0","lessThan":"0.13.5","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":5.8},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-10T14:43:23.885450Z","id":"CVE-2026-53470","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:kebev2v:migration_assessment:*:*:*:*:*:*:*:*","versionEndExcluding":"0.13.5","matchCriteriaId":"D4EBB8F7-42D3-4F76-B018-C8922D387627"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-53470","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2487069","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/kubev2v/migration-planner/pull/1218","source":"secalert@redhat.com","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-53471","sourceIdentifier":"secalert@redhat.com","published":"2026-06-10T15:16:41.703","lastModified":"2026-06-17T14:45:23.597","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in migration-planner. The agent-API middleware processes JSON Web Tokens (JWTs) for authentication, but its UpdateSourceInventory and UpdateAgentStatus handlers fail to validate the source_id claim within these tokens against the requested source ID. This oversight allows an authenticated attacker with a valid agent token to manipulate data across different tenants, leading to a complete collapse of tenant isolation. This could result in unauthorized overwriting of victim inventory, planting of malicious credential URLs, or corruption of migration assessments."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"defaultStatus":"unaffected","collectionURL":"https://github.com/kubev2v/migration-planner","packageName":"migration-planner","versions":[{"version":"0","lessThan":"0.13.5","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":5.8},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-10T16:02:11.706466Z","id":"CVE-2026-53471","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:kebev2v:migration_assessment:*:*:*:*:*:*:*:*","versionEndExcluding":"0.13.5","matchCriteriaId":"D4EBB8F7-42D3-4F76-B018-C8922D387627"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-53471","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2487070","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/kubev2v/migration-planner/pull/1213","source":"secalert@redhat.com","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-12013","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-06-11T22:16:53.823","lastModified":"2026-06-17T13:19:34.107","vulnStatus":"Rejected","cveTags":[],"descriptions":[{"lang":"en","value":"Rejected reason: Determined not a vulnerability"}],"metrics":{},"references":[]}},{"cve":{"id":"CVE-2026-47190","sourceIdentifier":"security-advisories@github.com","published":"2026-06-12T16:16:29.643","lastModified":"2026-06-17T14:47:13.983","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"IPAM is the IP address Manager for Cluster API Provider Metal3. Prior to versions 1.11.7, 1.12.4, and 1.13.0, the IPAM controller's ClusterRole granted full CRUD permissions (create, delete, get, list, patch, update, watch) on core/v1 Secrets. The controller never accesses Secrets during normal operation. If the controller pod were compromised (e.g. via supply chain attack or container escape), an attacker could leverage these excessive permissions to read, modify, or delete Secrets in the namespace, potentially exposing credentials and other sensitive data. This issue has been patched in versions 1.11.7, 1.12.4, and 1.13.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"metal3-io","product":"ip-address-manager","versions":[{"version":"< 1.11.7","status":"affected"},{"version":"< 1.12.4","status":"affected"},{"version":"< 1.13.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.7,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.7,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-13T03:18:02.798663Z","id":"CVE-2026-47190","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-250"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:metal3:ip-address-manager:*:*:*:*:*:*:*:*","versionStartIncluding":"1.11.0","versionEndExcluding":"1.11.7","matchCriteriaId":"17A1B2B9-82E2-46CF-AD10-E4FC92F7AA53"},{"vulnerable":true,"criteria":"cpe:2.3:a:metal3:ip-address-manager:*:*:*:*:*:*:*:*","versionStartIncluding":"1.12.0","versionEndExcluding":"1.12.4","matchCriteriaId":"A1236AE2-DFF2-4BA8-93ED-4FF141ABDB71"},{"vulnerable":true,"criteria":"cpe:2.3:a:metal3:ip-address-manager:1.13.0:beta0:*:*:*:*:*:*","matchCriteriaId":"70F84CF0-52E5-4CE1-AB0E-F0D89186423E"},{"vulnerable":true,"criteria":"cpe:2.3:a:metal3:ip-address-manager:1.13.0:rc0:*:*:*:*:*:*","matchCriteriaId":"5ADBE108-926D-4851-84A3-784D5530F72C"}]}]}],"references":[{"url":"https://github.com/metal3-io/ip-address-manager/pull/1355","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/metal3-io/ip-address-manager/pull/1356","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/metal3-io/ip-address-manager/pull/1357","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/metal3-io/ip-address-manager/security/advisories/GHSA-49pm-43hf-6xfq","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-3840","sourceIdentifier":"security@huntr.dev","published":"2026-06-12T17:16:22.603","lastModified":"2026-06-17T19:20:18.607","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in Kedro version 1.2.0 allows an attacker to exploit path traversal by providing a crafted version string. The `_get_versioned_path()` method in `kedro/io/core.py` directly interpolates user-supplied version strings into filesystem paths without sanitization. This enables an attacker to escape the intended versioned dataset directory and access files outside the expected path. The issue is also reachable through the CLI via the `--load-versions` parameter, as `_split_load_versions()` in `kedro/framework/cli/utils.py` does not validate the version string. This vulnerability can lead to unauthorized file reads, data poisoning, cross-project or cross-tenant data access, and broader downstream impacts in environments where Kedro is used with automation or orchestration layers."}],"affected":[{"source":"security@huntr.dev","affectedData":[{"vendor":"kedro-org","product":"kedro-org/kedro","versions":[{"version":"unspecified","lessThanOrEqual":"latest","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-12T17:20:38.188127Z","id":"CVE-2026-3840","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:linuxfoundation:kedro:1.2.0:*:*:*:*:python:*:*","matchCriteriaId":"D914ECF7-0C7D-425A-884D-C4BC28E5DBAF"}]}]}],"references":[{"url":"https://huntr.com/bounties/156dead0-1ad5-487f-b7f5-84e707277f76","source":"security@huntr.dev","tags":["Exploit","Third Party Advisory"]},{"url":"https://huntr.com/bounties/156dead0-1ad5-487f-b7f5-84e707277f76","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-44169","sourceIdentifier":"security-advisories@github.com","published":"2026-06-12T18:16:33.713","lastModified":"2026-06-17T16:24:19.620","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"MariaDB server is a community developed fork of MySQL server. From versions 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, a user getting EXECUTE access to a stored routine via a role, could see the routine definition even without SHOW CREATE ROUTINE privilege. This issue has been patched in versions 11.4.11, 11.8.7, and 12.3.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"MariaDB","product":"server","versions":[{"version":">= 11.4.1, < 11.4.11","status":"affected"},{"version":">= 11.8.1, < 11.8.7","status":"affected"},{"version":">= 12.3.1, < 12.3.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-13T03:24:33.051833Z","id":"CVE-2026-44169","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*","versionStartIncluding":"11.4.1","versionEndExcluding":"11.4.11","matchCriteriaId":"DE5BBBEB-2714-4C1F-8662-23C932A72725"},{"vulnerable":true,"criteria":"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*","versionStartIncluding":"11.8.1","versionEndExcluding":"11.8.7","matchCriteriaId":"7C894B8F-EBFD-4835-8245-CDC7230CBC0D"},{"vulnerable":true,"criteria":"cpe:2.3:a:mariadb:mariadb:12.3.1:*:*:*:*:*:*:*","matchCriteriaId":"57DFA226-8D97-4A19-8A62-426042F5416D"}]}]}],"references":[{"url":"https://github.com/MariaDB/server/security/advisories/GHSA-22xq-vq3f-87x2","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://jira.mariadb.org/browse/MDEV-39288","source":"security-advisories@github.com","tags":["Issue Tracking"]}]}},{"cve":{"id":"CVE-2026-44779","sourceIdentifier":"security-advisories@github.com","published":"2026-06-12T21:16:21.503","lastModified":"2026-06-17T14:52:31.263","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, bot debug endpoints disclose whisper translation audit logs. This issue has been patched in versions 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"discourse","product":"discourse","versions":[{"version":">= 2026.1.0-latest, < 2026.1.4","status":"affected"},{"version":">= 2026.3.0-latest, < 2026.3.1","status":"affected"},{"version":">= 2026.4.0-latest, < 2026.4.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-15T18:05:00.992680Z","id":"CVE-2026-44779","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionEndExcluding":"2026.1.0","matchCriteriaId":"C4B2317D-D085-4564-8D41-AD4EBA6F61BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionStartIncluding":"2026.1.0","versionEndExcluding":"2026.1.4","matchCriteriaId":"E82B178E-8F1C-4AD6-A18A-649091C3BCFE"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionStartIncluding":"2026.3.0","versionEndExcluding":"2026.3.1","matchCriteriaId":"53A8996E-FEBF-43B0-92E6-38ECC9381013"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionStartIncluding":"2026.4.0","versionEndExcluding":"2026.4.1","matchCriteriaId":"CD3531A1-E4CB-42E5-BEE0-80C443DBEDEE"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:2026.5.0:*:*:*:latest:*:*:*","matchCriteriaId":"8AD4BB38-1D03-4ECD-BFAB-900D57689A31"}]}]}],"references":[{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-x6mr-wjq6-495j","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44780","sourceIdentifier":"security-advisories@github.com","published":"2026-06-12T21:16:21.643","lastModified":"2026-06-17T18:56:03.627","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, ReviewableQueuedPostSerializer unconditionally included payload[\"raw_email\"] for posts that arrived via incoming email. Category moderation group members reaching the review queue could therefore read the full inbound email source (headers, sender trace, MUA, body) without being in view_raw_email_allowed_groups — the trust boundary that gates the dedicated raw-email endpoint. This issue has been patched in versions 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"discourse","product":"discourse","versions":[{"version":">= 2026.4.0-latest, < 2026.4.1","status":"affected"},{"version":">= 2026.3.0-latest, < 2026.3.1","status":"affected"},{"version":">= 2026.1.0-latest, < 2026.1.4","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-15T18:49:07.860587Z","id":"CVE-2026-44780","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionEndExcluding":"2026.1.0","matchCriteriaId":"C4B2317D-D085-4564-8D41-AD4EBA6F61BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionStartIncluding":"2026.1.0","versionEndExcluding":"2026.1.4","matchCriteriaId":"E82B178E-8F1C-4AD6-A18A-649091C3BCFE"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionStartIncluding":"2026.3.0","versionEndExcluding":"2026.3.1","matchCriteriaId":"53A8996E-FEBF-43B0-92E6-38ECC9381013"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionStartIncluding":"2026.4.0","versionEndExcluding":"2026.4.1","matchCriteriaId":"CD3531A1-E4CB-42E5-BEE0-80C443DBEDEE"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:2026.5.0:*:*:*:latest:*:*:*","matchCriteriaId":"8AD4BB38-1D03-4ECD-BFAB-900D57689A31"}]}]}],"references":[{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-h2jr-whpx-6w63","source":"security-advisories@github.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-44782","sourceIdentifier":"security-advisories@github.com","published":"2026-06-12T21:16:21.780","lastModified":"2026-06-17T18:55:58.420","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, GroupPostSerializer declared include_user_long_name? as the predicate for its :name attribute, but AMS looks for include_name?. The misnamed predicate was never called, so object.user.name was always serialized regardless of SiteSetting.enable_names. This issue has been patched in versions 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"discourse","product":"discourse","versions":[{"version":">= 2026.1.0-latest, < 2026.1.4","status":"affected"},{"version":">= 2026.3.0-latest, < 2026.3.1","status":"affected"},{"version":">= 2026.4.0-latest, < 2026.4.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-15T13:03:32.668652Z","id":"CVE-2026-44782","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionEndExcluding":"2026.1.0","matchCriteriaId":"C4B2317D-D085-4564-8D41-AD4EBA6F61BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionStartIncluding":"2026.1.0","versionEndExcluding":"2026.1.4","matchCriteriaId":"E82B178E-8F1C-4AD6-A18A-649091C3BCFE"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionStartIncluding":"2026.3.0","versionEndExcluding":"2026.3.1","matchCriteriaId":"53A8996E-FEBF-43B0-92E6-38ECC9381013"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionStartIncluding":"2026.4.0","versionEndExcluding":"2026.4.1","matchCriteriaId":"CD3531A1-E4CB-42E5-BEE0-80C443DBEDEE"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:2026.5.0:*:*:*:latest:*:*:*","matchCriteriaId":"8AD4BB38-1D03-4ECD-BFAB-900D57689A31"}]}]}],"references":[{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-h3mq-9r6w-h33j","source":"security-advisories@github.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-44783","sourceIdentifier":"security-advisories@github.com","published":"2026-06-12T21:16:21.917","lastModified":"2026-06-17T18:55:51.257","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, a flaw in how replies to whisper posts are handled allows authenticated users outside the groups configured in whispers_allowed_groups to post into a topic's staff-only whisper channel. The injected content is visible to whisperers (typically staff) alongside legitimate whispers. Only sites that have whispers enabled are affected. This issue has been patched in versions 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"discourse","product":"discourse","versions":[{"version":">= 2026.1.0-latest, < 2026.1.4","status":"affected"},{"version":">= 2026.3.0-latest, < 2026.3.1","status":"affected"},{"version":">= 2026.4.0-latest, < 2026.4.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-15T18:44:52.666793Z","id":"CVE-2026-44783","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionEndExcluding":"2026.1.0","matchCriteriaId":"C4B2317D-D085-4564-8D41-AD4EBA6F61BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionStartIncluding":"2026.1.0","versionEndExcluding":"2026.1.4","matchCriteriaId":"E82B178E-8F1C-4AD6-A18A-649091C3BCFE"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionStartIncluding":"2026.3.0","versionEndExcluding":"2026.3.1","matchCriteriaId":"53A8996E-FEBF-43B0-92E6-38ECC9381013"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionStartIncluding":"2026.4.0","versionEndExcluding":"2026.4.1","matchCriteriaId":"CD3531A1-E4CB-42E5-BEE0-80C443DBEDEE"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:2026.5.0:*:*:*:latest:*:*:*","matchCriteriaId":"8AD4BB38-1D03-4ECD-BFAB-900D57689A31"}]}]}],"references":[{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-98ch-mgfj-wqpw","source":"security-advisories@github.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-44784","sourceIdentifier":"security-advisories@github.com","published":"2026-06-12T21:16:22.047","lastModified":"2026-06-17T18:50:24.733","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, group owners who are not necessarily admins or moderators can view a group's outgoing email/SMTP credentials in plaintext via the group history log (/groups/:name/logs.json). Affected fields: email_password, email_username, smtp_server, smtp_port, smtp_ssl_mode. The most sensitive item is the SMTP password, which an owner could use to send mail as the group from outside Discourse. This impacts sites that have configured per-group SMTP credentials and granted group ownership to users who should not have access to those credentials. This issue has been patched in versions 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"discourse","product":"discourse","versions":[{"version":">= 2026.1.0-latest, < 2026.1.4","status":"affected"},{"version":">= 2026.3.0-latest, < 2026.3.1","status":"affected"},{"version":">= 2026.4.0-latest, < 2026.4.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-13T03:29:41.802605Z","id":"CVE-2026-44784","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionEndExcluding":"2026.1.0","matchCriteriaId":"C4B2317D-D085-4564-8D41-AD4EBA6F61BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionStartIncluding":"2026.1.0","versionEndExcluding":"2026.1.4","matchCriteriaId":"E82B178E-8F1C-4AD6-A18A-649091C3BCFE"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionStartIncluding":"2026.3.0","versionEndExcluding":"2026.3.1","matchCriteriaId":"53A8996E-FEBF-43B0-92E6-38ECC9381013"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionStartIncluding":"2026.4.0","versionEndExcluding":"2026.4.1","matchCriteriaId":"CD3531A1-E4CB-42E5-BEE0-80C443DBEDEE"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:2026.5.0:*:*:*:latest:*:*:*","matchCriteriaId":"8AD4BB38-1D03-4ECD-BFAB-900D57689A31"}]}]}],"references":[{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-94c5-j24g-r99f","source":"security-advisories@github.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-44785","sourceIdentifier":"security-advisories@github.com","published":"2026-06-12T21:16:22.180","lastModified":"2026-06-17T18:47:00.027","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, the AI \"explain\" helper only checks can_see? on the post being explained, not its reply_to_post, so any authenticated user with access to the AI helper could read the raw contents of a hidden parent post by invoking \"Explain\" on a reply to it. This issue has been patched in versions 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"discourse","product":"discourse","versions":[{"version":">= 2026.1.0-latest, < 2026.1.4","status":"affected"},{"version":">= 2026.3.0-latest, < 2026.3.1","status":"affected"},{"version":">= 2026.4.0-latest, < 2026.4.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-15T18:04:28.081326Z","id":"CVE-2026-44785","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionEndExcluding":"2026.1.0","matchCriteriaId":"C4B2317D-D085-4564-8D41-AD4EBA6F61BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionStartIncluding":"2026.1.0","versionEndExcluding":"2026.1.4","matchCriteriaId":"E82B178E-8F1C-4AD6-A18A-649091C3BCFE"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionStartIncluding":"2026.3.0","versionEndExcluding":"2026.3.1","matchCriteriaId":"53A8996E-FEBF-43B0-92E6-38ECC9381013"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionStartIncluding":"2026.4.0","versionEndExcluding":"2026.4.1","matchCriteriaId":"CD3531A1-E4CB-42E5-BEE0-80C443DBEDEE"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:2026.5.0:*:*:*:latest:*:*:*","matchCriteriaId":"8AD4BB38-1D03-4ECD-BFAB-900D57689A31"}]}]}],"references":[{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-7h76-fwxc-j586","source":"security-advisories@github.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-44786","sourceIdentifier":"security-advisories@github.com","published":"2026-06-12T21:16:22.313","lastModified":"2026-06-17T18:46:46.610","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, chat events for public category channels are published to MessageBus without permission scoping, so any MessageBus subscriber without chat enabled could receive chat message payloads in real time. This issue has been patched in versions 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"discourse","product":"discourse","versions":[{"version":">= 2026.1.0-latest, < 2026.1.4","status":"affected"},{"version":">= 2026.3.0-latest, < 2026.3.1","status":"affected"},{"version":">= 2026.4.0-latest, < 2026.4.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-15T16:06:00.523976Z","id":"CVE-2026-44786","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionEndExcluding":"2026.1.0","matchCriteriaId":"C4B2317D-D085-4564-8D41-AD4EBA6F61BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionStartIncluding":"2026.1.0","versionEndExcluding":"2026.1.4","matchCriteriaId":"E82B178E-8F1C-4AD6-A18A-649091C3BCFE"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionStartIncluding":"2026.3.0","versionEndExcluding":"2026.3.1","matchCriteriaId":"53A8996E-FEBF-43B0-92E6-38ECC9381013"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionStartIncluding":"2026.4.0","versionEndExcluding":"2026.4.1","matchCriteriaId":"CD3531A1-E4CB-42E5-BEE0-80C443DBEDEE"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:2026.5.0:*:*:*:latest:*:*:*","matchCriteriaId":"8AD4BB38-1D03-4ECD-BFAB-900D57689A31"}]}]}],"references":[{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-j7wq-rf5c-8783","source":"security-advisories@github.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-45085","sourceIdentifier":"security-advisories@github.com","published":"2026-06-12T21:16:23.123","lastModified":"2026-06-17T18:46:25.643","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, four authorization/disclosure issues in the chat plugin (one also involving discourse-calendar): read-only category users could create chat threads, self-deleted chat messages could be restored by their author after channel access was revoked, moderators reviewing a flagged chat message were shown the channel's current last_message (often unrelated DM content), and calendar event payloads exposed the attached chat channel and its last message to viewers without chat access (including anonymous users). This affects sites with the chat plugin enabled; the calendar issue additionally requires discourse-calendar. This issue has been patched in versions 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"discourse","product":"discourse","versions":[{"version":">= 2026.1.0-latest, < 2026.1.4","status":"affected"},{"version":">= 2026.3.0-latest, < 2026.3.1","status":"affected"},{"version":">= 2026.4.0-latest, < 2026.4.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-15T18:45:55.268909Z","id":"CVE-2026-45085","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionEndExcluding":"2026.1.0","matchCriteriaId":"C4B2317D-D085-4564-8D41-AD4EBA6F61BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionStartIncluding":"2026.1.0","versionEndExcluding":"2026.1.4","matchCriteriaId":"E82B178E-8F1C-4AD6-A18A-649091C3BCFE"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionStartIncluding":"2026.3.0","versionEndExcluding":"2026.3.1","matchCriteriaId":"53A8996E-FEBF-43B0-92E6-38ECC9381013"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionStartIncluding":"2026.4.0","versionEndExcluding":"2026.4.1","matchCriteriaId":"CD3531A1-E4CB-42E5-BEE0-80C443DBEDEE"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:2026.5.0:*:*:*:latest:*:*:*","matchCriteriaId":"8AD4BB38-1D03-4ECD-BFAB-900D57689A31"}]}]}],"references":[{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-rw8j-p2gv-q33w","source":"security-advisories@github.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-45775","sourceIdentifier":"security-advisories@github.com","published":"2026-06-12T21:16:23.267","lastModified":"2026-06-17T18:41:42.367","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, a path traversal vulnerability in Discourse backup handling could allow an authenticated administrator on one site in a multisite deployment to access backup files belonging to another site when backups are stored locally. In affected configurations, an admin on Site A could potentially retrieve sensitive backup data from Site B (same host, multisite) by crafting a backup download request with a traversal payload. This issue has been patched in versions 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"discourse","product":"discourse","versions":[{"version":">= 2026.1.0-latest, < 2026.1.4","status":"affected"},{"version":">= 2026.3.0-latest, < 2026.3.1","status":"affected"},{"version":">= 2026.4.0-latest, < 2026.4.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-15T13:04:00.026180Z","id":"CVE-2026-45775","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionEndExcluding":"2026.1.0","matchCriteriaId":"C4B2317D-D085-4564-8D41-AD4EBA6F61BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionStartIncluding":"2026.1.0","versionEndExcluding":"2026.1.4","matchCriteriaId":"E82B178E-8F1C-4AD6-A18A-649091C3BCFE"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionStartIncluding":"2026.3.0","versionEndExcluding":"2026.3.1","matchCriteriaId":"53A8996E-FEBF-43B0-92E6-38ECC9381013"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionStartIncluding":"2026.4.0","versionEndExcluding":"2026.4.1","matchCriteriaId":"CD3531A1-E4CB-42E5-BEE0-80C443DBEDEE"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:2026.5.0:*:*:*:latest:*:*:*","matchCriteriaId":"8AD4BB38-1D03-4ECD-BFAB-900D57689A31"}]}]}],"references":[{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-5j6v-4x6g-9pg5","source":"security-advisories@github.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-47263","sourceIdentifier":"security-advisories@github.com","published":"2026-06-12T21:16:23.537","lastModified":"2026-06-17T18:41:27.190","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, the MessageBus.publish call for /web_hook_events/<id> in Jobs::RedeliverWebHookEvents did not pass group_ids, leaving the channel readable by any authenticated user (or anonymous user on instances where login_required is disabled). Webhook IDs are sequential integers and trivially enumerable. This issue has been patched in versions 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"discourse","product":"discourse","versions":[{"version":">= 2026.1.0-latest, < 2026.1.4","status":"affected"},{"version":">= 2026.3.0-latest, < 2026.3.1","status":"affected"},{"version":">= 2026.4.0-latest, < 2026.4.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-15T18:46:57.427436Z","id":"CVE-2026-47263","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionEndExcluding":"2026.1.0","matchCriteriaId":"C4B2317D-D085-4564-8D41-AD4EBA6F61BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionStartIncluding":"2026.1.0","versionEndExcluding":"2026.1.4","matchCriteriaId":"E82B178E-8F1C-4AD6-A18A-649091C3BCFE"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionStartIncluding":"2026.3.0","versionEndExcluding":"2026.3.1","matchCriteriaId":"53A8996E-FEBF-43B0-92E6-38ECC9381013"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionStartIncluding":"2026.4.0","versionEndExcluding":"2026.4.1","matchCriteriaId":"CD3531A1-E4CB-42E5-BEE0-80C443DBEDEE"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:2026.5.0:*:*:*:latest:*:*:*","matchCriteriaId":"8AD4BB38-1D03-4ECD-BFAB-900D57689A31"}]}]}],"references":[{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-wvrm-9v64-m96p","source":"security-advisories@github.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-47264","sourceIdentifier":"security-advisories@github.com","published":"2026-06-12T21:16:23.680","lastModified":"2026-06-17T18:40:35.387","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, DetailedTagSerializer#tag_group_names returned every tag group a tag belonged to without filtering against the requesting user's visibility. With SiteSetting.tags_listed_by_group enabled, anonymous and unprivileged users hitting TagsController#info (which is exempt from requires_login) could read the names of tag groups restricted to specific user groups or non-visible categories. This issue has been patched in versions 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"discourse","product":"discourse","versions":[{"version":">= 2026.1.0-latest, < 2026.1.4","status":"affected"},{"version":">= 2026.3.0-latest, < 2026.3.1","status":"affected"},{"version":">= 2026.4.0-latest, < 2026.4.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-13T03:30:59.764046Z","id":"CVE-2026-47264","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionEndExcluding":"2026.1.0","matchCriteriaId":"C4B2317D-D085-4564-8D41-AD4EBA6F61BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionStartIncluding":"2026.1.0","versionEndExcluding":"2026.1.4","matchCriteriaId":"E82B178E-8F1C-4AD6-A18A-649091C3BCFE"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionStartIncluding":"2026.3.0","versionEndExcluding":"2026.3.1","matchCriteriaId":"53A8996E-FEBF-43B0-92E6-38ECC9381013"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionStartIncluding":"2026.4.0","versionEndExcluding":"2026.4.1","matchCriteriaId":"CD3531A1-E4CB-42E5-BEE0-80C443DBEDEE"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:2026.5.0:*:*:*:latest:*:*:*","matchCriteriaId":"8AD4BB38-1D03-4ECD-BFAB-900D57689A31"}]}]}],"references":[{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-4q5q-6hh6-53x2","source":"security-advisories@github.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-54421","sourceIdentifier":"cve@mitre.org","published":"2026-06-14T04:16:30.927","lastModified":"2026-06-17T13:20:51.093","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"In OpenStack Ironic before 37.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensitive information (such as iSCSI credentials). The PATCH outcome is a security issue; the POST outcome is not a security issue."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"OpenStack","product":"Ironic","defaultStatus":"unaffected","repo":"https://opendev.org/openstack/ironic","versions":[{"version":"17.0.0","lessThan":"29.0.6","versionType":"semver","status":"affected"},{"version":"30.0.0","lessThan":"32.0.2","versionType":"semver","status":"affected"},{"version":"33.0.0","lessThan":"35.0.2","versionType":"semver","status":"affected"},{"version":"36.0.0","lessThan":"37.0.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-15T17:11:47.109616Z","id":"CVE-2026-54421","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-212"}]}],"references":[{"url":"https://bugs.launchpad.net/ironic/+bug/2155049","source":"cve@mitre.org"},{"url":"https://security.openstack.org/ossa/OSSA-2026-023.html","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/06/16/10","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-20262","sourceIdentifier":"psirt@cisco.com","published":"2026-06-15T18:16:34.820","lastModified":"2026-06-17T13:20:04.900","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system.\r\n\r\nThis vulnerability exists because the affected software does not properly validate user-supplied input during a file upload process. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected API endpoint of the affected system. A successful exploit could allow the attacker to create or overwrite any file on the underlying operating system. This file could later be used to elevate to root. To exploit this vulnerability, the attacker must have valid credentials with at least a lower-privileged, single-task user account."}],"affected":[{"source":"psirt@cisco.com","affectedData":[{"vendor":"Cisco","product":"Cisco Catalyst SD-WAN Manager","defaultStatus":"unknown","versions":[{"version":"20.1.12","status":"affected"},{"version":"19.2.1","status":"affected"},{"version":"18.4.4","status":"affected"},{"version":"18.4.5","status":"affected"},{"version":"20.1.1.1","status":"affected"},{"version":"20.1.1","status":"affected"},{"version":"19.3.0","status":"affected"},{"version":"19.2.2","status":"affected"},{"version":"19.2.099","status":"affected"},{"version":"18.3.6","status":"affected"},{"version":"18.3.7","status":"affected"},{"version":"19.2.0","status":"affected"},{"version":"18.3.8","status":"affected"},{"version":"19.0.0","status":"affected"},{"version":"19.1.0","status":"affected"},{"version":"18.4.302","status":"affected"},{"version":"18.4.303","status":"affected"},{"version":"19.2.097","status":"affected"},{"version":"19.2.098","status":"affected"},{"version":"17.2.10","status":"affected"},{"version":"18.3.6.1","status":"affected"},{"version":"19.0.1a","status":"affected"},{"version":"18.2.0","status":"affected"},{"version":"18.4.3","status":"affected"},{"version":"18.4.1","status":"affected"},{"version":"17.2.8","status":"affected"},{"version":"18.3.3.1","status":"affected"},{"version":"18.4.0","status":"affected"},{"version":"18.3.1","status":"affected"},{"version":"17.2.6","status":"affected"},{"version":"17.2.9","status":"affected"},{"version":"18.3.4","status":"affected"},{"version":"17.2.5","status":"affected"},{"version":"18.3.1.1","status":"affected"},{"version":"18.3.5","status":"affected"},{"version":"18.4.0.1","status":"affected"},{"version":"18.3.3","status":"affected"},{"version":"17.2.7","status":"affected"},{"version":"17.2.4","status":"affected"},{"version":"18.3.0","status":"affected"},{"version":"19.2.3","status":"affected"},{"version":"18.4.501_ES","status":"affected"},{"version":"20.3.1","status":"affected"},{"version":"20.1.2","status":"affected"},{"version":"19.2.929","status":"affected"},{"version":"19.2.31","status":"affected"},{"version":"20.3.2","status":"affected"},{"version":"19.2.32","status":"affected"},{"version":"20.3.2_925","status":"affected"},{"version":"20.3.2.1","status":"affected"},{"version":"20.3.2.1_927","status":"affected"},{"version":"18.4.6","status":"affected"},{"version":"20.1.2_937","status":"affected"},{"version":"20.4.1","status":"affected"},{"version":"20.3.2_928","status":"affected"},{"version":"20.3.2_929","status":"affected"},{"version":"20.4.1.0.1","status":"affected"},{"version":"20.3.2.1_930","status":"affected"},{"version":"19.2.4","status":"affected"},{"version":"20.5.0.1.1","status":"affected"},{"version":"20.4.1.1","status":"affected"},{"version":"20.3.3","status":"affected"},{"version":"19.2.4.0.1","status":"affected"},{"version":"20.3.2_937","status":"affected"},{"version":"20.3.3.1","status":"affected"},{"version":"20.5.1","status":"affected"},{"version":"20.1.3","status":"affected"},{"version":"20.3.3.0.4","status":"affected"},{"version":"20.3.3.1.2","status":"affected"},{"version":"20.3.3.1.1","status":"affected"},{"version":"20.4.1.2","status":"affected"},{"version":"20.3.3.0.2","status":"affected"},{"version":"20.4.1.1.5","status":"affected"},{"version":"20.4.1.0.01","status":"affected"},{"version":"20.4.1.0.02","status":"affected"},{"version":"20.3.3.1.7","status":"affected"},{"version":"20.3.3.1.5","status":"affected"},{"version":"20.5.1.0.1","status":"affected"},{"version":"20.3.3.1.10","status":"affected"},{"version":"20.3.3.0.8","status":"affected"},{"version":"20.4.2","status":"affected"},{"version":"20.4.2.0.1","status":"affected"},{"version":"20.3.4","status":"affected"},{"version":"20.3.3.0.14","status":"affected"},{"version":"19.2.4.0.8","status":"affected"},{"version":"19.2.4.0.9","status":"affected"},{"version":"20.3.4.0.1","status":"affected"},{"version":"20.3.2.0.5","status":"affected"},{"version":"20.6.1","status":"affected"},{"version":"20.5.1.0.2","status":"affected"},{"version":"20.3.3.0.17","status":"affected"},{"version":"20.6.1.1","status":"affected"},{"version":"20.6.0.18.3","status":"affected"},{"version":"20.3.2.0.6","status":"affected"},{"version":"20.6.0.18.4","status":"affected"},{"version":"20.4.2.0.2","status":"affected"},{"version":"20.3.3.0.16","status":"affected"},{"version":"20.3.4.0.5","status":"affected"},{"version":"20.6.1.0.1","status":"affected"},{"version":"20.3.4.0.6","status":"affected"},{"version":"20.6.2","status":"affected"},{"version":"20.7.1EFT2","status":"affected"},{"version":"20.3.4.0.9","status":"affected"},{"version":"20.3.4.0.11","status":"affected"},{"version":"20.4.2.0.4","status":"affected"},{"version":"20.3.3.0.18","status":"affected"},{"version":"20.7.1","status":"affected"},{"version":"20.6.2.1","status":"affected"},{"version":"20.3.4.1","status":"affected"},{"version":"20.5.1.1","status":"affected"},{"version":"20.4.2.1","status":"affected"},{"version":"20.4.2.1.1","status":"affected"},{"version":"20.3.4.1.1","status":"affected"},{"version":"20.3.813","status":"affected"},{"version":"20.3.4.0.19","status":"affected"},{"version":"20.4.2.2.1","status":"affected"},{"version":"20.5.1.2","status":"affected"},{"version":"20.3.4.2","status":"affected"},{"version":"20.3.814","status":"affected"},{"version":"20.4.2.2","status":"affected"},{"version":"20.6.2.2","status":"affected"},{"version":"20.3.4.2.1","status":"affected"},{"version":"20.7.1.1","status":"affected"},{"version":"20.3.4.1.2","status":"affected"},{"version":"20.6.2.2.2","status":"affected"},{"version":"20.3.4.0.20","status":"affected"},{"version":"20.6.2.2.3","status":"affected"},{"version":"20.4.2.2.2","status":"affected"},{"version":"20.3.5","status":"affected"},{"version":"20.6.2.0.4","status":"affected"},{"version":"20.4.2.2.3","status":"affected"},{"version":"20.3.4.0.24","status":"affected"},{"version":"20.6.2.2.7","status":"affected"},{"version":"20.6.3","status":"affected"},{"version":"20.3.4.2.2","status":"affected"},{"version":"20.4.2.2.4","status":"affected"},{"version":"20.7.1.0.2","status":"affected"},{"version":"20.8.1","status":"affected"},{"version":"20.3.5.0.8","status":"affected"},{"version":"20.3.5.0.9","status":"affected"},{"version":"20.4.2.2.8","status":"affected"},{"version":"20.3.5.0.7","status":"affected"},{"version":"20.6.3.0.7","status":"affected"},{"version":"20.6.3.0.5","status":"affected"},{"version":"20.6.3.0.10","status":"affected"},{"version":"20.6.3.0.2","status":"affected"},{"version":"20.7.2","status":"affected"},{"version":"20.9.1EFT2","status":"affected"},{"version":"20.6.3.0.11","status":"affected"},{"version":"20.6.3.1","status":"affected"},{"version":"20.6.3.0.14","status":"affected"},{"version":"20.6.4","status":"affected"},{"version":"20.9.1","status":"affected"},{"version":"20.6.3.0.19","status":"affected"},{"version":"20.6.3.0.18","status":"affected"},{"version":"20.3.6","status":"affected"},{"version":"20.9.1.1","status":"affected"},{"version":"20.6.3.0.23","status":"affected"},{"version":"20.6.4.0.4","status":"affected"},{"version":"20.6.3.0.25","status":"affected"},{"version":"20.6.5","status":"affected"},{"version":"20.6.3.0.27","status":"affected"},{"version":"20.9.2","status":"affected"},{"version":"20.9.2.1","status":"affected"},{"version":"20.6.3.0.29","status":"affected"},{"version":"20.6.3.0.31","status":"affected"},{"version":"20.6.3.0.32","status":"affected"},{"version":"20.10.1","status":"affected"},{"version":"20.6.3.0.33","status":"affected"},{"version":"20.9.2.0.01","status":"affected"},{"version":"20.9.1_LI_Images","status":"affected"},{"version":"20.10.1_LI_Images","status":"affected"},{"version":"20.9.2_LI_Images","status":"affected"},{"version":"20.3.7","status":"affected"},{"version":"20.9.3","status":"affected"},{"version":"20.6.5.1","status":"affected"},{"version":"20.11.1","status":"affected"},{"version":"20.11.1_LI_Images","status":"affected"},{"version":"20.9.3_LI_ Images","status":"affected"},{"version":"20.6.3.1.1","status":"affected"},{"version":"20.9.3.0.2","status":"affected"},{"version":"20.6.5.1.2","status":"affected"},{"version":"20.9.3.0.3","status":"affected"},{"version":"20.4.2.3","status":"affected"},{"version":"20.6.3.2","status":"affected"},{"version":"20.6.4.1","status":"affected"},{"version":"20.6.3.0.38","status":"affected"},{"version":"20.6.3.0.39","status":"affected"},{"version":"20.3.5.1","status":"affected"},{"version":"20.3.4.3","status":"affected"},{"version":"20.9.3.1","status":"affected"},{"version":"20.3.3.2","status":"affected"},{"version":"20.6.5.2","status":"affected"},{"version":"20.3.7.1","status":"affected"},{"version":"20.10.1.1","status":"affected"},{"version":"20.6.5.2.1","status":"affected"},{"version":"20.3.4.0.25","status":"affected"},{"version":"20.6.2.2.4","status":"affected"},{"version":"20.6.1.2","status":"affected"},{"version":"20.11.1.1","status":"affected"},{"version":"20.9.3.0.5","status":"affected"},{"version":"20.3.4.0.26","status":"affected"},{"version":"20.6.5.1.3","status":"affected"},{"version":"20.6.3.0.40","status":"affected"},{"version":"20.1.3.1","status":"affected"},{"version":"20.9.2.2","status":"affected"},{"version":"20.6.5.2.3","status":"affected"},{"version":"20.6.5.1.4","status":"affected"},{"version":"20.6.5.3","status":"affected"},{"version":"20.6.3.0.41","status":"affected"},{"version":"20.9.3.0.7","status":"affected"},{"version":"20.6.5.1.5","status":"affected"},{"version":"20.9.3.0.4","status":"affected"},{"version":"20.6.4.0.19","status":"affected"},{"version":"20.6.5.1.6","status":"affected"},{"version":"20.9.3.0.8","status":"affected"},{"version":"20.6.3.3","status":"affected"},{"version":"20.3.7.2","status":"affected"},{"version":"20.6.5.4","status":"affected"},{"version":"20.6.5.1.7","status":"affected"},{"version":"20.9.3.0.12","status":"affected"},{"version":"20.6.4.2","status":"affected"},{"version":"20.6.5.5","status":"affected"},{"version":"20.9.3.2","status":"affected"},{"version":"20.11.1.2","status":"affected"},{"version":"20.6.3.4","status":"affected"},{"version":"20.10.1.2","status":"affected"},{"version":"20.6.5.1.9","status":"affected"},{"version":"20.9.3.0.16","status":"affected"},{"version":"20.6.3.0.45","status":"affected"},{"version":"20.6.5.1.10","status":"affected"},{"version":"20.9.3.0.17","status":"affected"},{"version":"20.6.5.2.4","status":"affected"},{"version":"20.6.4.0.21","status":"affected"},{"version":"20.9.3.0.18","status":"affected"},{"version":"20.6.3.0.46","status":"affected"},{"version":"20.6.3.0.47","status":"affected"},{"version":"20.9.2.3","status":"affected"},{"version":"20.9.3.2_LI_Images","status":"affected"},{"version":"20.9.3.0.21","status":"affected"},{"version":"20.9.3.0.20","status":"affected"},{"version":"20.9.4_LI_Images","status":"affected"},{"version":"20.9.4","status":"affected"},{"version":"20.6.5.1.11","status":"affected"},{"version":"20.12.1","status":"affected"},{"version":"20.12.1_LI_Images","status":"affected"},{"version":"20.6.5.1.13","status":"affected"},{"version":"20.9.3.0.23","status":"affected"},{"version":"20.6.5.2.8","status":"affected"},{"version":"20.9.4.1","status":"affected"},{"version":"20.9.4.1_LI_Images","status":"affected"},{"version":"20.9.3.0.25","status":"affected"},{"version":"20.9.3.0.24","status":"affected"},{"version":"20.6.5.1.14","status":"affected"},{"version":"20.3.8","status":"affected"},{"version":"20.6.6","status":"affected"},{"version":"20.9.3.0.26","status":"affected"},{"version":"20.6.3.0.51","status":"affected"},{"version":"20.9.3.0.29","status":"affected"},{"version":"20.12.2","status":"affected"},{"version":"20.12.2_LI_Images","status":"affected"},{"version":"20.6.6.0.1","status":"affected"},{"version":"20.13.1_LI_Images","status":"affected"},{"version":"20.9.4.0.4","status":"affected"},{"version":"20.13.1","status":"affected"},{"version":"20.9.4.1.1","status":"affected"},{"version":"20.9.5","status":"affected"},{"version":"20.9.5_LI_Images","status":"affected"},{"version":"20.12.3_LI_Images","status":"affected"},{"version":"20.12.3","status":"affected"},{"version":"20.9.4.1.3","status":"affected"},{"version":"20.6.7","status":"affected"},{"version":"20.9.5.1","status":"affected"},{"version":"20.9.5.1_LI_Images","status":"affected"},{"version":"20.9.4.1.6","status":"affected"},{"version":"20.14.1","status":"affected"},{"version":"20.14.1_LI_Images","status":"affected"},{"version":"20.9.5.2","status":"affected"},{"version":"20.9.5.2.1","status":"affected"},{"version":"20.9.5.2_LI_Images","status":"affected"},{"version":"20.12.3.1","status":"affected"},{"version":"20.12.4","status":"affected"},{"version":"20.15.1_LI_Images","status":"affected"},{"version":"20.15.1","status":"affected"},{"version":"20.9.5.1.4","status":"affected"},{"version":"20.9.5.2.7","status":"affected"},{"version":"20.9.5.2.13","status":"affected"},{"version":"20.9.6","status":"affected"},{"version":"20.9.6_LI_Images","status":"affected"},{"version":"20.9.5.2.14","status":"affected"},{"version":"20.6.8","status":"affected"},{"version":"20.12.4.0.03","status":"affected"},{"version":"20.16.1","status":"affected"},{"version":"20.16.1_LI_Images","status":"affected"},{"version":"20.12.4_LI_Images","status":"affected"},{"version":"20.9.5.2.16","status":"affected"},{"version":"20.12.4.0.4","status":"affected"},{"version":"20.12.401","status":"affected"},{"version":"20.9.5.3","status":"affected"},{"version":"20.9.5.3_LI_Images","status":"affected"},{"version":"20.12.4.1_LI_Images","status":"affected"},{"version":"20.12.4.1","status":"affected"},{"version":"20.9.5.2.21","status":"affected"},{"version":"20.9.6.0.3","status":"affected"},{"version":"20.12.4.0.6","status":"affected"},{"version":"20.15.2_LI_Images","status":"affected"},{"version":"20.15.2","status":"affected"},{"version":"20.12.4_Monthly_ES5","status":"affected"},{"version":"20.12.5","status":"affected"},{"version":"20.12.5_LI_Images","status":"affected"},{"version":"20.9.7_LI _Images","status":"affected"},{"version":"20.9.7","status":"affected"},{"version":"20.15.3","status":"affected"},{"version":"20.15.3_ LI _Images","status":"affected"},{"version":"20.12.501","status":"affected"},{"version":"20.12.5.1_LI_Images","status":"affected"},{"version":"20.12.5.1","status":"affected"},{"version":"20.12.5.2_LI_Images","status":"affected"},{"version":"20.12.5.2","status":"affected"},{"version":"20.15.3.1","status":"affected"},{"version":"20.15.4_LI_Images","status":"affected"},{"version":"20.15.4","status":"affected"},{"version":"20.9.7.1_LI _Images","status":"affected"},{"version":"20.9.7.1","status":"affected"},{"version":"20.18.1","status":"affected"},{"version":"20.18.1_LI_Images","status":"affected"},{"version":"20.12.6_LI_Images","status":"affected"},{"version":"20.12.6","status":"affected"},{"version":"20.12.5.1.01","status":"affected"},{"version":"26.0.1","status":"affected"},{"version":"20.9.8","status":"affected"},{"version":"20.9.8_LI_Images","status":"affected"},{"version":"20.18.2","status":"affected"},{"version":"20.15.4.1_LI_Images","status":"affected"},{"version":"20.15.4.1","status":"affected"},{"version":"20.18.2_LI_Images","status":"affected"},{"version":"26.1.1","status":"affected"},{"version":"26.1.1_LI_Images","status":"affected"},{"version":"20.18.2.1_LI_Images","status":"affected"},{"version":"20.18.2.1","status":"affected"},{"version":"20.15.4.2_LI_Images","status":"affected"},{"version":"20.15.4.2","status":"affected"},{"version":"20.12.6.1","status":"affected"},{"version":"20.12.6.1_LI_Images","status":"affected"},{"version":"20.12.5.3","status":"affected"},{"version":"20.12.5.3_LI_Images","status":"affected"},{"version":"20.9.8.2_LI_Images","status":"affected"},{"version":"20.9.8.2","status":"affected"},{"version":"20.18.3","status":"affected"},{"version":"20.18.3_LI_Images","status":"affected"},{"version":"20.15.5","status":"affected"},{"version":"20.15.5_LI_Images","status":"affected"},{"version":"20.12.7","status":"affected"},{"version":"20.12.7_LI_Images","status":"affected"},{"version":"20.9.9","status":"affected"},{"version":"20.9.9_LI_Images","status":"affected"},{"version":"20.18.2.2","status":"affected"},{"version":"20.18.2.2_LI_Images","status":"affected"},{"version":"20.12.5.4","status":"affected"},{"version":"20.12.5.4_LI_ Images","status":"affected"},{"version":"20.12.7.1_LI_Images","status":"affected"},{"version":"20.12.6.2_LI_Images","status":"affected"},{"version":"20.12.7.1","status":"affected"},{"version":"20.15.5.1","status":"affected"},{"version":"20.15.4.3","status":"affected"},{"version":"20.15.4.3_LI_Images","status":"affected"},{"version":"20.15.5.1_LI_Images","status":"affected"},{"version":"20.12.6.2","status":"affected"},{"version":"20.15.5.2","status":"affected"},{"version":"20.15.5.2_LI_Images","status":"affected"},{"version":"26.1.1.1_LI_Images","status":"affected"},{"version":"20.15.4.4","status":"affected"},{"version":"20.15.4.4_LI_Images","status":"affected"},{"version":"26.1.1.1","status":"affected"},{"version":"20.9.9.1_LI_Images","status":"affected"},{"version":"20.9.9.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-15T00:00:00+00:00","id":"CVE-2026-20262","options":[{"exploitation":"active"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"cisaExploitAdd":"2026-06-15","cisaActionDue":"2026-06-29","cisaRequiredAction":"Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.","cisaVulnerabilityName":"Cisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerability","weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"20.9.9.2","matchCriteriaId":"FF1A1919-D28E-4742-BB03-D3F215A0274D"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"20.10","versionEndExcluding":"20.12.7.2","matchCriteriaId":"07958878-5A93-4EE9-91C8-C8271A40CF09"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"20.13","versionEndExcluding":"20.15.4.5","matchCriteriaId":"8834BCEE-821C-4ADD-903E-F285D862F8A0"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"20.15.5","versionEndExcluding":"20.15.5.3","matchCriteriaId":"931728D6-C3F9-4305-84A5-F3910B4D0A24"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"20.16","versionEndExcluding":"20.18.3.1","matchCriteriaId":"65C69D4B-69CF-4001-82EB-10B12BF4A5EB"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"26.1","versionEndExcluding":"26.1.1.2","matchCriteriaId":"5BB1F997-DD81-45C8-B9FE-208A06259D72"}]}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-arbfw-c2rZvQ","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20262","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}},{"cve":{"id":"CVE-2025-55652","sourceIdentifier":"cve@mitre.org","published":"2026-06-15T20:16:24.137","lastModified":"2026-06-17T16:36:03.550","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A heap buffer overflow in the gf_isom_vp_config_new function (isomedia/avc_ext.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-15T20:18:11.945221Z","id":"CVE-2025-55652","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gpac:gpac:*:*:*:*:*:*:*:*","versionEndExcluding":"26.02.0","matchCriteriaId":"513BC555-5B1C-4AD7-9365-6F9CABA82F35"}]}]}],"references":[{"url":"https://infosec.exchange/@sigdevel/116736829161374790","source":"cve@mitre.org","tags":["Exploit","Mitigation","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/06/13/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2025-55660","sourceIdentifier":"cve@mitre.org","published":"2026-06-15T20:16:24.250","lastModified":"2026-06-17T16:35:53.857","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A stack overflow in the gf_opus_read_length function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-15T20:19:58.236012Z","id":"CVE-2025-55660","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gpac:gpac:*:*:*:*:*:*:*:*","versionEndExcluding":"26.02.0","matchCriteriaId":"513BC555-5B1C-4AD7-9365-6F9CABA82F35"}]}]}],"references":[{"url":"https://infosec.exchange/@sigdevel/116733892068649310","source":"cve@mitre.org","tags":["Exploit","Mitigation","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/06/13/15","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2025-55661","sourceIdentifier":"cve@mitre.org","published":"2026-06-15T20:16:24.360","lastModified":"2026-06-17T16:35:49.230","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A heap buffer overflow in the Opus audio stream parser component of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-15T20:20:41.248198Z","id":"CVE-2025-55661","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gpac:gpac:*:*:*:*:*:*:*:*","versionEndExcluding":"26.02.0","matchCriteriaId":"513BC555-5B1C-4AD7-9365-6F9CABA82F35"}]}]}],"references":[{"url":"https://infosec.exchange/@sigdevel/116733907390103029","source":"cve@mitre.org","tags":["Exploit","Mitigation","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/06/13/13","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2025-55663","sourceIdentifier":"cve@mitre.org","published":"2026-06-15T20:16:24.477","lastModified":"2026-06-17T16:35:44.607","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A segmentation violation in the Track_SetStreamDescriptor function (isomedia/track.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-15T20:21:54.218929Z","id":"CVE-2025-55663","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gpac:gpac:*:*:*:*:*:*:*:*","versionEndExcluding":"26.02.0","matchCriteriaId":"513BC555-5B1C-4AD7-9365-6F9CABA82F35"}]}]}],"references":[{"url":"https://infosec.exchange/@sigdevel/116733899601128471","source":"cve@mitre.org","tags":["Exploit","Mitigation","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/06/13/14","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-30120","sourceIdentifier":"cve@mitre.org","published":"2026-06-15T20:16:25.457","lastModified":"2026-06-17T16:33:42.527","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"remotion-dev remotion v4.0.409 was discovered to contain a remote code execution (RCE) vulnerability."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T13:11:45.666550Z","id":"CVE-2026-30120","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:remotion:remotion:4.0.409:*:*:*:*:*:*:*","matchCriteriaId":"63D78AFA-CAE2-40BF-ABFB-D31E508C3488"}]}]}],"references":[{"url":"https://github.com/EaEa0001/security-advisories/blob/main/CVE-2026-30120.md","source":"cve@mitre.org","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-30121","sourceIdentifier":"cve@mitre.org","published":"2026-06-15T20:16:25.570","lastModified":"2026-06-17T16:10:58.210","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"remotion-dev remotion v4.0.409 was discovered to contain an arbitrary file write vulnerability."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T13:13:05.926678Z","id":"CVE-2026-30121","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-123"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:remotion:remotion:4.0.409:*:*:*:*:*:*:*","matchCriteriaId":"63D78AFA-CAE2-40BF-ABFB-D31E508C3488"}]}]}],"references":[{"url":"https://github.com/EaEa0001/security-advisories/blob/main/CVE-2026-30121.md","source":"cve@mitre.org","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-41708","sourceIdentifier":"security@vmware.com","published":"2026-06-15T20:16:27.940","lastModified":"2026-06-17T16:28:17.350","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In Spring Cloud Sleuth, it is possible for a user to provide specially crafted calls that may cause a denial-of-service (DoS) condition. The application is vulnerable when it uses a vulnerable version of org.springframework.cloud:spring-cloud-sleuth-instrumentation and Spring TX instrumentation is not disabled.\n\nAffected versions:\nSpring Cloud Sleuth 3.1.0 through 3.1.13."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring Cloud Sleuth","defaultStatus":"unaffected","versions":[{"version":"3.1.0","lessThan":"3.1.14","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-15T20:06:15.787096Z","id":"CVE-2026-41708","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:spring_cloud_sleuth:*:*:*:*:*:*:*:*","versionStartIncluding":"3.1.0","versionEndExcluding":"3.1.14","matchCriteriaId":"A0A05198-3BD0-4512-A353-F1E0020CFA42"}]}]}],"references":[{"url":"https://spring.io/security/cve-2026-41708","source":"security@vmware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-45389","sourceIdentifier":"cve@mitre.org","published":"2026-06-15T20:16:28.470","lastModified":"2026-06-17T17:17:00.317","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"In OCaml-TLS before 2.1.0, the server implementation does insufficient checks of the certificate provided by the client (when doing client authentication), which allows impersonation with certificates that are not meant for client authentication (because of KeyUsage and ExtendedKeyUsage)."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:52:31.205069Z","id":"CVE-2026-45389","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-295"}]}],"references":[{"url":"https://osv.dev/vulnerability/OSEC-2026-07","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-47835","sourceIdentifier":"security@vmware.com","published":"2026-06-15T20:16:28.840","lastModified":"2026-06-17T16:30:50.553","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected components: spring-ai-elasticsearch-store, spring-ai-opensearch-store, spring-ai-gemfire-store.\n\nAffected versions:\nSpring AI 1.0.0 through 1.0.x (fix 1.0.9).\nSpring AI 1.1.0 through 1.1.x (fix 1.1.8)."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring AI","defaultStatus":"unaffected","versions":[{"version":"1.0.0","lessThan":"1.0.9","versionType":"custom","status":"affected"},{"version":"1.1.0","lessThan":"1.1.8","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-15T20:06:42.477274Z","id":"CVE-2026-47835","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-943"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_ai:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0","versionEndExcluding":"1.0.9","matchCriteriaId":"AC2214CE-3686-4C4D-BC88-22B2310E313E"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_ai:*:*:*:*:*:*:*:*","versionStartIncluding":"1.1.0","versionEndExcluding":"1.1.8","matchCriteriaId":"B4EBF30F-ADE0-47D0-A20D-0F917EEC16C7"}]}]}],"references":[{"url":"https://spring.io/security/cve-2026-47835","source":"security@vmware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-50889","sourceIdentifier":"cve@mitre.org","published":"2026-06-15T20:16:31.897","lastModified":"2026-06-17T16:44:07.257","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An input handling flaw in the HTTP refresh token process of LLDAP v0.6.2 allows attackers to cause a Denial of Service (DoS) via sending a crafted refresh-token header."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T15:05:50.448585Z","id":"CVE-2026-50889","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:lldap:lldap:0.6.2:*:*:*:*:*:*:*","matchCriteriaId":"CB4B3E96-C204-456A-8912-6B2A129A0FFF"}]}]}],"references":[{"url":"https://gist.github.com/pyuysig/41937c47514ff63d66a3be98ab8e8a7d","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://gist.github.com/pyuysig/41937c47514ff63d66a3be98ab8e8a7d","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-47261","sourceIdentifier":"security-advisories@github.com","published":"2026-06-15T21:17:11.153","lastModified":"2026-06-17T16:42:08.350","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Wasmtime is a runtime for WebAssembly. In versions prior to 24.0.9, 36.0.10, and 44.0.2, when a filesystem preopen is given DirPerms::all() and FilePerms::READ without FilePerms::WRITE, this access control mechanism can be bypassed via the wasip2 descriptor.open-at or wasip1 path_open interfaces by opening a file with only the OpenFlags::TRUNCATE oflag. The root cause is that the clause handling OpenFlags::TRUNCATE in crates/wasi/src/filesystem.rs (Dir::open_at, lines 967–969) did not set open_mode |= OpenMode::WRITE;, which is later used for the access control check against FilePerms to determine whether opening the file is permitted; the single-line fix adds that missing assignment, after which the affected calls correctly fail with error-code.not-permitted and ERRNO_PERM respectively. Only wasmtime-wasi embeddings that combine DirPerms::MUTATE with FilePerms::READ are affected by this bug. In particular, the Wasmtime project's wasmtime-cli's use of wasmtime-wasi is not affected, because it always sets FilePerms::all() for all preopens. This issue has been fixed in versions 24.0.9, 36.0.10 and44.0.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"bytecodealliance","product":"wasmtime","versions":[{"version":">= 37.0.0, < 44.0.2","status":"affected"},{"version":">= 25.0.0, < 36.0.10","status":"affected"},{"version":"< 24.0.9","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T12:45:55.792446Z","id":"CVE-2026-47261","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:bytecodealliance:wasmtime:*:*:*:*:*:rust:*:*","versionEndExcluding":"24.0.9","matchCriteriaId":"E199A623-C250-4390-88C5-3D3567BE2A3F"},{"vulnerable":true,"criteria":"cpe:2.3:a:bytecodealliance:wasmtime:*:*:*:*:*:rust:*:*","versionStartIncluding":"25.0.0","versionEndExcluding":"36.0.10","matchCriteriaId":"C92872A6-C672-43D5-98AB-BB9E5A9D10A5"},{"vulnerable":true,"criteria":"cpe:2.3:a:bytecodealliance:wasmtime:*:*:*:*:*:rust:*:*","versionStartIncluding":"37.0.0","versionEndExcluding":"44.0.2","matchCriteriaId":"31F391A3-BB50-4827-A6F3-59175BBEB1FD"}]}]}],"references":[{"url":"https://github.com/bytecodealliance/wasmtime/releases/tag/v24.0.9","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/bytecodealliance/wasmtime/releases/tag/v36.0.10","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/bytecodealliance/wasmtime/releases/tag/v44.0.2","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/bytecodealliance/wasmtime/releases/tag/v45.0.0","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-2r75-cxrj-cmph","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48017","sourceIdentifier":"security-advisories@github.com","published":"2026-06-15T22:16:16.937","lastModified":"2026-06-17T13:20:42.147","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"DbGate is cross-platform database manager. In versions 7.1.8 and prior, the POST /runners/load-reader endpoint in DbGate accepts a functionName parameter that is directly interpolated into a JavaScript code template without any sanitization or validation. An authenticated user (with basic access, no special permissions required) can inject arbitrary JavaScript code that executes on the server with full process privileges, bypassing the require=null sandbox restriction. An authenticated user with basic access (no admin role, no run-shell-script permission required) can: execute arbitrary OS commands on the DbGate server with the privileges of the Node.js process, read/write any file accessible to the process, pivot to connected databases by reading connection credentials from DbGate's storage, and compromise the host system - in Docker deployments, this typically means root access within the container."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"dbgate","product":"dbgate","versions":[{"version":"< 7.1.9","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T00:00:00+00:00","id":"CVE-2026-48017","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/dbgate/dbgate/releases/tag/v7.1.9","source":"security-advisories@github.com"},{"url":"https://github.com/dbgate/dbgate/security/advisories/GHSA-hv83-ggc4-v385","source":"security-advisories@github.com"},{"url":"https://github.com/dbgate/dbgate/security/advisories/GHSA-hv83-ggc4-v385","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-48713","sourceIdentifier":"security-advisories@github.com","published":"2026-06-15T22:16:17.397","lastModified":"2026-06-17T16:39:45.360","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Versions prior to 2.6.6 are vulnerable to prototype pollution via crafted missing-key strings when used to persist missing translation keys (e.g. via i18next-http-middleware's missingKeyHandler exposed to untrusted input). Backend.writeFile() splits each queued missing-key string on the configured keySeparator (default .) before calling the internal setPath() walker. The walker (getLastOfPath in lib/utils.js) did not guard against unsafe segments, so a key like \"__proto__.polluted\" was split into [\"__proto__\", \"polluted\"] and walked straight into Object.prototype, allowing an attacker to write arbitrary properties onto the global object prototype. Depending on the host application, polluted prototype properties may cause crashes, corrupted translation behaviour, configuration poisoning, or bypasses of property-based security checks. Applications are affected only if the missingKeyHandler (or another route that forwards untrusted request bodies to i18next.t(..., { ... }) with saveMissing: true) is reachable by untrusted users and the default behaviour of splitting missing-key strings on keySeparator is in use (i.e. keySeparator is not false). Apps that do not expose missing-key persistence to untrusted input are not directly affected through this attack path. This issue has been fixed in version 2.6.6. If developers using the library are unable to upgrade immediately, they should take the following precautions: do not expose i18next-http-middleware's missingKeyHandler to untrusted users (mount it behind authentication, or remove the route), disable missing-key persistence (saveMissing: false, or no backend.create implementation) when accepting writes from untrusted input, and set keySeparator: false in their i18next options to disable backend key splitting (note: this also disables nested translation keys)."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"i18next","product":"i18next-fs-backend","versions":[{"version":"< 2.6.6","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T12:49:11.525388Z","id":"CVE-2026-48713","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1321"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:i18next:i18next-fs-backend:*:*:*:*:*:node.js:*:*","versionEndExcluding":"2.6.6","matchCriteriaId":"231766DC-5AE8-42B2-886B-3536F229B128"}]}]}],"references":[{"url":"https://github.com/i18next/i18next-fs-backend/commit/3ab0448087da6935a40117f904b7457281f963f4","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/i18next/i18next-fs-backend/security/advisories/GHSA-2933-q333-qg83","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-12302","sourceIdentifier":"security@mozilla.org","published":"2026-06-16T13:16:30.460","lastModified":"2026-06-17T15:57:58.420","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12."}],"affected":[{"source":"security@mozilla.org","affectedData":[{"vendor":"Mozilla","product":"Firefox","versions":[{"version":"115.37","lessThanOrEqual":"115.*","versionType":"rpm","status":"unaffected"},{"version":"140.12","lessThanOrEqual":"140.*","versionType":"rpm","status":"unaffected"},{"version":"152","lessThanOrEqual":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Mozilla","product":"Thunderbird","versions":[{"version":"140.12","lessThanOrEqual":"140.*","versionType":"rpm","status":"unaffected"},{"version":"152","lessThanOrEqual":"*","versionType":"rpm","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T17:30:14.187035Z","id":"CVE-2026-12302","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-693"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*","versionEndExcluding":"140.12.0","matchCriteriaId":"8FD731FB-146D-4A0A-83A3-63D926F4E653"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*","versionEndExcluding":"152.0.0","matchCriteriaId":"26C07C15-4B40-4068-A2F1-BE3E597D14B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*","versionEndExcluding":"140.12.0","matchCriteriaId":"767E6445-0CE7-46B5-A02B-EC06D37E45F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*","versionEndExcluding":"152.0.0","matchCriteriaId":"77D88ED0-AABD-4312-98B8-3D4B70226577"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2034489","source":"security@mozilla.org","tags":["Permissions Required"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-57/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-58/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-59/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-60/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-61/","source":"security@mozilla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-12304","sourceIdentifier":"security@mozilla.org","published":"2026-06-16T13:16:30.643","lastModified":"2026-06-17T15:12:45.233","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Same-origin policy bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12."}],"affected":[{"source":"security@mozilla.org","affectedData":[{"vendor":"Mozilla","product":"Firefox","versions":[{"version":"140.12","lessThanOrEqual":"140.*","versionType":"rpm","status":"unaffected"},{"version":"152","lessThanOrEqual":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Mozilla","product":"Thunderbird","versions":[{"version":"140.12","lessThanOrEqual":"140.*","versionType":"rpm","status":"unaffected"},{"version":"152","lessThanOrEqual":"*","versionType":"rpm","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T18:50:40.397101Z","id":"CVE-2026-12304","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-346"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*","versionEndExcluding":"140.12.0","matchCriteriaId":"8FD731FB-146D-4A0A-83A3-63D926F4E653"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*","versionEndExcluding":"152.0.0","matchCriteriaId":"26C07C15-4B40-4068-A2F1-BE3E597D14B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*","versionEndExcluding":"140.12.0","matchCriteriaId":"767E6445-0CE7-46B5-A02B-EC06D37E45F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*","versionEndExcluding":"152.0.0","matchCriteriaId":"77D88ED0-AABD-4312-98B8-3D4B70226577"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2034944","source":"security@mozilla.org","tags":["Permissions Required"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-57/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-58/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-60/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-61/","source":"security@mozilla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-12315","sourceIdentifier":"security@mozilla.org","published":"2026-06-16T13:16:32.147","lastModified":"2026-06-17T15:59:59.850","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12."}],"affected":[{"source":"security@mozilla.org","affectedData":[{"vendor":"Mozilla","product":"Firefox","versions":[{"version":"140.12","lessThanOrEqual":"140.*","versionType":"rpm","status":"unaffected"},{"version":"152","lessThanOrEqual":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Mozilla","product":"Thunderbird","versions":[{"version":"140.12","lessThanOrEqual":"140.*","versionType":"rpm","status":"unaffected"},{"version":"152","lessThanOrEqual":"*","versionType":"rpm","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T18:26:06.778047Z","id":"CVE-2026-12315","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-693"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*","versionEndExcluding":"140.12.0","matchCriteriaId":"8FD731FB-146D-4A0A-83A3-63D926F4E653"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*","versionEndExcluding":"152.0.0","matchCriteriaId":"26C07C15-4B40-4068-A2F1-BE3E597D14B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*","versionEndExcluding":"140.12.0","matchCriteriaId":"767E6445-0CE7-46B5-A02B-EC06D37E45F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*","versionEndExcluding":"152.0.0","matchCriteriaId":"77D88ED0-AABD-4312-98B8-3D4B70226577"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2042058","source":"security@mozilla.org","tags":["Permissions Required"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-57/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-58/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-60/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-61/","source":"security@mozilla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-12316","sourceIdentifier":"security@mozilla.org","published":"2026-06-16T13:16:32.257","lastModified":"2026-06-17T16:17:30.370","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152 and Thunderbird 152."}],"affected":[{"source":"security@mozilla.org","affectedData":[{"vendor":"Mozilla","product":"Firefox","versions":[{"version":"152","lessThanOrEqual":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Mozilla","product":"Thunderbird","versions":[{"version":"152","lessThanOrEqual":"*","versionType":"rpm","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T18:24:37.486383Z","id":"CVE-2026-12316","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-693"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*","versionEndExcluding":"152.0.0","matchCriteriaId":"26C07C15-4B40-4068-A2F1-BE3E597D14B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*","versionEndExcluding":"152.0.0","matchCriteriaId":"77D88ED0-AABD-4312-98B8-3D4B70226577"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2045496","source":"security@mozilla.org","tags":["Permissions Required"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-57/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-60/","source":"security@mozilla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-12318","sourceIdentifier":"security@mozilla.org","published":"2026-06-16T13:16:32.463","lastModified":"2026-06-17T14:26:49.533","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 152 and Thunderbird 152."}],"affected":[{"source":"security@mozilla.org","affectedData":[{"vendor":"Mozilla","product":"Firefox","versions":[{"version":"152","lessThanOrEqual":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Mozilla","product":"Thunderbird","versions":[{"version":"152","lessThanOrEqual":"*","versionType":"rpm","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T18:04:22.429929Z","id":"CVE-2026-12318","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*","versionEndExcluding":"152.0.0","matchCriteriaId":"26C07C15-4B40-4068-A2F1-BE3E597D14B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*","versionEndExcluding":"152.0.0","matchCriteriaId":"77D88ED0-AABD-4312-98B8-3D4B70226577"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2023478","source":"security@mozilla.org","tags":["Permissions Required"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-57/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-60/","source":"security@mozilla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-12324","sourceIdentifier":"security@mozilla.org","published":"2026-06-16T13:16:33.153","lastModified":"2026-06-17T15:59:20.870","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12."}],"affected":[{"source":"security@mozilla.org","affectedData":[{"vendor":"Mozilla","product":"Firefox","versions":[{"version":"140.12","lessThanOrEqual":"140.*","versionType":"rpm","status":"unaffected"},{"version":"152","lessThanOrEqual":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Mozilla","product":"Thunderbird","versions":[{"version":"140.12","lessThanOrEqual":"140.*","versionType":"rpm","status":"unaffected"},{"version":"152","lessThanOrEqual":"*","versionType":"rpm","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T16:11:28.026841Z","id":"CVE-2026-12324","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-703"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*","versionEndExcluding":"140.12.0","matchCriteriaId":"8FD731FB-146D-4A0A-83A3-63D926F4E653"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*","versionEndExcluding":"152.0.0","matchCriteriaId":"26C07C15-4B40-4068-A2F1-BE3E597D14B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*","versionEndExcluding":"140.12.0","matchCriteriaId":"767E6445-0CE7-46B5-A02B-EC06D37E45F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*","versionEndExcluding":"152.0.0","matchCriteriaId":"77D88ED0-AABD-4312-98B8-3D4B70226577"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2038444","source":"security@mozilla.org","tags":["Permissions Required"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-57/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-58/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-60/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-61/","source":"security@mozilla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-12325","sourceIdentifier":"security@mozilla.org","published":"2026-06-16T13:16:33.267","lastModified":"2026-06-17T18:32:34.150","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Denial-of-service in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12."}],"affected":[{"source":"security@mozilla.org","affectedData":[{"vendor":"Mozilla","product":"Firefox","versions":[{"version":"115.37","lessThanOrEqual":"115.*","versionType":"rpm","status":"unaffected"},{"version":"140.12","lessThanOrEqual":"140.*","versionType":"rpm","status":"unaffected"},{"version":"152","lessThanOrEqual":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Mozilla","product":"Thunderbird","versions":[{"version":"140.12","lessThanOrEqual":"140.*","versionType":"rpm","status":"unaffected"},{"version":"152","lessThanOrEqual":"*","versionType":"rpm","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T14:44:54.039699Z","id":"CVE-2026-12325","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*","versionEndExcluding":"115.37.0","matchCriteriaId":"60E86F4A-420C-4F69-8081-79D1F64411C7"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*","versionEndExcluding":"152.0.0","matchCriteriaId":"26C07C15-4B40-4068-A2F1-BE3E597D14B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*","versionStartIncluding":"140.0","versionEndExcluding":"140.12.0","matchCriteriaId":"E539846C-B1B9-41D9-A589-F46AEF0BFCD6"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*","versionEndExcluding":"152.0.0","matchCriteriaId":"77D88ED0-AABD-4312-98B8-3D4B70226577"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*","versionStartIncluding":"140.0","versionEndExcluding":"140.12.0","matchCriteriaId":"8CDF58C2-CD62-4DAB-9B1C-B48CE10FB31C"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2039443","source":"security@mozilla.org","tags":["Permissions Required"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-57/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-58/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-59/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-60/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-61/","source":"security@mozilla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-12327","sourceIdentifier":"security@mozilla.org","published":"2026-06-16T13:16:33.473","lastModified":"2026-06-17T16:15:54.757","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12."}],"affected":[{"source":"security@mozilla.org","affectedData":[{"vendor":"Mozilla","product":"Firefox","versions":[{"version":"140.12","lessThanOrEqual":"140.*","versionType":"rpm","status":"unaffected"},{"version":"152","lessThanOrEqual":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Mozilla","product":"Thunderbird","versions":[{"version":"140.12","lessThanOrEqual":"140.*","versionType":"rpm","status":"unaffected"},{"version":"152","lessThanOrEqual":"*","versionType":"rpm","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T03:55:51.877514Z","id":"CVE-2026-12327","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*","versionEndExcluding":"115.37.0","matchCriteriaId":"60E86F4A-420C-4F69-8081-79D1F64411C7"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*","versionEndExcluding":"152.0.0","matchCriteriaId":"26C07C15-4B40-4068-A2F1-BE3E597D14B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*","versionStartIncluding":"140.0","versionEndExcluding":"140.12.0","matchCriteriaId":"E539846C-B1B9-41D9-A589-F46AEF0BFCD6"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*","versionEndExcluding":"152.0.0","matchCriteriaId":"77D88ED0-AABD-4312-98B8-3D4B70226577"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*","versionStartIncluding":"140.0","versionEndExcluding":"140.12.0","matchCriteriaId":"8CDF58C2-CD62-4DAB-9B1C-B48CE10FB31C"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=2011842%2C2023902%2C2025512%2C2027312%2C2029444%2C2036571%2C2036900%2C2036936%2C2037995%2C2038551%2C2040717%2C2042724","source":"security@mozilla.org","tags":["Broken Link"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-57/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-58/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-60/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-61/","source":"security@mozilla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-53899","sourceIdentifier":"security@mozilla.org","published":"2026-06-16T13:16:37.420","lastModified":"2026-06-17T16:36:48.167","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Firefox for iOS used partial domain matching when attaching cookies to PDF requests, allowing a malicious site on a suffix domain to receive cookies belonging to the target site. This vulnerability was fixed in Firefox for iOS 152.0."}],"affected":[{"source":"security@mozilla.org","affectedData":[{"vendor":"Mozilla","product":"Firefox for iOS","versions":[{"version":"152.0","lessThanOrEqual":"*","versionType":"rpm","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T15:44:07.462912Z","id":"CVE-2026-53899","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-345"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox_mobile:*:*:*:*:*:iphone_os:*:*","versionEndExcluding":"152.0","matchCriteriaId":"2E49CF28-1415-4163-B986-E0A26CDB2864"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2042909","source":"security@mozilla.org","tags":["Permissions Required"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-56/","source":"security@mozilla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-53900","sourceIdentifier":"security@mozilla.org","published":"2026-06-16T13:16:37.517","lastModified":"2026-06-17T16:31:19.253","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Firefox for iOS preserved cookies set on the initial PDF request across cross-origin HTTP redirects in TemporaryDocument, allowing a malicious site to inject arbitrary cookies into requests to an unrelated target domain. This vulnerability was fixed in Firefox for iOS 152.0."}],"affected":[{"source":"security@mozilla.org","affectedData":[{"vendor":"Mozilla","product":"Firefox for iOS","versions":[{"version":"152.0","lessThanOrEqual":"*","versionType":"rpm","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T14:37:25.312079Z","id":"CVE-2026-53900","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-345"},{"lang":"en","value":"CWE-384"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox_mobile:*:*:*:*:*:iphone_os:*:*","versionEndExcluding":"152.0","matchCriteriaId":"2E49CF28-1415-4163-B986-E0A26CDB2864"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2043204","source":"security@mozilla.org","tags":["Permissions Required"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-56/","source":"security@mozilla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2024-22447","sourceIdentifier":"security_alert@emc.com","published":"2026-06-16T15:16:31.633","lastModified":"2026-06-17T18:37:18.293","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Dell Peripheral Manager, versions prior to 1.7.3, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious dll., leading to arbitrary code execution."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"Peripheral Manager","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.7.3 or later","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T00:00:00+00:00","id":"CVE-2024-22447","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-427"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dell:peripheral_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"1.7.3","matchCriteriaId":"A79FB173-4806-46BD-B127-AD74F7DC8373"}]}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000221413/dsa-2024-055-security-update-for-dell-peripheral-manager-uncontrolled-search-path-element-vulnerabilities?lang=en","source":"security_alert@emc.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48780","sourceIdentifier":"security-advisories@github.com","published":"2026-06-16T15:16:41.640","lastModified":"2026-06-17T14:17:56.423","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Forem is open source software for building communities. Prior to commit a2ab6d4, a maliciously crafted email address could allow an attacker to bypass domain allowlist or denylist restrictions and gain access to invite-only forem deployments. The issue is patched as of `a2ab6d4`. As a workaround, some SMTP servers and email delivery providers may drop or refuse to send maliciously crafted email addresses."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"forem","product":"forem","versions":[{"version":"< a2ab6d4","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T13:49:19.212215Z","id":"CVE-2026-48780","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://github.com/forem/forem/commit/a2ab6d409d2676eb0711ecbd737192043125b437","source":"security-advisories@github.com"},{"url":"https://github.com/forem/forem/security/advisories/GHSA-3g4h-9h37-mpx6","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2024-24909","sourceIdentifier":"security_alert@emc.com","published":"2026-06-16T17:16:28.303","lastModified":"2026-06-17T13:19:11.130","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Dell OpenManage Integration with Microsoft Windows Admin Center contains a Remote Code Execution vulnerability in the gateway plugin. A remote authenticated user could potentially exploit this vulnerability to escalate privileges. The malicious user may gain the ability to run arbitrary code remotely. This is a high severity vulnerability so Dell recommends customers to upgrade at the earliest opportunity."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"OpenManage","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"3.2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T03:55:56.359410Z","id":"CVE-2024-24909","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-77"}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000222075/dsa-2024-084-security-update-for-dell-openmanage-integration-with-microsoft-windows-admin-center?lang=en","source":"security_alert@emc.com"}]}},{"cve":{"id":"CVE-2026-24155","sourceIdentifier":"psirt@nvidia.com","published":"2026-06-16T17:16:39.440","lastModified":"2026-06-17T13:20:10.417","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering."}],"affected":[{"source":"psirt@nvidia.com","affectedData":[{"vendor":"NVIDIA","product":"NeMo Framework","defaultStatus":"unaffected","platforms":["All platforms"],"versions":[{"version":"Versions 0.0 to 2.7.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@nvidia.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T00:00:00+00:00","id":"CVE-2026-24155","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@nvidia.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nvidia:nemo:*:*:*:*:*:*:*:*","versionEndExcluding":"2.7.3","matchCriteriaId":"84801C7C-6EF0-42DB-A099-EFDB62A7895D"}]}]}],"references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24155","source":"psirt@nvidia.com","tags":["US Government Resource"]},{"url":"https://nvidia.custhelp.com/app/answers/detail/a_id/5839","source":"psirt@nvidia.com","tags":["Vendor Advisory"]},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-24155","source":"psirt@nvidia.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-24228","sourceIdentifier":"psirt@nvidia.com","published":"2026-06-16T17:16:39.590","lastModified":"2026-06-17T13:20:10.550","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"NVIDIA NeMo Framework for Linux contains a vulnerability where an attacker may cause deserialization of untrusted data. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, data tampering, and information disclosure."}],"affected":[{"source":"psirt@nvidia.com","affectedData":[{"vendor":"NVIDIA","product":"NeMo Framework","defaultStatus":"unaffected","platforms":["All platforms"],"versions":[{"version":"Versions 0.0 to 2.7.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@nvidia.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T00:00:00+00:00","id":"CVE-2026-24228","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@nvidia.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nvidia:nemo:*:*:*:*:*:*:*:*","versionEndExcluding":"2.7.3","matchCriteriaId":"84801C7C-6EF0-42DB-A099-EFDB62A7895D"}]}]}],"references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24228","source":"psirt@nvidia.com","tags":["US Government Resource"]},{"url":"https://nvidia.custhelp.com/app/answers/detail/a_id/5839","source":"psirt@nvidia.com","tags":["Vendor Advisory"]},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-24228","source":"psirt@nvidia.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-10748","sourceIdentifier":"103e4ec9-0a87-450b-af77-479448ddef11","published":"2026-06-16T19:16:30.607","lastModified":"2026-06-17T13:19:32.280","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An authenticated user with the nx-licensing-create privilege can upload a specially crafted license file to execute arbitrary operating system commands as the Nexus process user in Sonatype Nexus Repository 3 versions before 3.92.0."}],"affected":[{"source":"103e4ec9-0a87-450b-af77-479448ddef11","affectedData":[{"vendor":"Sonatype","product":"Nexus Repository","defaultStatus":"unaffected","cpes":["cpe:2.3:a:sonatype:nexus_repository_manager:3.0.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.0.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.0.2:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.1.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.2.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.2.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.3.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.3.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.3.2:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.4.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.5.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.5.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.5.2:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.6.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.6.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.6.2:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.7.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.7.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.8.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.9.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.10.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.11.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.12.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.12.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.13.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.14.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.15.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.15.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.15.2:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.16.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.16.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.16.2:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.17.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.18.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.18.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.19.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.19.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.20.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.20.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.21.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.21.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.21.2:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.22.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.22.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.23.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.24.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.25.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.25.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.26.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.26.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.27.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.28.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.28.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.29.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.29.2:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.30.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.30.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.31.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.31.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.32.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.32.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.33.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.33.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.34.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.34.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.35.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.36.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.37.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.37.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.37.2:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.37.3:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.38.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.38.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.39.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.40.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.40.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.41.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.41.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.42.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.43.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.44.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.45.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.45.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.46.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.47.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.47.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.48.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.49.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.50.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.51.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.52.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.53.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.53.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.54.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.54.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.55.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.56.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.57.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.57.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.58.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.58.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.59.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.60.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.61.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.62.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.63.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.64.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.65.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.66.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.67.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.67.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.68.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.68.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.69.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.70.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.70.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.70.2:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.70.3:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.70.4:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.70.5:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.71.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.72.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.73.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.74.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.75.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.75.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.76.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.76.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.77.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.78.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.78.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.79.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.80.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.81.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.82.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.83.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.83.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.83.2:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.84.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.84.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.84.2:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.85.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.85.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.86.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.86.2:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.86.3:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.87.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.87.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.87.2:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.88.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.89.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.89.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.90.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.90.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.90.2:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.90.3:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.91.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.91.1:*:*:*:*:*:*:*"],"versions":[{"version":"3.0.0","lessThan":"3.92.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"103e4ec9-0a87-450b-af77-479448ddef11","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T00:00:00+00:00","id":"CVE-2026-10748","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"103e4ec9-0a87-450b-af77-479448ddef11","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://help.sonatype.com/en/sonatype-nexus-repository-3-92-0-release-notes.html","source":"103e4ec9-0a87-450b-af77-479448ddef11"},{"url":"https://support.sonatype.com/hc/en-us/articles/52335766035603","source":"103e4ec9-0a87-450b-af77-479448ddef11"}]}},{"cve":{"id":"CVE-2026-53840","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-16T19:17:00.863","lastModified":"2026-06-17T20:31:29.327","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OpenClaw before 2026.5.12 contains an information disclosure vulnerability in streamable-http MCP servers that forwards operator-configured custom headers during cross-origin redirects. Attackers controlling or compromising an MCP endpoint can redirect requests to exfiltrate sensitive headers like API keys or tenant-routing credentials to attacker-controlled origins."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"OpenClaw","product":"OpenClaw","defaultStatus":"unaffected","repo":"https://github.com/openclaw/openclaw","packageURL":"pkg:npm/openclaw","versions":[{"version":"0","lessThan":"2026.5.12","versionType":"semver","status":"affected"},{"version":"2026.5.12","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T18:51:04.567634Z","id":"CVE-2026-53840","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-522"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*","versionEndExcluding":"2026.5.12","matchCriteriaId":"DE7E74F5-925B-4DC3-AFAF-9C0CAD4AADE9"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.5.12:beta1:*:*:*:node.js:*:*","matchCriteriaId":"B2F3E79D-C148-461C-9C28-9CAC44DA9C79"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.5.12:beta2:*:*:*:node.js:*:*","matchCriteriaId":"707AED9D-DA43-49D7-B7F4-59A191E84F7F"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.5.12:beta3:*:*:*:node.js:*:*","matchCriteriaId":"0A703002-3775-4DD0-AA4A-14A80C966009"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.5.12:beta4:*:*:*:node.js:*:*","matchCriteriaId":"A4100ECD-456B-46C7-89A5-ECB2AF5ACAE4"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.5.12:beta5:*:*:*:node.js:*:*","matchCriteriaId":"49121842-6A84-4C19-8465-A93C67B2FB32"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.5.12:beta6:*:*:*:node.js:*:*","matchCriteriaId":"18698933-5F61-484F-88EB-D14A0C684FF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.5.12:beta7:*:*:*:node.js:*:*","matchCriteriaId":"471D48FA-A3F4-4DC0-A46D-16FBAAB9A3BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.5.12:beta8:*:*:*:node.js:*:*","matchCriteriaId":"2543F40A-7360-496F-9F12-38D9B9B9291A"}]}]}],"references":[{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-rjxq-qqhf-8hwh","source":"disclosure@vulncheck.com","tags":["Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/openclaw-custom-header-leakage-via-mcp-streamable-http-cross-origin-redirects","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-53841","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-16T19:17:00.993","lastModified":"2026-06-17T21:03:43.250","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OpenClaw before 2026.5.12 contains a cross-site scripting vulnerability in exported session HTML that preserves unsafe javascript: and data: links in generated content. Attackers can execute browser-side scripts if a trusted operator opens the exported file and activates a malicious link."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"OpenClaw","product":"OpenClaw","defaultStatus":"unaffected","repo":"https://github.com/openclaw/openclaw","packageURL":"pkg:npm/openclaw","versions":[{"version":"0","lessThan":"2026.5.12","versionType":"semver","status":"affected"},{"version":"2026.5.12","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:48:23.605311Z","id":"CVE-2026-53841","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-83"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*","versionEndExcluding":"2026.5.12","matchCriteriaId":"DE7E74F5-925B-4DC3-AFAF-9C0CAD4AADE9"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.5.12:beta1:*:*:*:node.js:*:*","matchCriteriaId":"B2F3E79D-C148-461C-9C28-9CAC44DA9C79"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.5.12:beta2:*:*:*:node.js:*:*","matchCriteriaId":"707AED9D-DA43-49D7-B7F4-59A191E84F7F"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.5.12:beta3:*:*:*:node.js:*:*","matchCriteriaId":"0A703002-3775-4DD0-AA4A-14A80C966009"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.5.12:beta4:*:*:*:node.js:*:*","matchCriteriaId":"A4100ECD-456B-46C7-89A5-ECB2AF5ACAE4"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.5.12:beta5:*:*:*:node.js:*:*","matchCriteriaId":"49121842-6A84-4C19-8465-A93C67B2FB32"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.5.12:beta6:*:*:*:node.js:*:*","matchCriteriaId":"18698933-5F61-484F-88EB-D14A0C684FF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.5.12:beta7:*:*:*:node.js:*:*","matchCriteriaId":"471D48FA-A3F4-4DC0-A46D-16FBAAB9A3BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.5.12:beta8:*:*:*:node.js:*:*","matchCriteriaId":"2543F40A-7360-496F-9F12-38D9B9B9291A"}]}]}],"references":[{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-w9hf-3pp7-pvxv","source":"disclosure@vulncheck.com","tags":["Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/openclaw-cross-site-scripting-via-unsafe-markdown-links-in-exported-session-html","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-53844","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-16T19:17:01.390","lastModified":"2026-06-17T20:30:39.367","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OpenClaw before 2026.4.29 contains a session visibility check bypass vulnerability in shared memory search that allows authenticated callers to access memory entries without proper authorization. Attackers can skip session visibility guards on the search path to retrieve memory entries that should not be visible to their session."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"OpenClaw","product":"OpenClaw","defaultStatus":"unaffected","repo":"https://github.com/openclaw/openclaw","packageURL":"pkg:npm/openclaw","versions":[{"version":"0","lessThan":"2026.4.29","versionType":"semver","status":"affected"},{"version":"2026.4.29","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T18:38:49.770928Z","id":"CVE-2026-53844","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*","versionEndExcluding":"2026.4.29","matchCriteriaId":"FD093CBC-6B1F-481A-B12D-0E06B0F4FF8C"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.4.29:beta1:*:*:*:node.js:*:*","matchCriteriaId":"06F1B1BC-A38C-40D2-A66F-BFF44FCA096E"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.4.29:beta2:*:*:*:node.js:*:*","matchCriteriaId":"5253E817-4E8F-4936-B94E-432908CEF8CE"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.4.29:beta3:*:*:*:node.js:*:*","matchCriteriaId":"1969F355-06D5-4313-86C7-DD91EE58F7BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.4.29:beta4:*:*:*:node.js:*:*","matchCriteriaId":"A5AC7CB7-6639-4F11-8A81-3A35D334C762"}]}]}],"references":[{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-72fw-cqh5-f324","source":"disclosure@vulncheck.com","tags":["Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/openclaw-session-visibility-check-bypass-in-shared-memory-search","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-53845","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-16T19:17:01.520","lastModified":"2026-06-17T20:30:25.143","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OpenClaw before 2026.5.6 contains a hook bypass vulnerability where skill commands routed through the affected dispatch path skip before-tool-call hook coverage. Attackers can exploit this by sending skill commands through the vulnerable dispatch path to bypass hook-based auditing and policy enforcement mechanisms."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"OpenClaw","product":"OpenClaw","defaultStatus":"unaffected","repo":"https://github.com/openclaw/openclaw","packageURL":"pkg:npm/openclaw","versions":[{"version":"0","lessThan":"2026.5.6","versionType":"semver","status":"affected"},{"version":"2026.5.6","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T18:51:06.938268Z","id":"CVE-2026-53845","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-693"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*","versionEndExcluding":"2026.5.6","matchCriteriaId":"1F8F3EF6-6731-4526-B8A4-1D09019F9CC2"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.5.6:beta1:*:*:*:node.js:*:*","matchCriteriaId":"D905E0CA-D7C2-4392-A51D-73AB89F5C357"}]}]}],"references":[{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-68xw-r643-9p5w","source":"disclosure@vulncheck.com","tags":["Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/openclaw-skill-command-dispatch-hook-bypass-via-before-tool-call-hook-skipping","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-53847","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-16T19:17:01.790","lastModified":"2026-06-17T20:29:43.347","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OpenClaw before 2026.5.6 contains a privilege escalation vulnerability in the Active Memory write scope that allows Gateway operators with operator.write access to modify global configuration without requiring operator.admin privileges. Attackers with operator.write access can exploit insufficient scope validation to apply unauthorized configuration changes beyond the intended write scope."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"OpenClaw","product":"OpenClaw","defaultStatus":"unaffected","repo":"https://github.com/openclaw/openclaw","packageURL":"pkg:npm/openclaw","versions":[{"version":"0","lessThan":"2026.5.6","versionType":"semver","status":"affected"},{"version":"2026.5.6","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T18:44:55.341954Z","id":"CVE-2026-53847","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*","versionEndExcluding":"2026.5.6","matchCriteriaId":"1F8F3EF6-6731-4526-B8A4-1D09019F9CC2"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.5.6:beta1:*:*:*:node.js:*:*","matchCriteriaId":"D905E0CA-D7C2-4392-A51D-73AB89F5C357"}]}]}],"references":[{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-x629-46cc-7xgw","source":"disclosure@vulncheck.com","tags":["Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-active-memory-write-scope","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-53848","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-16T19:17:01.920","lastModified":"2026-06-17T20:27:44.950","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OpenClaw before 2026.5.26 contains an exec allowlist bypass vulnerability allowing authenticated operators to execute wrapper-level side effects outside allowlisted command intent. Attackers can craft command requests that bypass allowlist validation by leveraging transparent command wrappers to perform unintended operations."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"OpenClaw","product":"OpenClaw","defaultStatus":"unaffected","repo":"https://github.com/openclaw/openclaw","packageURL":"pkg:npm/openclaw","versions":[{"version":"0","lessThan":"2026.5.26","versionType":"semver","status":"affected"},{"version":"2026.5.26","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T19:33:55.014279Z","id":"CVE-2026-53848","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-184"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*","versionEndExcluding":"2026.5.26","matchCriteriaId":"D84C1888-2526-4DDE-BF69-39406820F05E"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.5.26:beta1:*:*:*:node.js:*:*","matchCriteriaId":"89ABB777-50F9-4258-A3C0-1B028A948297"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.5.26:beta2:*:*:*:node.js:*:*","matchCriteriaId":"C5DEEC82-614B-42D4-BC37-B03EC17CFE70"}]}]}],"references":[{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-cwpp-5962-q4f6","source":"disclosure@vulncheck.com","tags":["Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/openclaw-exec-allowlist-bypass-via-transparent-command-wrappers","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-53850","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-16T19:17:02.183","lastModified":"2026-06-17T21:02:43.330","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OpenClaw before 2026.4.25 contains a control scope enforcement bypass vulnerability in the focus command that allows authenticated callers to execute the command without proper authorization checks. Attackers can trigger the focus command to change focus state outside intended caller authority, potentially enabling unauthorized operations depending on gateway configuration and input trust levels."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"OpenClaw","product":"OpenClaw","defaultStatus":"unaffected","repo":"https://github.com/openclaw/openclaw","packageURL":"pkg:npm/openclaw","versions":[{"version":"0","lessThan":"2026.4.25","versionType":"semver","status":"affected"},{"version":"2026.4.25","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T18:38:22.508672Z","id":"CVE-2026-53850","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*","versionEndExcluding":"2026.4.25","matchCriteriaId":"A1C7E0A9-FE18-4FC0-B084-962ED0BC7EC6"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.4.25:beta1:*:*:*:node.js:*:*","matchCriteriaId":"47423C4C-E76E-4143-8AB9-C7828BFAB409"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.4.25:beta10:*:*:*:node.js:*:*","matchCriteriaId":"991BD889-5FA3-4665-BA49-B8DAF1F0BE19"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.4.25:beta11:*:*:*:node.js:*:*","matchCriteriaId":"C2DEC581-0C75-4797-AE9B-16AE8B61CFA5"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.4.25:beta2:*:*:*:node.js:*:*","matchCriteriaId":"B66A863E-509A-4B70-81D7-7CBAAE35562A"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.4.25:beta3:*:*:*:node.js:*:*","matchCriteriaId":"22C31BB6-8D7E-440E-9307-85E1B5D6EFE3"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.4.25:beta4:*:*:*:node.js:*:*","matchCriteriaId":"FA94F68E-C254-4693-8178-2350AFF03340"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.4.25:beta5:*:*:*:node.js:*:*","matchCriteriaId":"81E3D764-EC83-44F8-BBBF-ACB6009B210F"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.4.25:beta6:*:*:*:node.js:*:*","matchCriteriaId":"87569369-BAA7-4E88-9370-F8C6C8548EDA"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.4.25:beta7:*:*:*:node.js:*:*","matchCriteriaId":"61334610-1CDA-4AC4-A62B-4CA0E1448891"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.4.25:beta8:*:*:*:node.js:*:*","matchCriteriaId":"692249CF-9643-4B03-B180-B6F7588547DE"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.4.25:beta9:*:*:*:node.js:*:*","matchCriteriaId":"750B5EC7-F749-4656-AEE5-D1F403F56B6B"}]}]}],"references":[{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-mpc8-jxjh-qpgh","source":"disclosure@vulncheck.com","tags":["Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/openclaw-control-scope-enforcement-bypass-in-focus-command","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-53851","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-16T19:17:02.327","lastModified":"2026-06-17T21:02:29.587","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OpenClaw before 2026.5.12 contains a notification bypass vulnerability allowing Slack reaction events to enter the agent pipeline despite disabled reaction notifications. Attackers can trigger unintended agent processing by sending reaction events when the feature is enabled, potentially leading to unauthorized processing of lower-trust input."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"OpenClaw","product":"OpenClaw","defaultStatus":"unaffected","repo":"https://github.com/openclaw/openclaw","packageURL":"pkg:npm/openclaw","versions":[{"version":"0","lessThan":"2026.5.12","versionType":"semver","status":"affected"},{"version":"2026.5.12","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T18:42:26.787784Z","id":"CVE-2026-53851","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*","versionEndExcluding":"2026.5.12","matchCriteriaId":"DE7E74F5-925B-4DC3-AFAF-9C0CAD4AADE9"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.5.12:beta1:*:*:*:node.js:*:*","matchCriteriaId":"B2F3E79D-C148-461C-9C28-9CAC44DA9C79"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.5.12:beta2:*:*:*:node.js:*:*","matchCriteriaId":"707AED9D-DA43-49D7-B7F4-59A191E84F7F"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.5.12:beta3:*:*:*:node.js:*:*","matchCriteriaId":"0A703002-3775-4DD0-AA4A-14A80C966009"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.5.12:beta4:*:*:*:node.js:*:*","matchCriteriaId":"A4100ECD-456B-46C7-89A5-ECB2AF5ACAE4"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.5.12:beta5:*:*:*:node.js:*:*","matchCriteriaId":"49121842-6A84-4C19-8465-A93C67B2FB32"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.5.12:beta6:*:*:*:node.js:*:*","matchCriteriaId":"18698933-5F61-484F-88EB-D14A0C684FF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.5.12:beta7:*:*:*:node.js:*:*","matchCriteriaId":"471D48FA-A3F4-4DC0-A46D-16FBAAB9A3BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.5.12:beta8:*:*:*:node.js:*:*","matchCriteriaId":"2543F40A-7360-496F-9F12-38D9B9B9291A"}]}]}],"references":[{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-fcvx-5cxc-v5p8","source":"disclosure@vulncheck.com","tags":["Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/openclaw-slack-reaction-event-notification-bypass","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-53852","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-16T19:17:02.510","lastModified":"2026-06-17T21:02:18.997","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OpenClaw before 2026.4.25 contains a scope containment bypass vulnerability in device re-pairing that allows authenticated operators to restore broader scopes than intended by submitting empty-scope re-pairing requests. Attackers can exploit this by sending re-pairing requests with empty scope sets to skip containment guards and retain unauthorized device access."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"OpenClaw","product":"OpenClaw","defaultStatus":"unaffected","repo":"https://github.com/openclaw/openclaw","packageURL":"pkg:npm/openclaw","versions":[{"version":"0","lessThan":"2026.4.25","versionType":"semver","status":"affected"},{"version":"2026.4.25","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T18:59:03.453390Z","id":"CVE-2026-53852","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-636"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*","versionEndExcluding":"2026.4.25","matchCriteriaId":"A1C7E0A9-FE18-4FC0-B084-962ED0BC7EC6"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.4.25:beta1:*:*:*:node.js:*:*","matchCriteriaId":"47423C4C-E76E-4143-8AB9-C7828BFAB409"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.4.25:beta10:*:*:*:node.js:*:*","matchCriteriaId":"991BD889-5FA3-4665-BA49-B8DAF1F0BE19"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.4.25:beta11:*:*:*:node.js:*:*","matchCriteriaId":"C2DEC581-0C75-4797-AE9B-16AE8B61CFA5"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.4.25:beta2:*:*:*:node.js:*:*","matchCriteriaId":"B66A863E-509A-4B70-81D7-7CBAAE35562A"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.4.25:beta3:*:*:*:node.js:*:*","matchCriteriaId":"22C31BB6-8D7E-440E-9307-85E1B5D6EFE3"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.4.25:beta4:*:*:*:node.js:*:*","matchCriteriaId":"FA94F68E-C254-4693-8178-2350AFF03340"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.4.25:beta5:*:*:*:node.js:*:*","matchCriteriaId":"81E3D764-EC83-44F8-BBBF-ACB6009B210F"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.4.25:beta6:*:*:*:node.js:*:*","matchCriteriaId":"87569369-BAA7-4E88-9370-F8C6C8548EDA"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.4.25:beta7:*:*:*:node.js:*:*","matchCriteriaId":"61334610-1CDA-4AC4-A62B-4CA0E1448891"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.4.25:beta8:*:*:*:node.js:*:*","matchCriteriaId":"692249CF-9643-4B03-B180-B6F7588547DE"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.4.25:beta9:*:*:*:node.js:*:*","matchCriteriaId":"750B5EC7-F749-4656-AEE5-D1F403F56B6B"}]}]}],"references":[{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-8mg9-j9cf-54cj","source":"disclosure@vulncheck.com","tags":["Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/openclaw-scope-bypass-via-empty-scope-device-re-pairing","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-53859","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-16T19:17:03.440","lastModified":"2026-06-17T22:12:00.270","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OpenClaw before 2026.5.26 contains a hostname validation vulnerability allowing attackers to bypass blocklist comparisons using trailing-dot notation in model or workspace-derived URLs. Attackers can exploit inconsistent hostname checks to reach destinations that operators intended to block through hostname policies."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"OpenClaw","product":"OpenClaw","defaultStatus":"unaffected","repo":"https://github.com/openclaw/openclaw","packageURL":"pkg:npm/openclaw","versions":[{"version":"0","lessThan":"2026.5.26","versionType":"semver","status":"affected"},{"version":"2026.5.26","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T18:38:50.637597Z","id":"CVE-2026-53859","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"},{"lang":"en","value":"CWE-1023"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*","versionEndExcluding":"2026.5.26","matchCriteriaId":"D84C1888-2526-4DDE-BF69-39406820F05E"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.5.26:beta1:*:*:*:node.js:*:*","matchCriteriaId":"89ABB777-50F9-4258-A3C0-1B028A948297"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.5.26:beta2:*:*:*:node.js:*:*","matchCriteriaId":"C5DEEC82-614B-42D4-BC37-B03EC17CFE70"}]}]}],"references":[{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-gxg4-2rrr-jhc7","source":"disclosure@vulncheck.com","tags":["Vendor Advisory","Mitigation"]},{"url":"https://www.vulncheck.com/advisories/openclaw-hostname-validation-bypass-via-trailing-dot-inconsistency","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-53860","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-16T19:17:03.573","lastModified":"2026-06-17T22:23:25.277","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OpenClaw before 2026.5.7 contains a sender policy bypass vulnerability in BlueBubbles that allows participants to match allowlist entries through conversation metadata rather than stable sender identity. Attackers can influence conversation-level identifiers to receive agent responses intended for configured senders, potentially bypassing access controls."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"OpenClaw","product":"OpenClaw","defaultStatus":"unaffected","repo":"https://github.com/openclaw/openclaw","packageURL":"pkg:npm/openclaw","versions":[{"version":"0","lessThan":"2026.5.7","versionType":"semver","status":"affected"},{"version":"2026.5.7","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T19:33:29.631823Z","id":"CVE-2026-53860","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-807"},{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*","versionEndExcluding":"2026.5.7","matchCriteriaId":"7997A172-6CF9-4361-9301-86C0D2201B85"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.5.7:beta1:*:*:*:node.js:*:*","matchCriteriaId":"F26D81DE-E9B7-499A-A461-D3DDC6FA7282"}]}]}],"references":[{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-8j37-5w68-wj2g","source":"disclosure@vulncheck.com","tags":["Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/openclaw-sender-policy-bypass-via-mutable-conversation-identifiers-in-bluebubbles","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-53862","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-16T19:17:04.160","lastModified":"2026-06-17T22:48:18.483","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OpenClaw before 2026.5.12 contains a bootstrap token replay vulnerability allowing callers with pending token access to reuse tokens with broader requested scopes. Attackers can replay bootstrap tokens before approval to escalate pairing authority beyond intended scope limits."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"OpenClaw","product":"OpenClaw","defaultStatus":"unaffected","repo":"https://github.com/openclaw/openclaw","packageURL":"pkg:npm/openclaw","versions":[{"version":"0","lessThan":"2026.5.12","versionType":"semver","status":"affected"},{"version":"2026.5.12","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T18:31:01.331574Z","id":"CVE-2026-53862","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"},{"lang":"en","value":"CWE-345"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*","versionEndExcluding":"2026.5.12","matchCriteriaId":"DE7E74F5-925B-4DC3-AFAF-9C0CAD4AADE9"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.5.12:beta1:*:*:*:node.js:*:*","matchCriteriaId":"B2F3E79D-C148-461C-9C28-9CAC44DA9C79"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.5.12:beta2:*:*:*:node.js:*:*","matchCriteriaId":"707AED9D-DA43-49D7-B7F4-59A191E84F7F"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.5.12:beta3:*:*:*:node.js:*:*","matchCriteriaId":"0A703002-3775-4DD0-AA4A-14A80C966009"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.5.12:beta4:*:*:*:node.js:*:*","matchCriteriaId":"A4100ECD-456B-46C7-89A5-ECB2AF5ACAE4"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.5.12:beta5:*:*:*:node.js:*:*","matchCriteriaId":"49121842-6A84-4C19-8465-A93C67B2FB32"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.5.12:beta6:*:*:*:node.js:*:*","matchCriteriaId":"18698933-5F61-484F-88EB-D14A0C684FF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.5.12:beta7:*:*:*:node.js:*:*","matchCriteriaId":"471D48FA-A3F4-4DC0-A46D-16FBAAB9A3BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.5.12:beta8:*:*:*:node.js:*:*","matchCriteriaId":"2543F40A-7360-496F-9F12-38D9B9B9291A"}]}]}],"references":[{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-9v8j-9c9g-w66c","source":"disclosure@vulncheck.com","tags":["Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/openclaw-bootstrap-token-replay-via-pending-pairing-scope-widening","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-53863","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-16T19:17:04.633","lastModified":"2026-06-17T18:03:55.180","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OpenClaw before 2026.4.25 contains an input validation vulnerability in tool group policy callers that accept unvalidated group IDs. Attackers who can supply a group ID to the policy resolver could trigger incorrect group-policy decisions for tool invocations, potentially bypassing intended access controls."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"OpenClaw","product":"OpenClaw","defaultStatus":"unaffected","repo":"https://github.com/openclaw/openclaw","packageURL":"pkg:npm/openclaw","versions":[{"version":"0","lessThan":"2026.4.25","versionType":"semver","status":"affected"},{"version":"2026.4.25","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T18:35:31.364790Z","id":"CVE-2026-53863","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*","versionEndExcluding":"2026.4.25","matchCriteriaId":"A1C7E0A9-FE18-4FC0-B084-962ED0BC7EC6"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.4.25:beta1:*:*:*:node.js:*:*","matchCriteriaId":"47423C4C-E76E-4143-8AB9-C7828BFAB409"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.4.25:beta10:*:*:*:node.js:*:*","matchCriteriaId":"991BD889-5FA3-4665-BA49-B8DAF1F0BE19"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.4.25:beta11:*:*:*:node.js:*:*","matchCriteriaId":"C2DEC581-0C75-4797-AE9B-16AE8B61CFA5"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.4.25:beta2:*:*:*:node.js:*:*","matchCriteriaId":"B66A863E-509A-4B70-81D7-7CBAAE35562A"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.4.25:beta3:*:*:*:node.js:*:*","matchCriteriaId":"22C31BB6-8D7E-440E-9307-85E1B5D6EFE3"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.4.25:beta4:*:*:*:node.js:*:*","matchCriteriaId":"FA94F68E-C254-4693-8178-2350AFF03340"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.4.25:beta5:*:*:*:node.js:*:*","matchCriteriaId":"81E3D764-EC83-44F8-BBBF-ACB6009B210F"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.4.25:beta6:*:*:*:node.js:*:*","matchCriteriaId":"87569369-BAA7-4E88-9370-F8C6C8548EDA"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.4.25:beta7:*:*:*:node.js:*:*","matchCriteriaId":"61334610-1CDA-4AC4-A62B-4CA0E1448891"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.4.25:beta8:*:*:*:node.js:*:*","matchCriteriaId":"692249CF-9643-4B03-B180-B6F7588547DE"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:2026.4.25:beta9:*:*:*:node.js:*:*","matchCriteriaId":"750B5EC7-F749-4656-AEE5-D1F403F56B6B"}]}]}],"references":[{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-985f-72mj-8gf7","source":"disclosure@vulncheck.com","tags":["Vendor Advisory","Mitigation"]},{"url":"https://www.vulncheck.com/advisories/openclaw-unvalidated-group-id-acceptance-in-tool-group-policy","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-0125","sourceIdentifier":"dsap-vuln-management@google.com","published":"2026-06-16T20:16:23.430","lastModified":"2026-06-17T16:40:32.613","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In multiple functions of vpu_ioctl.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."}],"affected":[{"source":"dsap-vuln-management@google.com","affectedData":[{"vendor":"Google","product":"Android","defaultStatus":"unaffected","versions":[{"version":"Android kernel","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T00:00:00+00:00","id":"CVE-2026-0125","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://source.android.com/docs/security/bulletin/pixel/2026/2026-06-01","source":"dsap-vuln-management@google.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-0127","sourceIdentifier":"dsap-vuln-management@google.com","published":"2026-06-16T20:16:23.637","lastModified":"2026-06-17T16:40:13.777","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In NrmmMsgCodec::DecodeUPUTransparentContext of cn_NrmmDecoder.cpp, there is a possible out-of-bounds read due to memory corruption. This could lead to remote denial of service causing a communication processor crash with no additional execution privileges needed. User interaction is not needed for exploitation."}],"affected":[{"source":"dsap-vuln-management@google.com","affectedData":[{"vendor":"Google","product":"Android","defaultStatus":"unaffected","versions":[{"version":"Android kernel","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T20:28:26.965702Z","id":"CVE-2026-0127","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://source.android.com/docs/security/bulletin/pixel/2026/2026-06-01","source":"dsap-vuln-management@google.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-0129","sourceIdentifier":"dsap-vuln-management@google.com","published":"2026-06-16T20:16:23.813","lastModified":"2026-06-17T16:39:52.773","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In RtcpByePacket::decodeByePacket, there is a possible  due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation."}],"affected":[{"source":"dsap-vuln-management@google.com","affectedData":[{"vendor":"Google","product":"Android","defaultStatus":"unaffected","versions":[{"version":"Android kernel","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N","baseScore":3.5,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T20:47:37.796413Z","id":"CVE-2026-0129","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-120"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://source.android.com/docs/security/bulletin/pixel/2026/2026-06-01","source":"dsap-vuln-management@google.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-0130","sourceIdentifier":"dsap-vuln-management@google.com","published":"2026-06-16T20:16:23.900","lastModified":"2026-06-17T16:39:24.173","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In RtcpChunk::decodeRtcpChunk, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation."}],"affected":[{"source":"dsap-vuln-management@google.com","affectedData":[{"vendor":"Google","product":"Android","defaultStatus":"unaffected","versions":[{"version":"Android kernel","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N","baseScore":3.5,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T20:46:31.194295Z","id":"CVE-2026-0130","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-122"},{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://source.android.com/docs/security/bulletin/pixel/2026/2026-06-01","source":"dsap-vuln-management@google.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-0131","sourceIdentifier":"dsap-vuln-management@google.com","published":"2026-06-16T20:16:23.990","lastModified":"2026-06-17T16:39:03.423","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In RtpPacket::decodePacket, there is a possible out of bounds access due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation."}],"affected":[{"source":"dsap-vuln-management@google.com","affectedData":[{"vendor":"Google","product":"Android","defaultStatus":"unaffected","versions":[{"version":"Android kernel","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T00:00:00+00:00","id":"CVE-2026-0131","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-125"},{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://source.android.com/docs/security/bulletin/pixel/2026/2026-06-01","source":"dsap-vuln-management@google.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-0132","sourceIdentifier":"dsap-vuln-management@google.com","published":"2026-06-16T20:16:24.080","lastModified":"2026-06-17T16:38:36.120","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In Modem, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation."}],"affected":[{"source":"dsap-vuln-management@google.com","affectedData":[{"vendor":"Google","product":"Android","defaultStatus":"unaffected","versions":[{"version":"Android kernel","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T00:00:00+00:00","id":"CVE-2026-0132","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://source.android.com/docs/security/bulletin/pixel/2026/2026-06-01","source":"dsap-vuln-management@google.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-0133","sourceIdentifier":"dsap-vuln-management@google.com","published":"2026-06-16T20:16:24.170","lastModified":"2026-06-17T16:38:13.160","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In smmu_attach_dev of arm-smmu-v3.c, there is a possible way to sign malicious Android Runtime bootclass artifacts due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."}],"affected":[{"source":"dsap-vuln-management@google.com","affectedData":[{"vendor":"Google","product":"Android","defaultStatus":"unaffected","versions":[{"version":"Android kernel","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T00:00:00+00:00","id":"CVE-2026-0133","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://source.android.com/docs/security/bulletin/pixel/2026/2026-06-01","source":"dsap-vuln-management@google.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-0134","sourceIdentifier":"dsap-vuln-management@google.com","published":"2026-06-16T20:16:24.260","lastModified":"2026-06-17T16:37:48.860","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In PostWipeData of recovery_ui.cpp, there is a possible data persistence issue after a factory reset due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."}],"affected":[{"source":"dsap-vuln-management@google.com","affectedData":[{"vendor":"Google","product":"Android","defaultStatus":"unaffected","versions":[{"version":"Android kernel","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T20:51:08.278432Z","id":"CVE-2026-0134","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-1188"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://source.android.com/docs/security/bulletin/pixel/2026/2026-06-01","source":"dsap-vuln-management@google.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-0135","sourceIdentifier":"dsap-vuln-management@google.com","published":"2026-06-16T20:16:24.350","lastModified":"2026-06-17T16:37:27.433","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In Modem, there is a possible out of bounds read due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation."}],"affected":[{"source":"dsap-vuln-management@google.com","affectedData":[{"vendor":"Google","product":"Android","defaultStatus":"unaffected","versions":[{"version":"Android kernel","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T00:00:00+00:00","id":"CVE-2026-0135","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://source.android.com/docs/security/bulletin/pixel/2026/2026-06-01","source":"dsap-vuln-management@google.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-0136","sourceIdentifier":"dsap-vuln-management@google.com","published":"2026-06-16T20:16:24.440","lastModified":"2026-06-17T16:21:02.547","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In Modem, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation."}],"affected":[{"source":"dsap-vuln-management@google.com","affectedData":[{"vendor":"Google","product":"Android","defaultStatus":"unaffected","versions":[{"version":"Android kernel","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T20:17:45.417702Z","id":"CVE-2026-0136","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-120"},{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://source.android.com/docs/security/bulletin/pixel/2026/2026-06-01","source":"dsap-vuln-management@google.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-0137","sourceIdentifier":"dsap-vuln-management@google.com","published":"2026-06-16T20:16:24.527","lastModified":"2026-06-17T16:46:06.210","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In edgetpu_sync_fence_group_shutdown() of edgetpu-dmabuf.c, there is a possible elevation of privilege due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation."}],"affected":[{"source":"dsap-vuln-management@google.com","affectedData":[{"vendor":"Google","product":"Android","defaultStatus":"unaffected","versions":[{"version":"Android kernel","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T00:00:00+00:00","id":"CVE-2026-0137","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://source.android.com/docs/security/bulletin/pixel/2026/2026-06-01","source":"dsap-vuln-management@google.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-0138","sourceIdentifier":"dsap-vuln-management@google.com","published":"2026-06-16T20:16:24.623","lastModified":"2026-06-17T16:45:48.950","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In lwis_io_buffer_write of lwis_io_buffer.c, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation."}],"affected":[{"source":"dsap-vuln-management@google.com","affectedData":[{"vendor":"Google","product":"Android","defaultStatus":"unaffected","versions":[{"version":"Android kernel","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T00:00:00+00:00","id":"CVE-2026-0138","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-120"},{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://source.android.com/docs/security/bulletin/pixel/2026/2026-06-01","source":"dsap-vuln-management@google.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-0139","sourceIdentifier":"dsap-vuln-management@google.com","published":"2026-06-16T20:16:24.730","lastModified":"2026-06-17T16:45:18.713","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation."}],"affected":[{"source":"dsap-vuln-management@google.com","affectedData":[{"vendor":"Google","product":"Android","defaultStatus":"unaffected","versions":[{"version":"Android kernel","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T00:00:00+00:00","id":"CVE-2026-0139","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://source.android.com/docs/security/bulletin/pixel/2026/2026-06-01","source":"dsap-vuln-management@google.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-0140","sourceIdentifier":"dsap-vuln-management@google.com","published":"2026-06-16T20:16:24.817","lastModified":"2026-06-17T16:44:53.223","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In RtpPacket::decodePacket, there is a possible out-of-bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation."}],"affected":[{"source":"dsap-vuln-management@google.com","affectedData":[{"vendor":"Google","product":"Android","defaultStatus":"unaffected","versions":[{"version":"Android kernel","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T20:16:08.469737Z","id":"CVE-2026-0140","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-125"},{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://source.android.com/docs/security/bulletin/pixel/2026/2026-06-01","source":"dsap-vuln-management@google.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-0141","sourceIdentifier":"dsap-vuln-management@google.com","published":"2026-06-16T20:16:24.907","lastModified":"2026-06-17T16:44:33.640","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In decodeAppPacket of RtcpAppPacket.cpp, there is a possible OOB read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."}],"affected":[{"source":"dsap-vuln-management@google.com","affectedData":[{"vendor":"Google","product":"Android","defaultStatus":"unaffected","versions":[{"version":"Android kernel","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T20:15:38.072359Z","id":"CVE-2026-0141","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-120"},{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://source.android.com/docs/security/bulletin/pixel/2026/2026-06-01","source":"dsap-vuln-management@google.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-0142","sourceIdentifier":"dsap-vuln-management@google.com","published":"2026-06-16T20:16:24.997","lastModified":"2026-06-17T16:43:59.840","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In iavb_parse_key_data of avb_rsa.c, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."}],"affected":[{"source":"dsap-vuln-management@google.com","affectedData":[{"vendor":"Google","product":"Android","defaultStatus":"unaffected","versions":[{"version":"Android kernel","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T20:51:57.297248Z","id":"CVE-2026-0142","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://source.android.com/docs/security/bulletin/pixel/2026/2026-06-01","source":"dsap-vuln-management@google.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-0143","sourceIdentifier":"dsap-vuln-management@google.com","published":"2026-06-16T20:16:25.083","lastModified":"2026-06-17T16:43:40.767","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In lwis_device_external_event_emit of lwis_event.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation."}],"affected":[{"source":"dsap-vuln-management@google.com","affectedData":[{"vendor":"Google","product":"Android","defaultStatus":"unaffected","versions":[{"version":"Android kernel","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T00:00:00+00:00","id":"CVE-2026-0143","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://source.android.com/docs/security/bulletin/pixel/2026/2026-06-01","source":"dsap-vuln-management@google.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-0144","sourceIdentifier":"dsap-vuln-management@google.com","published":"2026-06-16T20:16:25.170","lastModified":"2026-06-17T16:43:25.483","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In writeAocCommand of AocAudioCodec.cpp, there is a possible memory safety issue due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation."}],"affected":[{"source":"dsap-vuln-management@google.com","affectedData":[{"vendor":"Google","product":"Android","defaultStatus":"unaffected","versions":[{"version":"Android kernel","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T20:12:31.457074Z","id":"CVE-2026-0144","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-120"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://source.android.com/docs/security/bulletin/pixel/2026/2026-06-01","source":"dsap-vuln-management@google.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-0145","sourceIdentifier":"dsap-vuln-management@google.com","published":"2026-06-16T20:16:25.260","lastModified":"2026-06-17T16:43:08.210","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In keymint, there is a possible Permission Bypass due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."}],"affected":[{"source":"dsap-vuln-management@google.com","affectedData":[{"vendor":"Google","product":"Android","defaultStatus":"unaffected","versions":[{"version":"Android kernel","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T20:12:18.977713Z","id":"CVE-2026-0145","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://source.android.com/docs/security/bulletin/pixel/2026/2026-06-01","source":"dsap-vuln-management@google.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-0146","sourceIdentifier":"dsap-vuln-management@google.com","published":"2026-06-16T20:16:25.350","lastModified":"2026-06-17T16:42:47.703","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In mfc_core_get_dec_metadata_sei_nal of mfc_core_reg_api.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation."}],"affected":[{"source":"dsap-vuln-management@google.com","affectedData":[{"vendor":"Google","product":"Android","defaultStatus":"unaffected","versions":[{"version":"Android kernel","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T00:00:00+00:00","id":"CVE-2026-0146","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-120"},{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://source.android.com/docs/security/bulletin/pixel/2026/2026-06-01","source":"dsap-vuln-management@google.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-0147","sourceIdentifier":"dsap-vuln-management@google.com","published":"2026-06-16T20:16:25.440","lastModified":"2026-06-17T17:36:54.107","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In __mfc_core_nal_q_get_dec_metadata_sei_nal of mfc_core_nal_q.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation."}],"affected":[{"source":"dsap-vuln-management@google.com","affectedData":[{"vendor":"Google","product":"Android","defaultStatus":"unaffected","versions":[{"version":"Android kernel","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T00:00:00+00:00","id":"CVE-2026-0147","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-120"},{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://source.android.com/docs/security/bulletin/pixel/2026/2026-06-01","source":"dsap-vuln-management@google.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-0148","sourceIdentifier":"dsap-vuln-management@google.com","published":"2026-06-16T20:16:25.530","lastModified":"2026-06-17T17:35:27.913","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In multiple functions of VideoRtpPayloadDecoderNode.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation."}],"affected":[{"source":"dsap-vuln-management@google.com","affectedData":[{"vendor":"Google","product":"Android","defaultStatus":"unaffected","versions":[{"version":"Android kernel","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T00:00:00+00:00","id":"CVE-2026-0148","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-190"},{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://source.android.com/docs/security/bulletin/pixel/2026/2026-06-01","source":"dsap-vuln-management@google.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-0149","sourceIdentifier":"dsap-vuln-management@google.com","published":"2026-06-16T20:16:25.620","lastModified":"2026-06-17T17:34:19.580","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In RtpSession::rtpSendRtcpPacket, there is a possible OOB write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation."}],"affected":[{"source":"dsap-vuln-management@google.com","affectedData":[{"vendor":"Google","product":"Android","defaultStatus":"unaffected","versions":[{"version":"Android kernel","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T00:00:00+00:00","id":"CVE-2026-0149","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-122"},{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://source.android.com/docs/security/bulletin/pixel/2026/2026-06-01","source":"dsap-vuln-management@google.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-0150","sourceIdentifier":"dsap-vuln-management@google.com","published":"2026-06-16T20:16:25.707","lastModified":"2026-06-17T17:30:51.070","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In ExecuteGraph command handler of EdgeTPU firmware, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with root privileges needed. User interaction is not needed for exploitation."}],"affected":[{"source":"dsap-vuln-management@google.com","affectedData":[{"vendor":"Google","product":"Android","defaultStatus":"unaffected","versions":[{"version":"Android kernel","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T00:00:00+00:00","id":"CVE-2026-0150","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-190"},{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://source.android.com/docs/security/bulletin/pixel/2026/2026-06-01","source":"dsap-vuln-management@google.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-0151","sourceIdentifier":"dsap-vuln-management@google.com","published":"2026-06-16T20:16:25.793","lastModified":"2026-06-17T17:30:01.957","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In IntfGraphCreate of intfgraph.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation."}],"affected":[{"source":"dsap-vuln-management@google.com","affectedData":[{"vendor":"Google","product":"Android","defaultStatus":"unaffected","versions":[{"version":"Android kernel","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T00:00:00+00:00","id":"CVE-2026-0151","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-190"},{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://source.android.com/docs/security/bulletin/pixel/2026/2026-06-01","source":"dsap-vuln-management@google.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-0152","sourceIdentifier":"dsap-vuln-management@google.com","published":"2026-06-16T20:16:25.883","lastModified":"2026-06-17T19:06:21.990","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In OSMMapPMRGeneric of pmr_os.c, there is a possible way to leverage a system call to system call to maliciously expand the VMA out of bounds due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."}],"affected":[{"source":"dsap-vuln-management@google.com","affectedData":[{"vendor":"Google","product":"Android","defaultStatus":"unaffected","versions":[{"version":"Android kernel","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T00:00:00+00:00","id":"CVE-2026-0152","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://source.android.com/docs/security/bulletin/pixel/2026/2026-06-01","source":"dsap-vuln-management@google.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-0153","sourceIdentifier":"dsap-vuln-management@google.com","published":"2026-06-16T20:16:25.970","lastModified":"2026-06-17T19:06:45.693","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In Write of msg_to_host_buffer.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."}],"affected":[{"source":"dsap-vuln-management@google.com","affectedData":[{"vendor":"Google","product":"Android","defaultStatus":"unaffected","versions":[{"version":"Android kernel","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T03:56:28.589036Z","id":"CVE-2026-0153","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://source.android.com/docs/security/bulletin/pixel/2026/2026-06-01","source":"dsap-vuln-management@google.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-0154","sourceIdentifier":"dsap-vuln-management@google.com","published":"2026-06-16T20:16:26.063","lastModified":"2026-06-17T19:07:05.757","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In Modem, there is a possible way to trigger a modem crash during a SIP REFER request due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation."}],"affected":[{"source":"dsap-vuln-management@google.com","affectedData":[{"vendor":"Google","product":"Android","defaultStatus":"unaffected","versions":[{"version":"Android kernel","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T00:00:00+00:00","id":"CVE-2026-0154","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-120"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://source.android.com/docs/security/bulletin/pixel/2026/2026-06-01","source":"dsap-vuln-management@google.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-0155","sourceIdentifier":"dsap-vuln-management@google.com","published":"2026-06-16T20:16:26.150","lastModified":"2026-06-17T19:07:27.593","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In ImsMediaBitReader::ReadByteBuffer, there is a possible OOB read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."}],"affected":[{"source":"dsap-vuln-management@google.com","affectedData":[{"vendor":"Google","product":"Android","defaultStatus":"unaffected","versions":[{"version":"Android kernel","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T19:50:49.744680Z","id":"CVE-2026-0155","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-120"},{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://source.android.com/docs/security/bulletin/pixel/2026/2026-06-01","source":"dsap-vuln-management@google.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-0157","sourceIdentifier":"dsap-vuln-management@google.com","published":"2026-06-16T20:16:26.327","lastModified":"2026-06-17T19:07:56.907","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In RtcpHeader::decodeRtcpHeader, there is a possible OOB read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."}],"affected":[{"source":"dsap-vuln-management@google.com","affectedData":[{"vendor":"Google","product":"Android","defaultStatus":"unaffected","versions":[{"version":"Android kernel","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T19:48:43.570340Z","id":"CVE-2026-0157","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-120"},{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://source.android.com/docs/security/bulletin/pixel/2026/2026-06-01","source":"dsap-vuln-management@google.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-0158","sourceIdentifier":"dsap-vuln-management@google.com","published":"2026-06-16T20:16:26.420","lastModified":"2026-06-17T19:26:29.643","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In Camera, there is a possible unauthorized way to access photos due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."}],"affected":[{"source":"dsap-vuln-management@google.com","affectedData":[{"vendor":"Google","product":"Android","defaultStatus":"unaffected","versions":[{"version":"Android kernel","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T19:47:56.236593Z","id":"CVE-2026-0158","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://source.android.com/docs/security/bulletin/pixel/2026/2026-06-01","source":"dsap-vuln-management@google.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-0160","sourceIdentifier":"dsap-vuln-management@google.com","published":"2026-06-16T20:16:26.517","lastModified":"2026-06-17T19:22:02.480","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In TextRtpPayloadDecoderNode::DecodeT140 of TextRtpPayloadDecoderNode.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation."}],"affected":[{"source":"dsap-vuln-management@google.com","affectedData":[{"vendor":"Google","product":"Android","defaultStatus":"unaffected","versions":[{"version":"Android kernel","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T00:00:00+00:00","id":"CVE-2026-0160","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-120"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://source.android.com/docs/security/bulletin/pixel/2026/2026-06-01","source":"dsap-vuln-management@google.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-0161","sourceIdentifier":"dsap-vuln-management@google.com","published":"2026-06-16T20:16:26.610","lastModified":"2026-06-17T19:43:58.550","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In numberOfReportBlocks of RtpSession.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."}],"affected":[{"source":"dsap-vuln-management@google.com","affectedData":[{"vendor":"Google","product":"Android","defaultStatus":"unaffected","versions":[{"version":"Android kernel","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T00:00:00+00:00","id":"CVE-2026-0161","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-190"},{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://source.android.com/docs/security/bulletin/pixel/2026/2026-06-01","source":"dsap-vuln-management@google.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-0162","sourceIdentifier":"dsap-vuln-management@google.com","published":"2026-06-16T20:16:26.697","lastModified":"2026-06-17T19:43:37.500","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In ParsePayloads of AudioSdpParser.cpp, there is a possible memory corruption due to type confusion. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation."}],"affected":[{"source":"dsap-vuln-management@google.com","affectedData":[{"vendor":"Google","product":"Android","defaultStatus":"unaffected","versions":[{"version":"Android kernel","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T00:00:00+00:00","id":"CVE-2026-0162","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-843"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://source.android.com/docs/security/bulletin/pixel/2026/2026-06-01","source":"dsap-vuln-management@google.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-0164","sourceIdentifier":"dsap-vuln-management@google.com","published":"2026-06-16T20:16:26.790","lastModified":"2026-06-17T19:43:20.683","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation."}],"affected":[{"source":"dsap-vuln-management@google.com","affectedData":[{"vendor":"Google","product":"Android","defaultStatus":"unaffected","versions":[{"version":"Android kernel","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T00:00:00+00:00","id":"CVE-2026-0164","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-120"},{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://source.android.com/docs/security/bulletin/pixel/2026/2026-06-01","source":"dsap-vuln-management@google.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-0165","sourceIdentifier":"dsap-vuln-management@google.com","published":"2026-06-16T20:16:26.877","lastModified":"2026-06-17T19:39:32.340","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In several functions of the RTCP packet decoder, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation."}],"affected":[{"source":"dsap-vuln-management@google.com","affectedData":[{"vendor":"Google","product":"Android","defaultStatus":"unaffected","versions":[{"version":"Android kernel","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T19:32:06.697409Z","id":"CVE-2026-0165","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-120"},{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://source.android.com/docs/security/bulletin/pixel/2026/2026-06-01","source":"dsap-vuln-management@google.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-10303","sourceIdentifier":"44488dab-36db-4358-99f9-bc116477f914","published":"2026-06-16T20:16:26.963","lastModified":"2026-06-17T17:16:41.383","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In ServerCo getssl version 2.49 and prior, the ACME challenge token returned to the client was not strictly validated against RFC 8555 before being used in challenge-file handling, allowing a maliciously crafted token to influence local path/filename usage during validation. An attacker who can supply ACME challenge responses to getssl (for example, a malicious or compromised CA endpoint, or an on-path adversary able to tamper with that response path) could exploit this to achieve unauthorized file write/path traversal effects, usually with elevated privileges, ultimately allowing for remote command injection. This issue appears related in spirit to CVE-2023-38198, and is an instance of CWE-73, \"External control of file name or path.\" Other ACME shell script handlers may be affected by similar issues."}],"affected":[{"source":"44488dab-36db-4358-99f9-bc116477f914","affectedData":[{"vendor":"ServerCo","product":"getssl","defaultStatus":"unaffected","repo":"https://github.com/srvrco/getssl","versions":[{"version":"0","lessThanOrEqual":"2.49","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"44488dab-36db-4358-99f9-bc116477f914","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:17:32.277126Z","id":"CVE-2026-10303","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"44488dab-36db-4358-99f9-bc116477f914","type":"Secondary","description":[{"lang":"en","value":"CWE-73"}]}],"references":[{"url":"https://github.com/srvrco/getssl/pull/896","source":"44488dab-36db-4358-99f9-bc116477f914"},{"url":"https://github.com/srvrco/getssl/releases/tag/v2.50","source":"44488dab-36db-4358-99f9-bc116477f914"},{"url":"https://remyhax.xyz/posts/reproducing-lawful-tls-wiretapping/","source":"44488dab-36db-4358-99f9-bc116477f914"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-38198","source":"44488dab-36db-4358-99f9-bc116477f914"},{"url":"https://www.runzero.com/advisories/serverco-getssl-acme-cmd-injection-cve-2026-10303/","source":"44488dab-36db-4358-99f9-bc116477f914"}]}},{"cve":{"id":"CVE-2026-22312","sourceIdentifier":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158","published":"2026-06-16T20:16:28.590","lastModified":"2026-06-17T13:20:06.023","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"The device has a webserver that exposes a REST API authenticated with a constant token. The unauthenticated API can be used by an attacker to get access to system settings, modify the configuration\nand execute some commands (e.g. system reboot)."}],"affected":[{"source":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158","affectedData":[{"vendor":"Radiflow","product":"iSAP Smart Collector","defaultStatus":"unaffected","versions":[{"version":"3.07-1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T12:18:32.031146Z","id":"CVE-2026-22312","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158","type":"Secondary","description":[{"lang":"en","value":"CWE-798"}]}],"references":[{"url":"https://www.cvcn.gov.it/cvcn/cve/CVE-2026-22312","source":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158"}]}},{"cve":{"id":"CVE-2026-22313","sourceIdentifier":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158","published":"2026-06-16T20:16:28.710","lastModified":"2026-06-17T17:16:43.687","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"The device has a webserver that exposes a REST API authenticated with a token on the management network. By exploiting an OS command injection vulnerability an authenticated attacker can send\narbitrary commands to the device that are executed with administrative permissions by the underlying operating system."}],"affected":[{"source":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158","affectedData":[{"vendor":"Radiflow","product":"iSAP Smart Collector","defaultStatus":"unaffected","versions":[{"version":"3.07-1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:03:56.405202Z","id":"CVE-2026-22313","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://www.cvcn.gov.it/cvcn/cve/CVE-2026-22313","source":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158"}]}},{"cve":{"id":"CVE-2026-48777","sourceIdentifier":"security-advisories@github.com","published":"2026-06-16T20:16:46.583","lastModified":"2026-06-17T15:16:59.297","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"FileBrowser Quantum is a free, self-hosted, web-based file manager. Versions prior to 1.3.2-stable, 1.4.0-beta and 1.4.1-beta are vulnerable to Path Traversal through the publicPatchHandler in backend/http/public.go which joins user-controlled fromPath and toPath body fields with the trusted d.share.Path BEFORE the downstream sanitizer runs. Because filepath.Join collapses .. segments during the join, the sanitizer in resourcePatchHandler never sees the traversal and the move/copy/rename operates on a path outside the shared directory. The same root-cause pattern was patched for the bulk DELETE endpoint as CVE-2026-44542 (GHSA-fwj3-42wh-8673), but the PATCH handler with the identical pattern was not updated. A public share link with AllowModify=true is sufficient to exploit this. Anyone holding such a link can move, copy, or rename arbitrary files within the share owner's source root. This issue has been fixed in versions 1.3.3-stable and 1.4.2-beta."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"gtsteffaniak","product":"filebrowser","versions":[{"version":"< 1.3.3-stable","status":"affected"},{"version":">= 1.4.0-beta, < 1.4.2-beta","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:45:43.580327Z","id":"CVE-2026-48777","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/gtsteffaniak/filebrowser/releases/tag/v1.3.3-stable","source":"security-advisories@github.com"},{"url":"https://github.com/gtsteffaniak/filebrowser/releases/tag/v1.4.2-beta","source":"security-advisories@github.com"},{"url":"https://github.com/gtsteffaniak/filebrowser/security/advisories/GHSA-qqqm-5547-774x","source":"security-advisories@github.com"},{"url":"https://github.com/gtsteffaniak/filebrowser/security/advisories/GHSA-qqqm-5547-774x","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-12348","sourceIdentifier":"59469e6c-7ea7-446f-8e43-06aa32c115e8","published":"2026-06-17T10:14:49.290","lastModified":"2026-06-17T17:16:42.497","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Address bar spoofing in Arc Search for Android allows a remote attacker to display a trusted domain in the address bar while rendering attacker-controlled content, enabling phishing."}],"affected":[{"source":"59469e6c-7ea7-446f-8e43-06aa32c115e8","affectedData":[{"vendor":"The Browser Company of New York`","product":"Arc Search","defaultStatus":"unaffected","platforms":["Android"],"versions":[{"version":"0","lessThanOrEqual":"1.12.8","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"59469e6c-7ea7-446f-8e43-06aa32c115e8","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:03:19.951325Z","id":"CVE-2026-12348","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"59469e6c-7ea7-446f-8e43-06aa32c115e8","type":"Secondary","description":[{"lang":"en","value":"CWE-1021"}]}],"references":[{"url":"https://hackerone.com/reports/3705306","source":"59469e6c-7ea7-446f-8e43-06aa32c115e8"}]}},{"cve":{"id":"CVE-2026-35261","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:40:18.383","lastModified":"2026-06-17T20:36:25.200","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentication Engine).  Supported versions that are affected are 12.2.1.4.0 and  14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Access Manager accessible data as well as  unauthorized read access to a subset of Oracle Access Manager accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"Oracle Access Manager","versions":[{"version":"12.2.1.4.0","versionType":"semver","status":"affected"},{"version":"14.1.2.1.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:32:56.900661Z","id":"CVE-2026-35261","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"20EB3430-0FF2-4668-BB20-A5611ACC73F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:access_manager:14.1.2.1.0:*:*:*:*:*:*:*","matchCriteriaId":"8CEA5A65-E47B-40B7-BD9D-6A8AF4059974"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-35269","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:40:19.130","lastModified":"2026-06-17T18:55:31.517","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices).  Supported versions that are affected are 12.2.1.4.0 and  14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Identity Manager accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"Identity Manager","versions":[{"version":"12.2.1.4.0","versionType":"semver","status":"affected"},{"version":"14.1.2.1.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:16:33.788747Z","id":"CVE-2026-35269","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:identity_manager:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"95593D6C-8396-4AF5-BA79-8DB8EDA9FC5B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:identity_manager:14.1.2.1.0:*:*:*:*:*:*:*","matchCriteriaId":"FA634664-8CC5-4017-A445-A23E205BEEC2"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-35293","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:40:21.423","lastModified":"2026-06-17T18:51:24.563","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites).   The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites.  Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Sites. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"Oracle WebCenter Sites","versions":[{"version":"14.1.2.0.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T13:22:23.298531Z","id":"CVE-2026-35293","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"174A6D2E-E42E-4C92-A194-C6A820CD7EF4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_sites:14.1.2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"D01DECAA-DFAE-4824-8C37-3E09C266CDB0"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-35294","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:40:21.540","lastModified":"2026-06-17T18:49:38.140","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware (component: Mainframe Connectors).  Supported versions that are affected are 12.2.1.4.0 and  14.1.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Identity Manager Connector.  While the vulnerability is in Identity Manager Connector, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in takeover of Identity Manager Connector. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"Identity Manager Connector","versions":[{"version":"12.2.1.4.0","versionType":"semver","status":"affected"},{"version":"14.1.2.1.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T13:21:42.672395Z","id":"CVE-2026-35294","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:identity_manager:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"95593D6C-8396-4AF5-BA79-8DB8EDA9FC5B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:identity_manager:14.1.2.1.0:*:*:*:*:*:*:*","matchCriteriaId":"FA634664-8CC5-4017-A445-A23E205BEEC2"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-35295","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:40:21.670","lastModified":"2026-06-17T18:46:54.663","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites).  Supported versions that are affected are 12.2.1.4.0 and  14.1.2.0.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites.  Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Sites. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"Oracle WebCenter Sites","versions":[{"version":"12.2.1.4.0","versionType":"semver","status":"affected"},{"version":"14.1.2.0.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T13:20:57.496451Z","id":"CVE-2026-35295","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"174A6D2E-E42E-4C92-A194-C6A820CD7EF4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_sites:14.1.2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"D01DECAA-DFAE-4824-8C37-3E09C266CDB0"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-35296","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:40:21.783","lastModified":"2026-06-17T18:45:10.323","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites).  Supported versions that are affected are 12.2.1.4.0 and  14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites.  Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Sites. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"Oracle WebCenter Sites","versions":[{"version":"12.2.1.4.0","versionType":"semver","status":"affected"},{"version":"14.1.2.0.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T13:13:38.856770Z","id":"CVE-2026-35296","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"174A6D2E-E42E-4C92-A194-C6A820CD7EF4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_sites:14.1.2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"D01DECAA-DFAE-4824-8C37-3E09C266CDB0"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-35305","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:40:22.620","lastModified":"2026-06-17T19:57:58.100","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Centralized Third Party Jars).   The supported version that is affected is 15.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Coherence.  While the vulnerability is in Oracle Coherence, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Coherence accessible data as well as  unauthorized update, insert or delete access to some of Oracle Coherence accessible data. CVSS 3.1 Base Score 9.3 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"Oracle Coherence","versions":[{"version":"15.1.1.0.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T12:52:08.667915Z","id":"CVE-2026-35305","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:coherence:15.1.1.0.0:*:*:*:*:*:*:*","matchCriteriaId":"830DFE6F-B4A1-452F-8C16-1505B869E9D6"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-35306","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:40:22.730","lastModified":"2026-06-17T19:57:33.377","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Centralized Third Party Jars).   The supported version that is affected is 15.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Coherence.  While the vulnerability is in Oracle Coherence, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Coherence accessible data as well as  unauthorized update, insert or delete access to some of Oracle Coherence accessible data. CVSS 3.1 Base Score 9.3 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"Oracle Coherence","versions":[{"version":"15.1.1.0.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:11:05.735561Z","id":"CVE-2026-35306","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:coherence:15.1.1.0.0:*:*:*:*:*:*:*","matchCriteriaId":"830DFE6F-B4A1-452F-8C16-1505B869E9D6"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-35313","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:40:23.467","lastModified":"2026-06-17T20:36:10.937","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentication Engine).  Supported versions that are affected are 12.2.1.4.0 and  14.1.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Access Manager.  While the vulnerability is in Oracle Access Manager, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in takeover of Oracle Access Manager. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"Oracle Access Manager","versions":[{"version":"12.2.1.4.0","versionType":"semver","status":"affected"},{"version":"14.1.2.1.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:44:32.534094Z","id":"CVE-2026-35313","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"20EB3430-0FF2-4668-BB20-A5611ACC73F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:access_manager:14.1.2.1.0:*:*:*:*:*:*:*","matchCriteriaId":"8CEA5A65-E47B-40B7-BD9D-6A8AF4059974"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-35314","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:40:23.573","lastModified":"2026-06-17T19:54:48.410","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Web Server Plugin).  Supported versions that are affected are 12.2.1.4.0 and  14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Access Manager accessible data as well as  unauthorized read access to a subset of Oracle Access Manager accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Access Manager. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"Oracle Access Manager","versions":[{"version":"12.2.1.4.0","versionType":"semver","status":"affected"},{"version":"14.1.2.1.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:11:04.268962Z","id":"CVE-2026-35314","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"20EB3430-0FF2-4668-BB20-A5611ACC73F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:access_manager:14.1.2.1.0:*:*:*:*:*:*:*","matchCriteriaId":"8CEA5A65-E47B-40B7-BD9D-6A8AF4059974"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-35318","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:40:23.987","lastModified":"2026-06-17T19:27:44.270","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites).  Supported versions that are affected are 12.2.1.4.0 and  14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites.  Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Sites. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"Oracle WebCenter Sites","versions":[{"version":"12.2.1.4.0","versionType":"semver","status":"affected"},{"version":"14.1.2.0.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:44:27.640945Z","id":"CVE-2026-35318","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"174A6D2E-E42E-4C92-A194-C6A820CD7EF4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_sites:14.1.2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"D01DECAA-DFAE-4824-8C37-3E09C266CDB0"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46790","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:53:56.597","lastModified":"2026-06-17T21:41:44.550","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server).   The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle WebCenter Content accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"Oracle WebCenter Content","versions":[{"version":"14.1.2.0.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:52:44.668652Z","id":"CVE-2026-46790","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_content:14.1.2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B05C4A06-4CB2-4755-8B15-5B00BD24610F"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46791","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:53:56.693","lastModified":"2026-06-17T21:39:16.927","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server).   The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle WebCenter Content accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"Oracle WebCenter Content","versions":[{"version":"14.1.2.0.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:54:40.275807Z","id":"CVE-2026-46791","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_content:14.1.2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B05C4A06-4CB2-4755-8B15-5B00BD24610F"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46792","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:53:56.800","lastModified":"2026-06-17T21:36:51.377","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware (component: Generic Unix Connector).  Supported versions that are affected are 12.2.1.4.0 and  14.1.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Identity Manager Connector.  While the vulnerability is in Identity Manager Connector, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in takeover of Identity Manager Connector. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"Identity Manager Connector","versions":[{"version":"12.2.1.4.0","versionType":"semver","status":"affected"},{"version":"14.1.2.1.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:55:03.703551Z","id":"CVE-2026-46792","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:identity_manager_connector:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"A5E50BB1-B64C-40A2-A673-1A5DB39EDA55"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:identity_manager_connector:14.1.2.1.0:*:*:*:*:*:*:*","matchCriteriaId":"6EC489EF-06DB-4306-80C4-E51EDE2BF756"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46793","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:53:56.900","lastModified":"2026-06-17T21:34:00.323","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware (component: Database User).  Supported versions that are affected are 12.2.1.4.0 and  14.1.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Identity Manager Connector.  While the vulnerability is in Identity Manager Connector, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in takeover of Identity Manager Connector. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"Identity Manager Connector","versions":[{"version":"12.2.1.4.0","versionType":"semver","status":"affected"},{"version":"14.1.2.1.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:58:06.030076Z","id":"CVE-2026-46793","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:identity_manager_connector:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"A5E50BB1-B64C-40A2-A673-1A5DB39EDA55"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:identity_manager_connector:14.1.2.1.0:*:*:*:*:*:*:*","matchCriteriaId":"6EC489EF-06DB-4306-80C4-E51EDE2BF756"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46794","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:53:57.003","lastModified":"2026-06-17T21:32:13.183","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware (component: Generic Unix Connector).  Supported versions that are affected are 12.2.1.4.0 and  14.1.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via SSH to compromise Identity Manager Connector.  While the vulnerability is in Identity Manager Connector, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in takeover of Identity Manager Connector. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"Identity Manager Connector","versions":[{"version":"12.2.1.4.0","versionType":"semver","status":"affected"},{"version":"14.1.2.1.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:58:35.397401Z","id":"CVE-2026-46794","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:identity_manager_connector:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"A5E50BB1-B64C-40A2-A673-1A5DB39EDA55"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:identity_manager_connector:14.1.2.1.0:*:*:*:*:*:*:*","matchCriteriaId":"6EC489EF-06DB-4306-80C4-E51EDE2BF756"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46796","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:53:57.210","lastModified":"2026-06-17T19:28:12.197","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites).  Supported versions that are affected are 12.2.1.4.0 and  14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Sites. CVSS 3.1 Base Score 8.0 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"Oracle WebCenter Sites","versions":[{"version":"12.2.1.4.0","versionType":"semver","status":"affected"},{"version":"14.1.2.0.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:03:25.399348Z","id":"CVE-2026-46796","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-601"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"174A6D2E-E42E-4C92-A194-C6A820CD7EF4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_sites:14.1.2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"D01DECAA-DFAE-4824-8C37-3E09C266CDB0"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46797","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:53:57.313","lastModified":"2026-06-17T19:28:08.310","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites).  Supported versions that are affected are 12.2.1.4.0 and  14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites.  Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Sites. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"Oracle WebCenter Sites","versions":[{"version":"12.2.1.4.0","versionType":"semver","status":"affected"},{"version":"14.1.2.0.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:04:14.487563Z","id":"CVE-2026-46797","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"174A6D2E-E42E-4C92-A194-C6A820CD7EF4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_sites:14.1.2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"D01DECAA-DFAE-4824-8C37-3E09C266CDB0"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46798","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:53:57.420","lastModified":"2026-06-17T19:28:04.937","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites).  Supported versions that are affected are 12.2.1.4.0 and  14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites.  While the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Sites. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"Oracle WebCenter Sites","versions":[{"version":"12.2.1.4.0","versionType":"semver","status":"affected"},{"version":"14.1.2.0.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:09:11.798530Z","id":"CVE-2026-46798","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"174A6D2E-E42E-4C92-A194-C6A820CD7EF4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_sites:14.1.2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"D01DECAA-DFAE-4824-8C37-3E09C266CDB0"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46799","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:53:57.527","lastModified":"2026-06-17T19:27:57.620","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites).  Supported versions that are affected are 12.2.1.4.0 and  14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites.  Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Sites. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"Oracle WebCenter Sites","versions":[{"version":"12.2.1.4.0","versionType":"semver","status":"affected"},{"version":"14.1.2.0.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:09:47.252972Z","id":"CVE-2026-46799","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"174A6D2E-E42E-4C92-A194-C6A820CD7EF4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_sites:14.1.2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"D01DECAA-DFAE-4824-8C37-3E09C266CDB0"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46800","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:53:57.630","lastModified":"2026-06-17T19:27:53.820","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites).  Supported versions that are affected are 12.2.1.4.0 and  14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites.  While the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Sites. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"Oracle WebCenter Sites","versions":[{"version":"12.2.1.4.0","versionType":"semver","status":"affected"},{"version":"14.1.2.0.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:10:47.459878Z","id":"CVE-2026-46800","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"174A6D2E-E42E-4C92-A194-C6A820CD7EF4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_sites:14.1.2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"D01DECAA-DFAE-4824-8C37-3E09C266CDB0"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46801","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:53:57.737","lastModified":"2026-06-17T19:27:49.153","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites).  Supported versions that are affected are 12.2.1.4.0 and  14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites.  Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Sites. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"Oracle WebCenter Sites","versions":[{"version":"12.2.1.4.0","versionType":"semver","status":"affected"},{"version":"14.1.2.0.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:14:00.529350Z","id":"CVE-2026-46801","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"174A6D2E-E42E-4C92-A194-C6A820CD7EF4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_sites:14.1.2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"D01DECAA-DFAE-4824-8C37-3E09C266CDB0"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46806","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:53:58.260","lastModified":"2026-06-17T20:35:38.417","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server).   The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle WebCenter Content.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle WebCenter Content accessible data as well as  unauthorized update, insert or delete access to some of Oracle WebCenter Content accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"Oracle WebCenter Content","versions":[{"version":"14.1.2.0.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:29:44.117916Z","id":"CVE-2026-46806","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-601"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_content:14.1.2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B05C4A06-4CB2-4755-8B15-5B00BD24610F"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46809","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:53:58.570","lastModified":"2026-06-17T21:31:31.900","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites).  Supported versions that are affected are 12.2.1.4.0 and  14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle WebCenter Sites accessible data as well as  unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"Oracle WebCenter Sites","versions":[{"version":"12.2.1.4.0","versionType":"semver","status":"affected"},{"version":"14.1.2.0.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:21:03.257445Z","id":"CVE-2026-46809","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"174A6D2E-E42E-4C92-A194-C6A820CD7EF4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_sites:14.1.2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"D01DECAA-DFAE-4824-8C37-3E09C266CDB0"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46810","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:53:58.677","lastModified":"2026-06-17T20:38:01.387","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: End User Self Service).  Supported versions that are affected are 12.2.1.4.0 and  14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Identity Manager.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Identity Manager accessible data as well as  unauthorized read access to a subset of Identity Manager accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"Identity Manager","versions":[{"version":"12.2.1.4.0","versionType":"semver","status":"affected"},{"version":"14.1.2.1.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:21:53.296423Z","id":"CVE-2026-46810","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:identity_manager:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"95593D6C-8396-4AF5-BA79-8DB8EDA9FC5B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:identity_manager:14.1.2.1.0:*:*:*:*:*:*:*","matchCriteriaId":"FA634664-8CC5-4017-A445-A23E205BEEC2"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46812","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:53:58.777","lastModified":"2026-06-17T20:37:49.057","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentication Engine).  Supported versions that are affected are 12.2.1.4.0 and  14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Access Manager, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Access Manager accessible data as well as  unauthorized read access to a subset of Oracle Access Manager accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"Oracle Access Manager","versions":[{"version":"12.2.1.4.0","versionType":"semver","status":"affected"},{"version":"14.1.2.1.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:22:29.057063Z","id":"CVE-2026-46812","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"20EB3430-0FF2-4668-BB20-A5611ACC73F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:access_manager:14.1.2.1.0:*:*:*:*:*:*:*","matchCriteriaId":"8CEA5A65-E47B-40B7-BD9D-6A8AF4059974"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46813","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:53:58.880","lastModified":"2026-06-17T20:37:31.277","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server).  Supported versions that are affected are 12.2.1.4.0 and  14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content.  Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Content. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"Oracle WebCenter Content","versions":[{"version":"12.2.1.4.0","versionType":"semver","status":"affected"},{"version":"14.1.2.0.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:23:55.916890Z","id":"CVE-2026-46813","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_content:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"FC6BB89E-DCA0-4453-A043-1987EB657451"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_content:14.1.2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B05C4A06-4CB2-4755-8B15-5B00BD24610F"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46866","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:54:04.270","lastModified":"2026-06-17T15:16:55.557","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Agent Next Gen).  Supported versions that are affected are 13.5 and  24.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Enterprise Manager Base Platform.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Manager Base Platform as well as  unauthorized update, insert or delete access to some of Oracle Enterprise Manager Base Platform accessible data. CVSS 3.1 Base Score 8.2 (Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"Oracle Enterprise Manager Base Platform","versions":[{"version":"13.5","versionType":"semver","status":"affected"},{"version":"24.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:56:19.937290Z","id":"CVE-2026-46866","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*","matchCriteriaId":"6E8758C8-87D3-450A-878B-86CE8C9FC140"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:enterprise_manager_base_platform:24.1.0.0.0:*:*:*:*:*:*:*","matchCriteriaId":"5DBBDACA-3980-40BA-8B4C-B554F37CF138"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46872","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:54:04.907","lastModified":"2026-06-17T17:17:15.893","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Install).  Supported versions that are affected are 13.5 and  24.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTPS to compromise Oracle Enterprise Manager Base Platform.  While the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Enterprise Manager Base Platform accessible data as well as  unauthorized read access to a subset of Oracle Enterprise Manager Base Platform accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 9.0 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"Oracle Enterprise Manager Base Platform","versions":[{"version":"13.5","versionType":"semver","status":"affected"},{"version":"24.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H","baseScore":9.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:10:53.652976Z","id":"CVE-2026-46872","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*","matchCriteriaId":"6E8758C8-87D3-450A-878B-86CE8C9FC140"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:enterprise_manager_base_platform:24.1.0.0.0:*:*:*:*:*:*:*","matchCriteriaId":"5DBBDACA-3980-40BA-8B4C-B554F37CF138"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46910","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:54:08.810","lastModified":"2026-06-17T22:58:41.480","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure Security).  Supported versions that are affected are 9.2.0.0-9.2.26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Tools accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 9.1 (Confidentiality and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"JD Edwards EnterpriseOne Tools","versions":[{"version":"9.2.0.0","lessThanOrEqual":"9.2.26.2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T13:55:14.614605Z","id":"CVE-2026-46910","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-284"},{"lang":"en","value":"CWE-306"},{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*","versionStartIncluding":"9.2.0.0","versionEndIncluding":"9.2.26.2","matchCriteriaId":"9C06E461-DAEE-4D7A-8F64-5ED24FE41DBC"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46912","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:54:09.020","lastModified":"2026-06-17T22:55:54.193","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime Security).  Supported versions that are affected are 9.2.0.0-9.2.26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools.  While the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Tools accessible data as well as  unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 9.3 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"JD Edwards EnterpriseOne Tools","versions":[{"version":"9.2.0.0","lessThanOrEqual":"9.2.26.2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T13:52:57.288233Z","id":"CVE-2026-46912","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-284"},{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*","versionStartIncluding":"9.2.0.0","versionEndIncluding":"9.2.26.2","matchCriteriaId":"9C06E461-DAEE-4D7A-8F64-5ED24FE41DBC"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46931","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:54:11.493","lastModified":"2026-06-17T22:52:19.833","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Enterprise Asset Management product of Oracle E-Business Suite (component: Internal Operations).  Supported versions that are affected are 12.2.6-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Asset Management.  Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Asset Management. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"Oracle Enterprise Asset Management","versions":[{"version":"12.2.6","lessThanOrEqual":"12.2.15","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:10:23.759084Z","id":"CVE-2026-46931","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:enterprise_asset_management:*:*:*:*:*:*:*:*","versionStartIncluding":"12.2.6","versionEndIncluding":"12.2.15","matchCriteriaId":"E10A821D-B808-473D-AC7F-10C63E041A3A"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46932","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:54:12.707","lastModified":"2026-06-17T17:17:04.133","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Enterprise Asset Management product of Oracle E-Business Suite (component: Internal Operations).  Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Asset Management.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Enterprise Asset Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Asset Management. CVSS 3.1 Base Score 7.1 (Confidentiality and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"Oracle Enterprise Asset Management","versions":[{"version":"12.2.3","lessThanOrEqual":"12.2.15","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:09:09.257269Z","id":"CVE-2026-46932","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:enterprise_asset_management:*:*:*:*:*:*:*:*","versionStartIncluding":"12.2.6","versionEndIncluding":"12.2.15","matchCriteriaId":"E10A821D-B808-473D-AC7F-10C63E041A3A"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46945","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:54:13.807","lastModified":"2026-06-17T20:17:16.910","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Internal Operations).  Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle iSupport.  While the vulnerability is in Oracle iSupport, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in takeover of Oracle iSupport. CVSS 3.1 Base Score 9.1 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"Oracle iSupport","versions":[{"version":"12.2.3","lessThanOrEqual":"12.2.15","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T19:25:24.971700Z","id":"CVE-2026-46945","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:isupport:*:*:*:*:*:*:*:*","versionStartIncluding":"12.2.3","versionEndExcluding":"12.2.15","matchCriteriaId":"673C8E48-58B5-45AD-973E-62FCB1C72782"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46947","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:54:14.010","lastModified":"2026-06-17T20:17:17.280","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: Internal Operations).  Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony.  Successful attacks of this vulnerability can result in takeover of Oracle Advanced Outbound Telephony. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"Oracle Advanced Outbound Telephony","versions":[{"version":"12.2.3","lessThanOrEqual":"12.2.15","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T19:31:13.193484Z","id":"CVE-2026-46947","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:*:*:*:*:*:*:*:*","versionStartIncluding":"12.2.3","versionEndIncluding":"12.2.15","matchCriteriaId":"ABF6394B-D673-4301-9A34-F38ABD7A7320"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46949","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:54:14.113","lastModified":"2026-06-17T20:17:17.653","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: Internal Operations).  Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Advanced Outbound Telephony accessible data as well as  unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"Oracle Advanced Outbound Telephony","versions":[{"version":"12.2.3","lessThanOrEqual":"12.2.15","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T19:34:07.762219Z","id":"CVE-2026-46949","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:*:*:*:*:*:*:*:*","versionStartIncluding":"12.2.3","versionEndIncluding":"12.2.15","matchCriteriaId":"ABF6394B-D673-4301-9A34-F38ABD7A7320"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46950","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:54:14.217","lastModified":"2026-06-17T20:17:18.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: Internal Operations).  Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony.  Successful attacks of this vulnerability can result in takeover of Oracle Advanced Outbound Telephony. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"Oracle Advanced Outbound Telephony","versions":[{"version":"12.2.3","lessThanOrEqual":"12.2.15","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T19:36:44.064565Z","id":"CVE-2026-46950","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:*:*:*:*:*:*:*:*","versionStartIncluding":"12.2.3","versionEndIncluding":"12.2.15","matchCriteriaId":"ABF6394B-D673-4301-9A34-F38ABD7A7320"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46971","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:54:16.187","lastModified":"2026-06-17T18:18:00.327","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle HR Intelligence product of Oracle E-Business Suite (component: Internal Operations).  Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle HR Intelligence.  Successful attacks of this vulnerability can result in takeover of Oracle HR Intelligence. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"Oracle HR Intelligence","versions":[{"version":"12.2.3","lessThanOrEqual":"12.2.15","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T17:23:29.914265Z","id":"CVE-2026-46971","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-269"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:hr_intelligence:*:*:*:*:*:*:*:*","versionStartIncluding":"12.2.3","versionEndIncluding":"12.2.15","matchCriteriaId":"60D58752-9708-4644-87E6-45D002BEC6D4"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2024-24709","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:10.807","lastModified":"2026-06-17T17:16:36.633","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in Shareaholic allows Exploiting Incorrectly Configured Access Control Security Levels.\n\nThis issue affects Shareaholic: from n/a through 9.7.11."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Shareaholic","product":"Shareaholic","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"shareaholic","versions":[{"version":"n/a","lessThanOrEqual":"9.7.11","versionType":"custom","status":"affected","changes":[{"at":"9.7.12","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:19:54.641828Z","id":"CVE-2024-24709","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/shareaholic/vulnerability/wordpress-shareaholic-plugin-9-7-11-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2024-31435","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:11.377","lastModified":"2026-06-17T14:45:15.717","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":": Missing Authorization vulnerability in Inisev Social Media & Share Icons allows Exploiting Incorrectly Configured Access Control Security Levels.\n\nThis issue affects Social Media & Share Icons: from n/a through 2.8.6."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Inisev","product":"Social Media & Share Icons","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"ultimate-social-media-icons","versions":[{"version":"n/a","lessThanOrEqual":"2.8.6","versionType":"custom","status":"affected","changes":[{"at":"2.8.7","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T12:45:26.141279Z","id":"CVE-2024-31435","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/ultimate-social-media-icons/vulnerability/wordpress-social-media-share-buttons-social-sharing-icons-plugin-2-8-6-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2024-32729","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:11.510","lastModified":"2026-06-17T17:16:37.790","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in QuantumCloud Conversational Forms for ChatBot allows Path Traversal.\n\nThis issue affects Conversational Forms for ChatBot: from n/a through 1.1.8."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"QuantumCloud","product":"Conversational Forms for ChatBot","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"conversational-forms","versions":[{"version":"n/a","lessThanOrEqual":"1.1.8","versionType":"custom","status":"affected","changes":[{"at":"1.2.0","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T13:37:29.556710Z","id":"CVE-2024-32729","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/conversational-forms/vulnerability/wordpress-chatbot-conversational-forms-plugin-1-1-8-arbitrary-file-download-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2024-32949","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:11.650","lastModified":"2026-06-17T14:45:15.717","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in Prince Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels.\n\nThis issue affects Integrate Google Drive: from n/a through 1.3.8."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Prince","product":"Integrate Google Drive","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"integrate-google-drive","versions":[{"version":"n/a","lessThanOrEqual":"1.3.8","versionType":"custom","status":"affected","changes":[{"at":"1.3.91","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T12:47:21.887048Z","id":"CVE-2024-32949","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/integrate-google-drive/vulnerability/wordpress-integrate-google-drive-plugin-1-3-8-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2024-33685","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:11.783","lastModified":"2026-06-17T15:16:34.747","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in Jegstudio Startupzy startupzy allows Exploiting Incorrectly Configured Access Control Security Levels.\n\nThis issue affects Startupzy: from n/a through 1.1.1."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Jegstudio","product":"Startupzy","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"startupzy","versions":[{"version":"n/a","lessThanOrEqual":"1.1.1","versionType":"custom","status":"affected","changes":[{"at":"1.1.2","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:38:58.750742Z","id":"CVE-2024-33685","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/startupzy/vulnerability/wordpress-startupzy-theme-1-1-1-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2024-33909","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:11.930","lastModified":"2026-06-17T14:45:15.717","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in Avirtum iPages Flipbook allows Exploiting Incorrectly Configured Access Control Security Levels.\n\nThis issue affects iPages Flipbook: from n/a through 1.5.1."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Avirtum","product":"iPages Flipbook","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"ipages-flipbook","versions":[{"version":"n/a","lessThanOrEqual":"1.5.1","versionType":"custom","status":"affected","changes":[{"at":"1.5.2","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T13:36:21.164678Z","id":"CVE-2024-33909","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/ipages-flipbook/vulnerability/wordpress-ipages-flipbook-plugin-1-5-1-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2024-34810","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:12.067","lastModified":"2026-06-17T14:45:15.717","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-Site request forgery (CSRF) vulnerability in Extend Themes Skyline WP allows Cross Site Request Forgery.\n\nThis issue affects Skyline WP: from n/a through 1.0.10."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Extend Themes","product":"Skyline WP","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"skyline-wp","versions":[{"version":"n/a","lessThanOrEqual":"1.0.10","versionType":"custom","status":"affected","changes":[{"at":"1.0.11","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T12:08:50.976279Z","id":"CVE-2024-34810","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/skyline-wp/vulnerability/wordpress-skyline-wp-theme-1-0-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2024-35648","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:12.210","lastModified":"2026-06-17T17:16:37.897","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-Site request forgery (CSRF) vulnerability in Andy Moyle Emergency Password Reset allows Cross Site Request Forgery.\n\nThis issue affects Emergency Password Reset: from n/a through 8.0."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Andy Moyle","product":"Emergency Password Reset","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"emergency-password-reset","versions":[{"version":"n/a","lessThanOrEqual":"8.0","versionType":"custom","status":"affected","changes":[{"at":"9.0","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:23:12.982322Z","id":"CVE-2024-35648","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/emergency-password-reset/vulnerability/wordpress-emergency-password-reset-plugin-8-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2024-35690","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:12.353","lastModified":"2026-06-17T14:45:15.717","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Insertion of sensitive information into sent data vulnerability in MarketingFire Widget Options allows Retrieve Embedded Sensitive Data.\n\nThis issue affects Widget Options: from n/a through 4.0.1."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"MarketingFire","product":"Widget Options","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"widget-options","versions":[{"version":"n/a","lessThanOrEqual":"4.0.1","versionType":"custom","status":"affected","changes":[{"at":"4.0.2","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T12:45:04.597054Z","id":"CVE-2024-35690","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-201"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/widget-options/vulnerability/wordpress-widget-options-plugin-4-0-1-subscriber-user-meta-data-exposure-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2024-37210","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:12.490","lastModified":"2026-06-17T17:16:38.003","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in ali2woo AliNext allows Exploiting Incorrectly Configured Access Control Security Levels.\n\nThis issue affects AliNext: from n/a through 3.3.5."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ali2woo","product":"AliNext","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"ali2woo-lite","versions":[{"version":"n/a","lessThanOrEqual":"3.3.5","versionType":"custom","status":"affected","changes":[{"at":"3.3.7","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T13:30:22.058031Z","id":"CVE-2024-37210","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/ali2woo-lite/vulnerability/wordpress-aliexpress-dropshipping-with-alinext-lite-plugin-3-3-5-broken-access-control-vulnerability-2?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2024-37496","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:12.627","lastModified":"2026-06-17T14:45:15.717","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels.\n\nThis issue affects Metro Magazine: from n/a through 1.3.7."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Rara Themes","product":"Metro Magazine","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"metro-magazine","versions":[{"version":"n/a","lessThanOrEqual":"1.3.7","versionType":"custom","status":"affected","changes":[{"at":"1.3.8","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T12:46:56.788732Z","id":"CVE-2024-37496","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/metro-magazine/vulnerability/wordpress-metro-magazine-theme-1-3-7-broken-access-control-on-notice-dismissal-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2024-49269","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:12.767","lastModified":"2026-06-17T17:16:38.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Cross Site Scripting (XSS) in my flatonica <= 0.0.8 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Mythemes","product":"my flatonica","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"my-flatonica","versions":[{"version":"n/a","lessThanOrEqual":"0.0.8","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T13:30:38.603642Z","id":"CVE-2024-49269","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/my-flatonica/vulnerability/wordpress-my-flatonica-theme-0-0-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2024-52488","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:12.913","lastModified":"2026-06-17T14:45:15.717","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Subscriber Arbitrary File Upload in Grip <= 1.0.9 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Zidithemes","product":"Grip","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"grip","versions":[{"version":"n/a","lessThanOrEqual":"1.0.9","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T12:41:52.058824Z","id":"CVE-2024-52488","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/grip/vulnerability/wordpress-grip-theme-1-0-9-arbitrary-plugin-activation-deactivation-to-rce-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-15641","sourceIdentifier":"psirt@netskope.com","published":"2026-06-17T13:19:13.070","lastModified":"2026-06-17T16:18:58.823","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Netskope was notified about a potential gap in its Netskope Client for Windows systems where a malicious insider with administrative privileges can potentially tamper with the customer IOCTL by sending crafted IOCTL requests to the driver. A successful exploit can result in the bypassing of all anti-tampering protections for the NSClient.Affected Product(s) and Version(s)\n  *  Product Name: Netskope Client\n  *  Affected Platform: Windows\n  *  Affected Version: All version below R138"}],"affected":[{"source":"psirt@netskope.com","affectedData":[{"vendor":"Netskope","product":"Netskope Client","defaultStatus":"affected","platforms":["Windows"],"versions":[{"version":"0","lessThan":"138","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"psirt@netskope.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:57:15.545870Z","id":"CVE-2025-15641","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@netskope.com","type":"Secondary","description":[{"lang":"en","value":"CWE-782"}]}],"references":[{"url":"https://www.netskope.com/resources/netskope-resources/netskope-security-advisory-nskpsa-2025-007","source":"psirt@netskope.com"}]}},{"cve":{"id":"CVE-2025-15642","sourceIdentifier":"psirt@netskope.com","published":"2026-06-17T13:19:13.230","lastModified":"2026-06-17T16:18:58.823","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Netskope is notified about a potential gap in its Netskoped Client for Windows systems where a malicious insider with admin privileges can lead to bypassing the NSClient Tamper Protections due to weak Discretionary Access Control List (DACLs) on the service object and related registry keys,.\n  *  Product Name: Netskope Client\n  *  Affected Platform: Windows\n  *  Affected Version: All version below R138"}],"affected":[{"source":"psirt@netskope.com","affectedData":[{"vendor":"Netskope","product":"Netskope Client","defaultStatus":"affected","platforms":["Windows"],"versions":[{"version":"0","lessThan":"138","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"psirt@netskope.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:54:38.423592Z","id":"CVE-2025-15642","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@netskope.com","type":"Secondary","description":[{"lang":"en","value":"CWE-276"}]}],"references":[{"url":"https://www.netskope.com/resources/netskope-resources/netskope-security-advisory-nskpsa-2025-008","source":"psirt@netskope.com"}]}},{"cve":{"id":"CVE-2025-31013","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:13.360","lastModified":"2026-06-17T15:16:35.467","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Folo allows Reflected XSS.\n\nThis issue affects Themify Folo: from n/a through 1.9.6."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Themify","product":"Themify Folo","defaultStatus":"unaffected","versions":[{"version":"n/a","lessThanOrEqual":"1.9.6","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:47:18.601070Z","id":"CVE-2025-31013","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/folo/vulnerability/wordpress-themify-folo-theme-1-9-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-48571","sourceIdentifier":"security@android.com","published":"2026-06-17T13:19:13.760","lastModified":"2026-06-17T16:55:51.190","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In multiple functions of btm_sec.cc, there is a possible way for an attacker to intercept SMS messages due to a logic error in the code. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation."}],"affected":[{"source":"security@android.com","affectedData":[{"vendor":"Google","product":"Android","defaultStatus":"unaffected","versions":[{"version":"17","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:43:28.550556Z","id":"CVE-2025-48571","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-693"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:17.0:-:*:*:*:*:*:*","matchCriteriaId":"E3D15FD9-304E-4270-81C7-C8D9024D457D"}]}]}],"references":[{"url":"https://source.android.com/docs/security/bulletin/android-17","source":"security@android.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-49403","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:14.243","lastModified":"2026-06-17T15:16:35.743","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Arbitrary File Download in Premium Age Verification / Restriction for WordPress <= 3.0.2 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"AA-Team","product":"Premium Age Verification / Restriction for WordPress","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"age-restriction","versions":[{"version":"n/a","lessThanOrEqual":"3.0.2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:24:40.812671Z","id":"CVE-2025-49403","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/age-restriction/vulnerability/wordpress-premium-age-verification-restriction-for-wordpress-plugin-3-0-2-arbitrary-file-download-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-58924","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:14.387","lastModified":"2026-06-17T14:45:15.717","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Geya <= 1.15 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX Group","product":"Geya","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"geya","versions":[{"version":"n/a","lessThanOrEqual":"1.15","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:34:28.975028Z","id":"CVE-2025-58924","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/geya/vulnerability/wordpress-geya-theme-1-15-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-58952","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:14.527","lastModified":"2026-06-17T14:45:15.717","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Neuronet < 1.14.0 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"Neuronet","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"neuronet","versions":[{"version":"n/a","lessThan":"1.14.0","versionType":"custom","status":"affected","changes":[{"at":"1.14.0","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T13:43:33.160060Z","id":"CVE-2025-58952","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/neuronet/vulnerability/wordpress-neuronet-theme-1-14-0-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-58953","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:14.653","lastModified":"2026-06-17T17:16:38.647","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Joly <= 1.22.0 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"Joly","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"joly","versions":[{"version":"n/a","lessThanOrEqual":"1.22.0","versionType":"custom","status":"affected","changes":[{"at":"1.23.0","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:23:42.610670Z","id":"CVE-2025-58953","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/joly/vulnerability/wordpress-joly-theme-1-22-0-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-58954","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:14.793","lastModified":"2026-06-17T14:45:15.717","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in HomeRoofer <= 2.11.0 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"HomeRoofer","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"homeroofer","versions":[{"version":"n/a","lessThanOrEqual":"2.11.0","versionType":"custom","status":"affected","changes":[{"at":"2.12.0","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T12:43:39.215776Z","id":"CVE-2025-58954","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/homeroofer/vulnerability/wordpress-homeroofer-theme-2-11-0-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-59560","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:14.927","lastModified":"2026-06-17T17:16:38.857","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Cross Site Scripting (XSS) in Sonaar <= 4.27.4 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"SONAAR MUSIC","product":"Sonaar","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"sonaar","versions":[{"version":"n/a","lessThanOrEqual":"4.27.4","versionType":"custom","status":"affected","changes":[{"at":"4.27.5","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T13:30:36.479613Z","id":"CVE-2025-59560","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/sonaar/vulnerability/wordpress-sonaar-theme-4-27-4-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-59563","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:15.057","lastModified":"2026-06-17T14:45:15.717","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Subscriber Privilege Escalation in Sonaar <= 4.27.4 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"SONAAR MUSIC","product":"Sonaar","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"sonaar","versions":[{"version":"n/a","lessThanOrEqual":"4.27.4","versionType":"custom","status":"affected","changes":[{"at":"4.27.5","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T12:40:18.817173Z","id":"CVE-2025-59563","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/sonaar/vulnerability/wordpress-sonaar-theme-4-27-4-privilege-escalation-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-60085","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:15.317","lastModified":"2026-06-17T14:45:15.717","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Learnify <= 1.15.0 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX Group","product":"Learnify","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"learnify","versions":[{"version":"n/a","lessThanOrEqual":"1.15.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:34:21.027449Z","id":"CVE-2025-60085","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/learnify/vulnerability/wordpress-learnify-theme-1-15-0-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-60205","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:15.457","lastModified":"2026-06-17T15:16:35.873","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated PHP Object Injection in ThemeREX Addons <= 2.36.1.1 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"ThemeREX Addons","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"trx_addons","versions":[{"version":"n/a","lessThanOrEqual":"2.36.1.1","versionType":"custom","status":"affected","changes":[{"at":"2.36.2","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:25:05.801530Z","id":"CVE-2025-60205","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/trx_addons/vulnerability/wordpress-themerex-addons-plugin-2-35-3-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-60218","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:15.583","lastModified":"2026-06-17T14:45:15.717","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Subscriber Arbitrary File Upload in PT Luxa Addons <= 1.2.2 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"WPLocker","product":"PT Luxa Addons","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"pt-luxa-addons","versions":[{"version":"n/a","lessThanOrEqual":"1.2.2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T13:41:23.200100Z","id":"CVE-2025-60218","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/pt-luxa-addons/vulnerability/wordpress-pt-luxa-addons-plugin-1-2-2-arbitrary-file-upload-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-60223","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:15.710","lastModified":"2026-06-17T17:16:39.077","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot <= 13.6.5 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"QuantumCloud","product":"WPBot Pro Wordpress Chatbot","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"wpbot-pro","versions":[{"version":"n/a","lessThanOrEqual":"13.6.5","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:25:03.757142Z","id":"CVE-2025-60223","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/wpbot-pro/vulnerability/wordpress-wpbot-pro-wordpress-chatbot-plugin-13-6-5-arbitrary-file-deletion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69103","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:16.127","lastModified":"2026-06-17T14:45:15.717","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Subscriber Arbitrary Content Deletion in Brikk <= 3.0.0 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Utillz","product":"Brikk","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"brikk","versions":[{"version":"n/a","lessThanOrEqual":"3.0.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:34:14.235105Z","id":"CVE-2025-69103","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/brikk/vulnerability/wordpress-brikk-theme-3-0-0-arbitrary-content-deletion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69104","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:16.267","lastModified":"2026-06-17T14:45:15.717","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Cross Site Scripting (XSS) in Qreatix <= 1.9.4 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"jkdevstudio","product":"Qreatix","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"qreatix","versions":[{"version":"n/a","lessThanOrEqual":"1.9.4","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:34:07.545630Z","id":"CVE-2025-69104","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/qreatix/vulnerability/wordpress-qreatix-theme-1-9-4-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69105","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:16.413","lastModified":"2026-06-17T14:45:15.717","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Modernee <= 1.6.0 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"Modernee","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"modernee","versions":[{"version":"n/a","lessThanOrEqual":"1.6.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:34:00.661917Z","id":"CVE-2025-69105","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/modernee/vulnerability/wordpress-modernee-theme-1-6-0-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69107","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:16.550","lastModified":"2026-06-17T14:45:15.717","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Rosaleen <= 2.8 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"Rosaleen","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"rosaleen","versions":[{"version":"n/a","lessThanOrEqual":"2.8","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:33:48.532656Z","id":"CVE-2025-69107","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/rosaleen/vulnerability/wordpress-rosaleen-theme-2-8-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69108","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:16.683","lastModified":"2026-06-17T14:45:15.717","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated PHP Object Injection in Hot Coffee <= 1.7 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"Hot Coffee","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"hot-coffee","versions":[{"version":"n/a","lessThanOrEqual":"1.7","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:33:39.376365Z","id":"CVE-2025-69108","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/hot-coffee/vulnerability/wordpress-hot-coffee-theme-1-7-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69109","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:16.813","lastModified":"2026-06-17T14:45:15.717","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Raider Spirit <= 1.1.2 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"Raider Spirit","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"raiderspirit","versions":[{"version":"n/a","lessThanOrEqual":"1.1.2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:33:31.523985Z","id":"CVE-2025-69109","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/raiderspirit/vulnerability/wordpress-raider-spirit-theme-1-1-2-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69110","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:16.947","lastModified":"2026-06-17T14:45:15.717","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in AirSupply <= 2.0.0 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"AirSupply","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"air-supply","versions":[{"version":"n/a","lessThanOrEqual":"2.0.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T12:42:51.761907Z","id":"CVE-2025-69110","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/air-supply/vulnerability/wordpress-airsupply-theme-2-0-0-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69112","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:17.100","lastModified":"2026-06-17T14:45:15.717","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Planty <= 1.14.0 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"Planty","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"planty","versions":[{"version":"n/a","lessThanOrEqual":"1.14.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:33:24.713285Z","id":"CVE-2025-69112","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/planty/vulnerability/wordpress-planty-theme-1-14-0-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69113","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:17.240","lastModified":"2026-06-17T14:45:15.717","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Nexio <= 1.10.0 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"Nexio","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"nexio","versions":[{"version":"n/a","lessThanOrEqual":"1.10.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:33:18.481080Z","id":"CVE-2025-69113","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/nexio/vulnerability/wordpress-nexio-theme-1-10-0-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69114","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:17.383","lastModified":"2026-06-17T14:45:15.717","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in MaxiNet <= 1.2.10 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"MaxiNet","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"maxinet","versions":[{"version":"n/a","lessThanOrEqual":"1.2.10","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:33:13.226331Z","id":"CVE-2025-69114","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/maxinet/vulnerability/wordpress-maxinet-theme-1-2-10-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69116","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:17.517","lastModified":"2026-06-17T14:45:15.717","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Iona <= 1.0.8 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"Iona","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"iona","versions":[{"version":"n/a","lessThanOrEqual":"1.0.8","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:33:02.498839Z","id":"CVE-2025-69116","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/iona/vulnerability/wordpress-iona-theme-1-0-8-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69117","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:17.647","lastModified":"2026-06-17T17:16:39.733","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Ingenioso <= 1.14.0 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"Ingenioso","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"ingenioso","versions":[{"version":"n/a","lessThanOrEqual":"1.14.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T13:36:46.272791Z","id":"CVE-2025-69117","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/ingenioso/vulnerability/wordpress-ingenioso-theme-1-14-0-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69118","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:17.783","lastModified":"2026-06-17T14:45:15.717","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in CopyPress <= 1.4.5 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"CopyPress","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"copypress","versions":[{"version":"n/a","lessThanOrEqual":"1.4.5","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:32:56.856771Z","id":"CVE-2025-69118","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/copypress/vulnerability/wordpress-copypress-theme-1-4-5-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69119","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:17.920","lastModified":"2026-06-17T14:45:15.717","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Corbesier <= 1.15.0 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"Corbesier","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"corbesier","versions":[{"version":"n/a","lessThanOrEqual":"1.15.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:32:49.788875Z","id":"CVE-2025-69119","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/corbesier/vulnerability/wordpress-corbesier-theme-1-15-0-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69121","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:18.053","lastModified":"2026-06-17T14:45:15.717","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Deliciosa <= 1.10.0 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"Deliciosa","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"deliciosa","versions":[{"version":"n/a","lessThanOrEqual":"1.10.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:32:44.001300Z","id":"CVE-2025-69121","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/deliciosa/vulnerability/wordpress-deliciosa-theme-1-10-0-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69122","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:18.190","lastModified":"2026-06-17T14:45:15.717","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated PHP Object Injection in SeaFood Company <= 1.4 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"SeaFood Company","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"seafood-company","versions":[{"version":"n/a","lessThanOrEqual":"1.4","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:32:37.358582Z","id":"CVE-2025-69122","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/seafood-company/vulnerability/wordpress-seafood-company-theme-1-4-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69124","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:18.330","lastModified":"2026-06-17T14:45:15.717","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Especio <= 1.0 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"Especio","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"especio","versions":[{"version":"n/a","lessThanOrEqual":"1.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:32:30.353335Z","id":"CVE-2025-69124","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/especio/vulnerability/wordpress-especio-theme-1-0-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69125","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:18.467","lastModified":"2026-06-17T14:45:15.717","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Food Drop <= 1.3 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"Food Drop","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"food-drop","versions":[{"version":"n/a","lessThanOrEqual":"1.3","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:32:24.221852Z","id":"CVE-2025-69125","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/food-drop/vulnerability/wordpress-food-drop-theme-1-3-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69129","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:18.620","lastModified":"2026-06-17T14:45:15.717","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Arbitrary File Upload in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site <= 1.0.7 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Extendons","product":"WordPress & WooCommerce Scraper Plugin, Import Data from Any Site","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"wp_scraper","versions":[{"version":"n/a","lessThanOrEqual":"1.0.7","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T12:39:30.874582Z","id":"CVE-2025-69129","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/wp_scraper/vulnerability/wordpress-wordpress-woocommerce-scraper-plugin-import-data-from-any-site-plugin-1-0-7-arbitrary-file-upload-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69131","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:18.767","lastModified":"2026-06-17T14:45:15.717","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Arbitrary File Download in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site <= 1.0.7 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"extendons","product":"WordPress & WooCommerce Scraper Plugin, Import Data from Any Site","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"wp_scraper","versions":[{"version":"n/a","lessThanOrEqual":"1.0.7","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:32:16.945013Z","id":"CVE-2025-69131","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/wp_scraper/vulnerability/wordpress-wordpress-woocommerce-scraper-plugin-import-data-from-any-site-plugin-1-0-7-arbitrary-file-download-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69135","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:18.903","lastModified":"2026-06-17T15:16:38.007","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Subscriber SQL Injection in Events Schedule - WordPress Events Calendar Plugin <= 2.7.2 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"CurlyThemes","product":"Events Schedule - WordPress Events Calendar Plugin","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"weekly-class","versions":[{"version":"n/a","lessThanOrEqual":"2.7.2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.1,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:25:49.757105Z","id":"CVE-2025-69135","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/weekly-class/vulnerability/wordpress-events-schedule-wordpress-events-calendar-plugin-plugin-2-7-2-sql-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69136","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:19.027","lastModified":"2026-06-17T14:45:15.717","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Wanium <= 1.9.8 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"THEMELOGI","product":"Wanium","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"wanium","versions":[{"version":"n/a","lessThanOrEqual":"1.9.8","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:32:10.132206Z","id":"CVE-2025-69136","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/wanium/vulnerability/wordpress-wanium-theme-1-9-8-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69137","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:19.163","lastModified":"2026-06-17T14:45:15.717","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Subscriber Broken Access Control in Genemy <= 1.6.6 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Jthemes","product":"Genemy","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"genemy","versions":[{"version":"n/a","lessThanOrEqual":"1.6.6","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:31:55.553987Z","id":"CVE-2025-69137","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/genemy/vulnerability/wordpress-genemy-theme-1-6-6-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69138","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:19.293","lastModified":"2026-06-17T14:45:15.717","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Subscriber Privilege Escalation in Genemy <= 1.6.6 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Jthemes","product":"Genemy","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"genemy","versions":[{"version":"n/a","lessThanOrEqual":"1.6.6","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T13:39:43.577693Z","id":"CVE-2025-69138","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/genemy/vulnerability/wordpress-genemy-theme-1-6-6-privilege-escalation-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69139","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:19.423","lastModified":"2026-06-17T14:45:15.717","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Arbitrary File Deletion in Car Zone <= 3.7 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"AivahThemes","product":"Car Zone","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"carzone","versions":[{"version":"n/a","lessThanOrEqual":"3.7","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:31:50.771121Z","id":"CVE-2025-69139","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/carzone/vulnerability/wordpress-car-zone-theme-3-7-arbitrary-file-deletion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69141","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:19.560","lastModified":"2026-06-17T14:45:15.717","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Kelly Young <= 1.1.0 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"Kelly Young","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"kelly-young","versions":[{"version":"n/a","lessThanOrEqual":"1.1.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:31:44.174144Z","id":"CVE-2025-69141","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/kelly-young/vulnerability/wordpress-kelly-young-theme-1-1-0-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69142","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:19.710","lastModified":"2026-06-17T14:45:15.717","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Abelle <= 1.22 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"Abelle","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"abelle","versions":[{"version":"n/a","lessThanOrEqual":"1.22","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:31:38.336658Z","id":"CVE-2025-69142","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/abelle/vulnerability/wordpress-abelle-theme-1-22-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69143","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:19.843","lastModified":"2026-06-17T14:45:15.717","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Mission <= 1.22 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"Mission","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"mission","versions":[{"version":"n/a","lessThanOrEqual":"1.22","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:31:32.070012Z","id":"CVE-2025-69143","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/mission/vulnerability/wordpress-mission-theme-1-22-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69145","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:19.973","lastModified":"2026-06-17T17:16:40.047","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Gat <= 1.16 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"Gat","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"gat","versions":[{"version":"n/a","lessThanOrEqual":"1.16","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:22:04.987656Z","id":"CVE-2025-69145","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/gat/vulnerability/wordpress-gat-theme-1-16-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69146","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:20.097","lastModified":"2026-06-17T14:45:15.717","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Dom <= 1.24 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"Dom","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"dom","versions":[{"version":"n/a","lessThanOrEqual":"1.24","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:31:23.807665Z","id":"CVE-2025-69146","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/dom/vulnerability/wordpress-dom-theme-1-24-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69147","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:20.237","lastModified":"2026-06-17T14:45:15.717","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Putter <= 1.17 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"Putter","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"putter","versions":[{"version":"n/a","lessThanOrEqual":"1.17","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:31:18.195090Z","id":"CVE-2025-69147","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/putter/vulnerability/wordpress-putter-theme-1-17-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69148","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:20.437","lastModified":"2026-06-17T14:45:15.717","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Quirky <= 1.23 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"Quirky","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"quirky","versions":[{"version":"n/a","lessThanOrEqual":"1.23","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T12:41:30.892374Z","id":"CVE-2025-69148","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/quirky/vulnerability/wordpress-quirky-theme-1-23-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69149","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:20.750","lastModified":"2026-06-17T14:45:15.717","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Top Dog <= 1.0.5 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"Top Dog","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"top-dog","versions":[{"version":"n/a","lessThanOrEqual":"1.0.5","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:31:11.621610Z","id":"CVE-2025-69149","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/top-dog/vulnerability/wordpress-top-dog-theme-1-0-5-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69150","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:21.030","lastModified":"2026-06-17T14:45:15.717","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Medeus <= 1.14 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"Medeus","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"medeus","versions":[{"version":"n/a","lessThanOrEqual":"1.14","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:31:05.464677Z","id":"CVE-2025-69150","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/medeus/vulnerability/wordpress-medeus-theme-1-14-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69151","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:23.097","lastModified":"2026-06-17T14:45:15.717","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Cross Site Scripting (XSS) in Grand Car Rental <= 3.7 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeGoods","product":"Grand Car Rental","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"grandcarrental","versions":[{"version":"n/a","lessThanOrEqual":"3.7","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:30:59.721699Z","id":"CVE-2025-69151","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/grandcarrental/vulnerability/wordpress-grand-car-rental-theme-3-7-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69159","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:23.247","lastModified":"2026-06-17T14:45:15.717","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Printo <= 1.11 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"Printo","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"printo","versions":[{"version":"n/a","lessThanOrEqual":"1.11","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:30:56.467108Z","id":"CVE-2025-69159","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/printo/vulnerability/wordpress-printo-theme-1-11-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69160","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:23.407","lastModified":"2026-06-17T14:45:15.717","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Gita <= 1.11 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"Gita","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"gita","versions":[{"version":"n/a","lessThanOrEqual":"1.11","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:30:50.614139Z","id":"CVE-2025-69160","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/gita/vulnerability/wordpress-gita-theme-1-11-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69161","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:23.570","lastModified":"2026-06-17T17:16:40.267","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Snowy <= 1.13 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"Snowy","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"snowy","versions":[{"version":"n/a","lessThanOrEqual":"1.13","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T13:36:44.053203Z","id":"CVE-2025-69161","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/snowy/vulnerability/wordpress-snowy-theme-1-13-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69162","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:23.757","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Grecko <= 5.17 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"Grecko","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"grecko","versions":[{"version":"n/a","lessThanOrEqual":"5.17","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:30:44.782216Z","id":"CVE-2025-69162","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/grecko/vulnerability/wordpress-grecko-theme-5-17-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69163","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:24.013","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in WineShop <= 3.17 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"WineShop","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"wineshop","versions":[{"version":"n/a","lessThanOrEqual":"3.17","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:30:38.944558Z","id":"CVE-2025-69163","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/wineshop/vulnerability/wordpress-wineshop-theme-3-17-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69165","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:24.173","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Choreo <= 1.6 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"Choreo","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"choreo","versions":[{"version":"n/a","lessThanOrEqual":"1.6","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:30:33.302337Z","id":"CVE-2025-69165","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/choreo/vulnerability/wordpress-choreo-theme-1-6-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69167","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:24.337","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Eros <= 1.3 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"Eros","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"eros","versions":[{"version":"n/a","lessThanOrEqual":"1.3","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:30:17.466149Z","id":"CVE-2025-69167","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/eros/vulnerability/wordpress-eros-theme-1-3-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69168","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:24.470","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Spike <= 1.2 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"Spike","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"spike","versions":[{"version":"n/a","lessThanOrEqual":"1.2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:30:23.194001Z","id":"CVE-2025-69168","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/spike/vulnerability/wordpress-spike-theme-1-2-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69171","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:24.610","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Orpheus <= 1.3 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"Orpheus","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"orpheus","versions":[{"version":"n/a","lessThanOrEqual":"1.3","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T12:37:20.430944Z","id":"CVE-2025-69171","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/orpheus/vulnerability/wordpress-orpheus-theme-1-3-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69172","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:24.743","lastModified":"2026-06-17T15:16:39.640","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Resurs <= 1.3 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"Resurs","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"resurs","versions":[{"version":"n/a","lessThanOrEqual":"1.3","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:26:18.444533Z","id":"CVE-2025-69172","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/resurs/vulnerability/wordpress-resurs-theme-1-3-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69173","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:24.870","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Tipsy <= 1.1 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"Tipsy","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"tipsy","versions":[{"version":"n/a","lessThanOrEqual":"1.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T13:38:14.932978Z","id":"CVE-2025-69173","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/tipsy/vulnerability/wordpress-tipsy-theme-1-1-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69176","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:25.003","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in ITactics <= 1.0 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"ITactics","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"itactics","versions":[{"version":"n/a","lessThanOrEqual":"1.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:30:04.774326Z","id":"CVE-2025-69176","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/itactics/vulnerability/wordpress-itactics-theme-1-0-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69177","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:25.133","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Roneous <= 2.1.5 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"THEMELOGI","product":"Roneous","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"roneous","versions":[{"version":"n/a","lessThanOrEqual":"2.1.5","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:29:55.830714Z","id":"CVE-2025-69177","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/roneous/vulnerability/wordpress-roneous-theme-2-1-5-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69178","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:25.267","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Truemag <= 4.3.14.2 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"CactusThemes","product":"Truemag","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"truemag","versions":[{"version":"n/a","lessThanOrEqual":"4.3.14.2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:29:50.304987Z","id":"CVE-2025-69178","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/truemag/vulnerability/wordpress-truemag-theme-4-3-14-2-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69179","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:25.407","lastModified":"2026-06-17T17:16:40.480","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Privilege Escalation in Support Ticket Management System <= 1.9 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Theme passion","product":"Support Ticket Management System","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"support_ticket","versions":[{"version":"n/a","lessThanOrEqual":"1.9","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:21:48.499429Z","id":"CVE-2025-69179","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/support_ticket/vulnerability/wordpress-support-ticket-management-system-plugin-1-9-privilege-escalation-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-0057","sourceIdentifier":"security@android.com","published":"2026-06-17T13:19:25.657","lastModified":"2026-06-17T16:45:58.307","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In Contacts Provider, there is a possible way to access an incoming call's phone number and associated metadata due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."}],"affected":[{"source":"security@android.com","affectedData":[{"vendor":"Google","product":"Android","defaultStatus":"unaffected","versions":[{"version":"17","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T13:34:58.646744Z","id":"CVE-2026-0057","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:17.0:-:*:*:*:*:*:*","matchCriteriaId":"E3D15FD9-304E-4270-81C7-C8D9024D457D"}]}]}],"references":[{"url":"https://source.android.com/docs/security/bulletin/android-17","source":"security@android.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-0064","sourceIdentifier":"security@android.com","published":"2026-06-17T13:19:25.947","lastModified":"2026-06-17T16:49:41.550","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In multiple places, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation."}],"affected":[{"source":"security@android.com","affectedData":[{"vendor":"Google","product":"Android","defaultStatus":"unaffected","versions":[{"version":"17","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@android.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:01:06.032562Z","id":"CVE-2026-0064","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:17.0:-:*:*:*:*:*:*","matchCriteriaId":"E3D15FD9-304E-4270-81C7-C8D9024D457D"}]}]}],"references":[{"url":"https://source.android.com/docs/security/bulletin/android-17","source":"security@android.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-10094","sourceIdentifier":"3DS.Information-Security@3ds.com","published":"2026-06-17T13:19:32.123","lastModified":"2026-06-17T16:22:46.753","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A Path Traversal vulnerability affecting SOLIDWORKS Visualize from SOLIDWORKS Desktop Release 2024 through SOLIDWORKS Desktop Release 2026 could allow an attacker to write arbitrary files on the server."}],"affected":[{"source":"3DS.Information-Security@3ds.com","affectedData":[{"vendor":"Dassault Systèmes","product":"SOLIDWORKS Visualize","defaultStatus":"unaffected","versions":[{"version":"SOLIDWORKS Desktop Release 2024 SP0","lessThanOrEqual":"SOLIDWORKS Desktop Release 2024 SP5","versionType":"custom","status":"affected"},{"version":"SOLIDWORKS Desktop Release 2025 SP0","lessThanOrEqual":"SOLIDWORKS DesktopRelease 2025 SP5","versionType":"custom","status":"affected"},{"version":"SOLIDWORKS Desktop Release 2026 SP0","lessThanOrEqual":"SOLIDWORKS Desktop Release 2026 SP2.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"3DS.Information-Security@3ds.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T13:51:10.450016Z","id":"CVE-2026-10094","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"3DS.Information-Security@3ds.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://www.3ds.com/trust-center/security/security-advisories/cve-2026-10094","source":"3DS.Information-Security@3ds.com"}]}},{"cve":{"id":"CVE-2026-10836","sourceIdentifier":"cve-coordination@incibe.es","published":"2026-06-17T13:19:32.507","lastModified":"2026-06-17T16:18:00.113","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper handling of HTTP headers that allows a remote attacker to manipulate the value of the Host header using specially crafted requests. A successful exploit could result in the generation of manipulated links or responses, potentially leading to limited information disclosure or compromising the integrity of dependent services."}],"affected":[{"source":"cve-coordination@incibe.es","affectedData":[{"vendor":"Password Manager","product":"Password Manager","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"08/07/2025","versionType":"date","status":"affected"},{"version":"08/07/2025","versionType":"date","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cve-coordination@incibe.es","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:58:47.703092Z","id":"CVE-2026-10836","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve-coordination@incibe.es","type":"Secondary","description":[{"lang":"en","value":"CWE-644"}]}],"references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-password-manager","source":"cve-coordination@incibe.es"}]}},{"cve":{"id":"CVE-2026-10837","sourceIdentifier":"cve-coordination@incibe.es","published":"2026-06-17T13:19:32.693","lastModified":"2026-06-17T16:18:00.113","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Open redirection vulnerability due to insufficient validation of the X-Forwarded-Host HTTP header. An attacker could create manipulated links that, when opened by a victim, cause the victim to be redirected to domains controlled by the attacker, enabling phishing or deception attacks with limited impact on confidentiality and integrity."}],"affected":[{"source":"cve-coordination@incibe.es","affectedData":[{"vendor":"Password Manager","product":"Password Manager","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"08/07/2025","versionType":"date","status":"affected"},{"version":"08/07/2025","versionType":"date","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cve-coordination@incibe.es","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:58:11.611214Z","id":"CVE-2026-10837","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve-coordination@incibe.es","type":"Secondary","description":[{"lang":"en","value":"CWE-601"}]}],"references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-password-manager","source":"cve-coordination@incibe.es"}]}},{"cve":{"id":"CVE-2026-10839","sourceIdentifier":"cve-coordination@incibe.es","published":"2026-06-17T13:19:33.033","lastModified":"2026-06-17T16:18:00.113","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Open redirection vulnerability in the authentication system allows an attacker to use manipulated values in the X-Forwarded-Host header to alter the URLs generated by the application. A successful exploit could redirect authenticated users to malicious sites following login procedures or interaction with the interface, resulting in limited impact on confidentiality and integrity."}],"affected":[{"source":"cve-coordination@incibe.es","affectedData":[{"vendor":"Password Manager","product":"Password Manager","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"08/07/2025","versionType":"date","status":"affected"},{"version":"08/07/2025","versionType":"date","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cve-coordination@incibe.es","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:57:30.908194Z","id":"CVE-2026-10839","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve-coordination@incibe.es","type":"Secondary","description":[{"lang":"en","value":"CWE-601"}]}],"references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-password-manager","source":"cve-coordination@incibe.es"}]}},{"cve":{"id":"CVE-2026-11857","sourceIdentifier":"551230f0-3615-47bd-b7cc-93e92e730bbf","published":"2026-06-17T13:19:33.650","lastModified":"2026-06-17T16:21:32.403","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Quanos SCHEMA ST4 on-premises contains a local privilege escalation vulnerability in the Client Update Service due to insecure deserialization in the .NET Remoting service. The service is configured with TypeFilterLevel.Full and is bound to local interfaces only through named pipes. A local authenticated attacker can connect to the local named pipe, obtain the .NET Remoting endpoint, and send specially crafted serialized objects. Successful exploitation results in arbitrary code execution in the context of the update process with NT AUTHORITY\\SYSTEM privileges. Network-only exploitation is not possible and local host access with an authenticated user session is required."}],"affected":[{"source":"551230f0-3615-47bd-b7cc-93e92e730bbf","affectedData":[{"vendor":"Quanos Solutions GmbH","product":"SCHEMA ST4","defaultStatus":"affected","versions":[{"version":"SCHEMA ST4 on-premises, all versions","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"551230f0-3615-47bd-b7cc-93e92e730bbf","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:56:39.718410Z","id":"CVE-2026-11857","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"551230f0-3615-47bd-b7cc-93e92e730bbf","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://r.sec-consult.com/quanos","source":"551230f0-3615-47bd-b7cc-93e92e730bbf"}]}},{"cve":{"id":"CVE-2026-11858","sourceIdentifier":"551230f0-3615-47bd-b7cc-93e92e730bbf","published":"2026-06-17T13:19:33.807","lastModified":"2026-06-17T16:21:32.403","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Quanos SCHEMA ST4 on-premises contains a local privilege escalation vulnerability in the Client Update Service. The update service runs as NT AUTHORITY\\SYSTEM and exposes a .NET Remoting interface over a named pipe without sufficient access controls or authorization. A local authenticated low-privileged user can connect to the interface and invoke privileged update methods such as Update(). This allows arbitrary file write and delete operations with SYSTEM privileges and can be used to achieve local privilege escalation."}],"affected":[{"source":"551230f0-3615-47bd-b7cc-93e92e730bbf","affectedData":[{"vendor":"Quanos Solutions GmbH","product":"SCHEMA ST4","defaultStatus":"affected","versions":[{"version":"SCHEMA ST4 on-premises, all versions","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"551230f0-3615-47bd-b7cc-93e92e730bbf","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:56:14.233126Z","id":"CVE-2026-11858","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"551230f0-3615-47bd-b7cc-93e92e730bbf","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://r.sec-consult.com/quanos","source":"551230f0-3615-47bd-b7cc-93e92e730bbf"}]}},{"cve":{"id":"CVE-2026-11975","sourceIdentifier":"596c5446-0ce5-4ba2-aa66-48b3b757a647","published":"2026-06-17T13:19:33.940","lastModified":"2026-06-17T17:16:41.917","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Stored cross-site scripting (XSS) in NewsItemApiController In SimplCommerce prior to commit 6142d3b5 allows an authenticated administrator to execute arbitrary JavaScript via the ShortContent and FullContent fields, which are stored without HTML sanitization and rendered unencoded via @Html.Raw()"}],"affected":[{"source":"596c5446-0ce5-4ba2-aa66-48b3b757a647","affectedData":[{"vendor":"simplcommerce","product":"SimplCommerce","defaultStatus":"affected","repo":"https://github.com/simplcommerce/SimplCommerce","versions":[{"version":"0","lessThan":"6142d3b5","versionType":"git","status":"affected","changes":[{"at":"6142d3b5","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV40":[{"source":"596c5446-0ce5-4ba2-aa66-48b3b757a647","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:03:11.260904Z","id":"CVE-2026-11975","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"596c5446-0ce5-4ba2-aa66-48b3b757a647","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/simplcommerce/SimplCommerce/commit/6142d3b5147899e0edb41663ae20183878ab39f7","source":"596c5446-0ce5-4ba2-aa66-48b3b757a647"},{"url":"https://github.com/simplcommerce/SimplCommerce/pull/1151","source":"596c5446-0ce5-4ba2-aa66-48b3b757a647"}]}},{"cve":{"id":"CVE-2026-12115","sourceIdentifier":"security@wordfence.com","published":"2026-06-17T13:19:57.273","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Counter Box – Add Countdowns, Timers & Dynamic Counters to WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.13 via deserialization of untrusted input . This makes it possible for authenticated attackers, with administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. Deserialization is triggered automatically upon the post-import redirect that renders the list table, and again when any item is opened for editing, requiring no additional navigation beyond the import action itself."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"wpcalc","product":"Counter Box – Add Countdowns, Timers & Dynamic Counters to WordPress","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.0.13","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.7,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:36:27.607909Z","id":"CVE-2026-12115","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/counter-box/tags/2.0.13/classes/Admin/DBManager.php#L168","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/counter-box/tags/2.0.13/classes/Admin/ImporterExporter.php#L101","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/counter-box/tags/2.0.13/classes/Admin/ListTable.php#L53","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/counter-box/tags/2.0.13/classes/Admin/Settings.php#L155","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3570995%40counter-box&new=3570995%40counter-box&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3498c871-9404-4d12-9609-16fecf218b30?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-12165","sourceIdentifier":"security@wordfence.com","published":"2026-06-17T13:19:57.433","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 30.0.2 via the `RegistryUserRole` parameter. This is due to the plugin's admin menu being registered at the `edit_posts` capability level — granting Contributor-level users access to the plugin's admin pages and a valid `cg_admin` nonce — while the option-saving handler in `change-options-and-sizes.php` performs no `current_user_can()` capability check beyond `check_admin_referer('cg_admin')`, and the `RegistryUserRole` value is processed only through `sanitize_text_field()` and `htmlentities()` without restriction to an allowlist of permitted role names. This makes it possible for authenticated attackers, with author-level access and above, to overwrite the plugin's stored `RegistryUserRole` option with `administrator`, which the `cg_create_wp_user_from_google_user` function then reads back from the `contest_gal1ery_registry_and_login_options` database table without any allowlist validation and passes directly to `wp_update_user()`, effectively promoting a newly registered Google sign-in account to Administrator."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"contest-gallery","product":"Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"30.0.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:38:33.394545Z","id":"CVE-2026-12165","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-269"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/contest-gallery/tags/30.0.2/functions/google/cg-create-wp-user-from-google-user.php#L169","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/contest-gallery/tags/30.0.2/index.php#L407","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/contest-gallery/tags/30.0.2/v10/v10-admin/options/change-options-and-sizes.php#L1242","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/contest-gallery/tags/30.0.2/v10/v10-admin/options/change-options-and-sizes.php#L16","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3571733%40contest-gallery&new=3571733%40contest-gallery&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/69b909da-b1b0-4dab-916c-908511f6556f?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-12199","sourceIdentifier":"security@huntr.dev","published":"2026-06-17T13:19:57.573","lastModified":"2026-06-17T16:30:42.680","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in `nltk.app.wordnet_app` up to version 3.9.3 allows unauthenticated remote shutdown of the local WordNet Browser HTTP server when started in its default mode. The server listens on all interfaces and processes a specific unauthenticated GET request (`/SHUTDOWN%20THE%20SERVER`) to terminate the process immediately via `os._exit(0)`. This results in a denial of service, impacting service availability. The issue arises due to insufficient authentication and protection mechanisms for critical server functions."}],"affected":[{"source":"security@huntr.dev","affectedData":[{"vendor":"nltk","product":"nltk/nltk","versions":[{"version":"unspecified","lessThanOrEqual":"latest","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:20:50.833183Z","id":"CVE-2026-12199","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://huntr.com/bounties/cee4ca6a-d17f-4746-abad-c68119633d37","source":"security@huntr.dev"},{"url":"https://huntr.com/bounties/cee4ca6a-d17f-4746-abad-c68119633d37","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-12256","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:19:57.723","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Contributor PHP Object Injection in Avada <= 3.15.3 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeFusion","product":"Avada","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"avada","versions":[{"version":"n/a","lessThanOrEqual":"3.15.3","versionType":"custom","status":"affected","changes":[{"at":"3.15.4","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:29:03.591684Z","id":"CVE-2026-12256","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/avada/vulnerability/wordpress-avada-theme-3-15-3-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-12360","sourceIdentifier":"security@wordfence.com","published":"2026-06-17T13:19:58.577","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The JetEngine plugin for WordPress is vulnerable to SQL injection in all versions up to and including 3.8.10.1. The listing_load_more AJAX handler accepts a filtered_query parameter that is intentionally excluded from the HMAC query signature check to support front-end filter integration. However, meta_query row values within filtered_query are not sanitized before being merged into SQL construction. This makes it possible for unauthenticated attackers to perform time-based or boolean blind SQL injection by appending a malicious meta_query value to a Load More AJAX request captured from any public Listing Grid page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"Crocoblock","product":"JetEngine","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.8.10.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:38:03.881321Z","id":"CVE-2026-12360","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://crocoblock.com/changelog/?plugin=jet-engine","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/jet-engine/trunk/includes/components/listings/ajax-handlers.php#L195","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/jet-engine/trunk/includes/components/listings/ajax-handlers.php#L256","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/jet-engine/trunk/includes/components/listings/ajax-handlers.php#L328","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/jet-engine/trunk/includes/components/query-builder/queries/traits/meta-query.php#L98","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/fd839b20-69d1-4cad-80fc-3e7b9940fd30?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-12450","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-06-17T13:20:00.383","lastModified":"2026-06-17T15:21:40.850","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Inappropriate implementation in Media in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)"}],"affected":[{"source":"chrome-cve-admin@google.com","affectedData":[{"vendor":"Google","product":"Chrome","versions":[{"version":"149.0.7827.155","lessThan":"149.0.7827.155","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:52:26.453972Z","id":"CVE-2026-12450","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"149.0.7827.155","matchCriteriaId":"AB45CEFD-10D5-4278-B9AA-FA37CC450864"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01750511403.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/514531776","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-12453","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-06-17T13:20:00.793","lastModified":"2026-06-17T15:21:33.707","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Insufficient validation of untrusted input in Input in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)"}],"affected":[{"source":"chrome-cve-admin@google.com","affectedData":[{"vendor":"Google","product":"Chrome","versions":[{"version":"149.0.7827.155","lessThan":"149.0.7827.155","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:55:57.685550Z","id":"CVE-2026-12453","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"149.0.7827.155","matchCriteriaId":"AB45CEFD-10D5-4278-B9AA-FA37CC450864"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01750511403.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/516448843","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-12456","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-06-17T13:20:01.197","lastModified":"2026-06-17T15:20:56.320","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.155 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension. (Chromium security severity: High)"}],"affected":[{"source":"chrome-cve-admin@google.com","affectedData":[{"vendor":"Google","product":"Chrome","versions":[{"version":"149.0.7827.155","lessThan":"149.0.7827.155","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:56:36.691920Z","id":"CVE-2026-12456","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"149.0.7827.155","matchCriteriaId":"AB45CEFD-10D5-4278-B9AA-FA37CC450864"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01750511403.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/517124587","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-12457","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-06-17T13:20:02.417","lastModified":"2026-06-17T15:20:51.873","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)"}],"affected":[{"source":"chrome-cve-admin@google.com","affectedData":[{"vendor":"Google","product":"Chrome","versions":[{"version":"149.0.7827.155","lessThan":"149.0.7827.155","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T13:14:28.473162Z","id":"CVE-2026-12457","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-693"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"149.0.7827.155","matchCriteriaId":"AB45CEFD-10D5-4278-B9AA-FA37CC450864"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01750511403.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/517153117","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-12458","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-06-17T13:20:02.560","lastModified":"2026-06-17T15:20:47.327","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)"}],"affected":[{"source":"chrome-cve-admin@google.com","affectedData":[{"vendor":"Google","product":"Chrome","versions":[{"version":"149.0.7827.155","lessThan":"149.0.7827.155","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:49:44.373800Z","id":"CVE-2026-12458","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-451"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"149.0.7827.155","matchCriteriaId":"AB45CEFD-10D5-4278-B9AA-FA37CC450864"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01750511403.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/517258337","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-12459","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-06-17T13:20:02.857","lastModified":"2026-06-17T15:20:43.163","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Inappropriate implementation in Serial in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High)"}],"affected":[{"source":"chrome-cve-admin@google.com","affectedData":[{"vendor":"Google","product":"Chrome","versions":[{"version":"149.0.7827.155","lessThan":"149.0.7827.155","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:57:17.692471Z","id":"CVE-2026-12459","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"149.0.7827.155","matchCriteriaId":"AB45CEFD-10D5-4278-B9AA-FA37CC450864"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01750511403.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/517406035","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-12460","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-06-17T13:20:03.030","lastModified":"2026-06-17T15:19:16.583","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Insufficient policy enforcement in File System Access in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted PDF file. (Chromium security severity: High)"}],"affected":[{"source":"chrome-cve-admin@google.com","affectedData":[{"vendor":"Google","product":"Chrome","versions":[{"version":"149.0.7827.155","lessThan":"149.0.7827.155","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T13:15:41.644365Z","id":"CVE-2026-12460","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"149.0.7827.155","matchCriteriaId":"AB45CEFD-10D5-4278-B9AA-FA37CC450864"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01750511403.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/517484284","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-22325","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:06.133","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Promo <= 1.3.0 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"AxiomThemes","product":"Promo","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"promo","versions":[{"version":"n/a","lessThanOrEqual":"1.3.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T12:41:03.310766Z","id":"CVE-2026-22325","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/promo/vulnerability/wordpress-promo-theme-1-3-0-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-22326","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:06.263","lastModified":"2026-06-17T17:16:43.797","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Reprizo <= 1.0.8 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"AxiomThemes","product":"Reprizo","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"reprizo","versions":[{"version":"n/a","lessThanOrEqual":"1.0.8","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T13:36:41.503891Z","id":"CVE-2026-22326","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/reprizo/vulnerability/wordpress-reprizo-theme-1-0-8-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-22327","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:06.417","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Subscriber Arbitrary File Upload in Restaurt <= 1.0.4 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Zozothemes","product":"Restaurt","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"restaurt","versions":[{"version":"n/a","lessThanOrEqual":"1.0.4","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T12:36:40.974761Z","id":"CVE-2026-22327","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/restaurt/vulnerability/wordpress-restaurt-theme-1-0-4-arbitrary-file-upload-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-22328","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:06.593","lastModified":"2026-06-17T15:16:44.673","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Cross Site Scripting (XSS) in Auto Repair <= 22.6 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"VamTam","product":"Auto Repair","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"auto-repair","versions":[{"version":"n/a","lessThanOrEqual":"22.6","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:24:11.738700Z","id":"CVE-2026-22328","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/auto-repair/vulnerability/wordpress-auto-repair-theme-22-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-22329","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:06.903","lastModified":"2026-06-17T17:16:43.900","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Cross Site Scripting (XSS) in Skillate <= 1.2.10 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Themeum","product":"Skillate","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"skillate","versions":[{"version":"n/a","lessThanOrEqual":"1.2.10","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:21:40.727677Z","id":"CVE-2026-22329","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/skillate/vulnerability/wordpress-skillate-theme-1-2-10-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-22330","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:07.807","lastModified":"2026-06-17T17:16:44.007","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Right Way <= 4.0 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Themeum","product":"Right Way","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"rightway","versions":[{"version":"n/a","lessThanOrEqual":"4.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:21:57.920953Z","id":"CVE-2026-22330","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/rightway/vulnerability/wordpress-right-way-theme-4-0-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-22331","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:07.940","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in AutoParts <= 1.5.8 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"AutoParts","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"autoparts","versions":[{"version":"n/a","lessThanOrEqual":"1.5.8","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T12:40:15.351532Z","id":"CVE-2026-22331","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/autoparts/vulnerability/wordpress-autoparts-theme-1-5-8-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-22332","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:08.067","lastModified":"2026-06-17T17:16:44.110","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated SQL Injection in Tutor LMS Pro <= 3.9.6 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Themeum","product":"Tutor LMS Pro","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"tutor-pro","versions":[{"version":"n/a","lessThanOrEqual":"3.9.6","versionType":"custom","status":"affected","changes":[{"at":"3.9.7","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T13:37:33.536941Z","id":"CVE-2026-22332","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/tutor-pro/vulnerability/wordpress-tutor-lms-pro-plugin-3-8-3-sql-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-22334","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:08.200","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Subscriber Arbitrary File Download in Woocommerce Book Price <= 1.3 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"WPos","product":"Woocommerce Book Price","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"woo-book-price","versions":[{"version":"n/a","lessThanOrEqual":"1.3","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T12:34:10.179226Z","id":"CVE-2026-22334","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/woo-book-price/vulnerability/wordpress-woocommerce-book-price-plugin-1-3-arbitrary-file-download-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-22335","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:08.360","lastModified":"2026-06-17T15:16:44.803","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Subscriber SQL Injection in WooCommerce Frontend Manager – Ultimate < 6.7.7 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"WC Lovers.","product":"WooCommerce Frontend Manager – Ultimate","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"wc-frontend-manager-ultimate","versions":[{"version":"n/a","lessThan":"6.7.7","versionType":"custom","status":"affected","changes":[{"at":"6.7.7","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.1,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:27:39.401084Z","id":"CVE-2026-22335","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/wc-frontend-manager-ultimate/vulnerability/wordpress-woocommerce-frontend-manager-ultimate-plugin-6-7-6-sql-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-22338","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:08.490","lastModified":"2026-06-17T17:16:44.217","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in EcoBlue <= 1.15 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"EcoBlue","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"ecoblue","versions":[{"version":"n/a","lessThanOrEqual":"1.15","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:21:37.484726Z","id":"CVE-2026-22338","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/ecoblue/vulnerability/wordpress-ecoblue-theme-1-15-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-22339","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:08.720","lastModified":"2026-06-17T17:16:44.317","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Cross Site Scripting (XSS) in WPJobster <= 6.3.5 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Jobster Marketplace","product":"WPJobster","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"wpjobster","versions":[{"version":"n/a","lessThanOrEqual":"6.3.5","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:21:31.350557Z","id":"CVE-2026-22339","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/wpjobster/vulnerability/wordpress-wpjobster-theme-6-3-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-22340","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:08.863","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated SQL Injection in WPJobster <= 6.3.5 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Jobster Marketplace","product":"WPJobster","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"wpjobster","versions":[{"version":"n/a","lessThanOrEqual":"6.3.5","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T12:38:12.778755Z","id":"CVE-2026-22340","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/wpjobster/vulnerability/wordpress-wpjobster-theme-6-3-5-sql-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-22342","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:08.990","lastModified":"2026-06-17T17:16:44.417","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Cross Site Request Forgery (CSRF) in WordPress Dating Theme <= 11.2.0 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"PremiumPress Limited.","product":"WordPress Dating Theme","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"DA10","versions":[{"version":"n/a","lessThanOrEqual":"11.2.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T13:36:39.320882Z","id":"CVE-2026-22342","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/da10/vulnerability/wordpress-wordpress-dating-theme-theme-11-2-0-cross-site-request-forgery-csrf-to-account-takeover-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-22343","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:09.130","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Broken Access Control in WordPress Dating Theme <= 11.2.0 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"PremiumPress Limited.","product":"WordPress Dating Theme","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"DA10","versions":[{"version":"n/a","lessThanOrEqual":"11.2.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T12:33:35.931611Z","id":"CVE-2026-22343","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/da10/vulnerability/wordpress-wordpress-dating-theme-theme-11-2-0-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-24575","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:10.663","lastModified":"2026-06-17T15:16:44.957","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Subscriber Broken Access Control in WishList Member X <= 3.29.0 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"WishList Member","product":"WishList Member X","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"wishlist-member-x","versions":[{"version":"n/a","lessThanOrEqual":"3.29.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:28:05.685287Z","id":"CVE-2026-24575","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/wishlist-member-x/vulnerability/wordpress-wishlist-member-x-plugin-3-29-0-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-24610","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:10.790","lastModified":"2026-06-17T17:16:44.520","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Subscriber Broken Access Control in MetForm Pro <= 3.9.1 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"WPMet","product":"MetForm Pro","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"metform-pro","versions":[{"version":"n/a","lessThanOrEqual":"3.9.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:21:19.876902Z","id":"CVE-2026-24610","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/metform-pro/vulnerability/wordpress-metform-pro-plugin-3-9-1-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-24611","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:10.920","lastModified":"2026-06-17T17:16:44.620","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Broken Access Control in MetForm Pro <= 3.9.1 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"WPMet","product":"MetForm Pro","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"metform-pro","versions":[{"version":"n/a","lessThanOrEqual":"3.9.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:21:03.357113Z","id":"CVE-2026-24611","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/metform-pro/vulnerability/wordpress-metform-pro-plugin-3-9-1-broken-access-control-vulnerability-2?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-25439","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:11.343","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Broken Authentication in Booknetic <= 4.8.5 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"fs-code","product":"Booknetic","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"booknetic","versions":[{"version":"n/a","lessThanOrEqual":"4.8.5","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T12:37:17.336811Z","id":"CVE-2026-25439","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-288"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/booknetic/vulnerability/wordpress-booknetic-plugin-4-8-5-account-takeover-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-25446","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:11.473","lastModified":"2026-06-17T17:16:44.717","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Subscriber Arbitrary File Upload in WishList Member X <= 3.29.0 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"WishList Products, LLC.","product":"WishList Member X","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"wishlist-member-x","versions":[{"version":"n/a","lessThanOrEqual":"3.29.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T13:36:36.080780Z","id":"CVE-2026-25446","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/wishlist-member-x/vulnerability/wordpress-wishlist-member-x-plugin-3-29-0-arbitrary-file-upload-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-25470","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:11.603","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Control of Generation of Code ('Code Injection') vulnerability in ACPT ACPT (Pro) - Custom Post Types Plugin for WordPress allows Remote Code Inclusion.\n\nThis issue affects ACPT (Pro) - Custom Post Types Plugin for WordPress: from n/a through 2.0.47."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ACPT","product":"ACPT (Pro) - Custom Post Types Plugin for WordPress","defaultStatus":"unaffected","versions":[{"version":"n/a","lessThanOrEqual":"2.0.47","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:23:47.083037Z","id":"CVE-2026-25470","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/advanced-custom-post-type/vulnerability/wordpress-acpt-pro-custom-post-types-plugin-for-wordpress-plugin-2-0-47-remote-code-execution-rce-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-27041","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:12.477","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Contributor Arbitrary File Upload in Unlimited Elements for Elementor (Premium) <= 2.0.6 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Studio Keren Aga LTD.","product":"Unlimited Elements for Elementor (Premium)","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"unlimited-elements-for-elementor-premium","versions":[{"version":"n/a","lessThanOrEqual":"2.0.6","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T12:33:12.844092Z","id":"CVE-2026-27041","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/unlimited-elements-for-elementor-premium/vulnerability/wordpress-unlimited-elements-for-elementor-premium-plugin-1-4-72-arbitrary-file-upload-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-27395","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:12.620","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Privilege Escalation in Support Board < 3.8.9 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Schiocco","product":"Support Board","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"supportboard","versions":[{"version":"n/a","lessThan":"3.8.9","versionType":"custom","status":"affected","changes":[{"at":"3.8.9","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:28:55.884802Z","id":"CVE-2026-27395","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-266"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/supportboard/vulnerability/wordpress-support-board-plugin-3-8-9-privilege-escalation-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-27400","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:12.753","lastModified":"2026-06-17T15:16:45.090","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Arbitrary File Deletion in BookPro <= 1.1.0 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Ovatheme","product":"BookPro","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"ovabookpro","versions":[{"version":"n/a","lessThanOrEqual":"1.1.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:28:42.249701Z","id":"CVE-2026-27400","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/ovabookpro/vulnerability/wordpress-bookpro-plugin-1-1-0-arbitrary-file-deletion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-27410","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:12.937","lastModified":"2026-06-17T17:16:44.923","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Deserialization of untrusted data in Slimstat Analytics < 5.4.0 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"VeronaLabs","product":"Slimstat Analytics","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"wp-slimstat","versions":[{"version":"n/a","lessThan":"5.4.0","versionType":"custom","status":"affected","changes":[{"at":"5.4.0","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:21:26.384896Z","id":"CVE-2026-27410","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/wp-slimstat/vulnerability/wordpress-slimstat-analytics-plugin-5-4-0-deserialization-of-untrusted-data-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-27429","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:13.113","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated PHP Object Injection in Nifty <= 1.4.1 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"BoldThemes","product":"Nifty","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"nifty","versions":[{"version":"n/a","lessThanOrEqual":"1.4.1","versionType":"custom","status":"affected","changes":[{"at":"1.4.2","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:28:49.597632Z","id":"CVE-2026-27429","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/nifty/vulnerability/wordpress-nifty-theme-1-4-1-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-28575","sourceIdentifier":"security@android.com","published":"2026-06-17T13:20:15.237","lastModified":"2026-06-17T16:43:55.760","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In PackageInstaller.Session#transfer of frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java, there is a possible memory exhaustion attack due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation."}],"affected":[{"source":"security@android.com","affectedData":[{"vendor":"Google","product":"Android","defaultStatus":"unaffected","versions":[{"version":"17","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@android.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:01:34.346486Z","id":"CVE-2026-28575","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:17.0:-:*:*:*:*:*:*","matchCriteriaId":"E3D15FD9-304E-4270-81C7-C8D9024D457D"}]}]}],"references":[{"url":"https://source.android.com/docs/security/bulletin/android-17","source":"security@android.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-28576","sourceIdentifier":"security@android.com","published":"2026-06-17T13:20:15.357","lastModified":"2026-06-17T16:43:32.927","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In Contacts Provider, there is a possible way to access the contacts database due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."}],"affected":[{"source":"security@android.com","affectedData":[{"vendor":"Android","product":"Android","defaultStatus":"unaffected","versions":[{"version":"17","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@android.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:41:25.225645Z","id":"CVE-2026-28576","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:17.0:-:*:*:*:*:*:*","matchCriteriaId":"E3D15FD9-304E-4270-81C7-C8D9024D457D"}]}]}],"references":[{"url":"https://source.android.com/docs/security/bulletin/android-17","source":"security@android.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-28587","sourceIdentifier":"security@android.com","published":"2026-06-17T13:20:15.490","lastModified":"2026-06-17T16:43:18.830","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In MmsSmsProvider of MmsSmsProvider.java, there is a possible way to retrieve sensitive information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."}],"affected":[{"source":"security@android.com","affectedData":[{"vendor":"Google","product":"Android","defaultStatus":"unaffected","versions":[{"version":"17","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@android.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:40:41.265751Z","id":"CVE-2026-28587","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:17.0:-:*:*:*:*:*:*","matchCriteriaId":"E3D15FD9-304E-4270-81C7-C8D9024D457D"}]}]}],"references":[{"url":"https://source.android.com/docs/security/bulletin/android-17","source":"security@android.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-2604","sourceIdentifier":"secalert@redhat.com","published":"2026-06-17T13:20:15.937","lastModified":"2026-06-17T16:14:51.680","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in evolution-data-server. Inconsistent comparison logic in the addressbook file backend allows a Flatpak application with D-Bus access to craft a malicious URI containing directory traversal sequences. This URI is stored without proper validation during contact creation or modification. Later, during contact deletion, the URI is processed with a less strict check, leading to the deletion of arbitrary files on the host filesystem. This could potentially include critical Flatpak override files."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"GNOME","product":"Evolution Data Server","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"3.59.3","versionType":"semver","status":"affected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"evolution-data-server","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"evolution-data-server","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"evolution-data-server","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"evolution-data-server","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"evolution-data-server","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:L","baseScore":5.6,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.3,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T12:46:36.218759Z","id":"CVE-2026-2604","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-73"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-2604","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440301","source":"secalert@redhat.com"},{"url":"https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/627","source":"secalert@redhat.com"},{"url":"https://lists.debian.org/debian-lts-announce/2026/03/msg00007.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://gitlab.gnome.org/GNOME/evolution-data-server/-/work_items/627","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-32966","sourceIdentifier":"security@apache.org","published":"2026-06-17T13:20:16.097","lastModified":"2026-06-17T17:16:45.223","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler.\n\nThis issue affects Apache DolphinScheduler: before 3.4.2.\n\nUsers are recommended to upgrade to version 3.4.2, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache DolphinScheduler","defaultStatus":"unaffected","collectionURL":"https://repo.maven.apache.org/maven2","packageName":"org.apache.dolphinscheduler:dolphinscheduler-api","versions":[{"version":"0","lessThan":"3.4.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:34:00.767997Z","id":"CVE-2026-32966","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:dolphinscheduler:*:*:*:*:*:*:*:*","versionEndExcluding":"3.4.2","matchCriteriaId":"84439C66-A7F8-45F5-8A44-C59C72B35BE8"}]}]}],"references":[{"url":"https://lists.apache.org/thread/4f1fojpj26z9y5nd1ko845gcknpn75g2","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/06/17/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-32967","sourceIdentifier":"security@apache.org","published":"2026-06-17T13:20:16.233","lastModified":"2026-06-17T17:16:45.383","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect Authorization vulnerability of `/v2` experimental interface in Apache DolphinScheduler.\n\nThis issue affects Apache DolphinScheduler: before 3.4.2.\n\nUsers are recommended to upgrade to version 3.4.2, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache DolphinScheduler","defaultStatus":"unaffected","collectionURL":"https://repo.maven.apache.org/maven2","packageName":"org.apache.dolphinscheduler:dolphinscheduler-api","versions":[{"version":"0","lessThan":"3.4.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:36:08.328619Z","id":"CVE-2026-32967","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:dolphinscheduler:*:*:*:*:*:*:*:*","versionEndExcluding":"3.4.2","matchCriteriaId":"84439C66-A7F8-45F5-8A44-C59C72B35BE8"}]}]}],"references":[{"url":"https://lists.apache.org/thread/5o5jrg1snkmrto96wg015wgbh7hyckzc","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/06/17/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-34888","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:17.493","lastModified":"2026-06-17T17:16:45.823","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Sensitive Data Exposure in Bricksforge <= 3.1.8.4 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Bricksforge","product":"Bricksforge","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"bricksforge","versions":[{"version":"n/a","lessThanOrEqual":"3.1.8.4","versionType":"custom","status":"affected","changes":[{"at":"3.1.8.5","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:20:55.892957Z","id":"CVE-2026-34888","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-201"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/bricksforge/vulnerability/wordpress-bricksforge-plugin-3-1-8-4-sensitive-data-exposure-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-34893","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:17.620","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Thegov Core < 2.0.23 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"WebGeniusLab","product":"Thegov Core","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"thegov-core","versions":[{"version":"n/a","lessThan":"2.0.23","versionType":"custom","status":"affected","changes":[{"at":"2.0.23","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:28:41.396536Z","id":"CVE-2026-34893","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/thegov-core/vulnerability/wordpress-thegov-core-plugin-2-0-23-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-34894","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:17.760","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Integrio Core < 1.2.8 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"WebGeniusLab","product":"Integrio Core","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"integrio-core","versions":[{"version":"n/a","lessThan":"1.2.8","versionType":"custom","status":"affected","changes":[{"at":"1.2.8","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:28:36.068532Z","id":"CVE-2026-34894","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/integrio-core/vulnerability/wordpress-integrio-core-plugin-1-2-8-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-34895","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:17.910","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Softlab Core < 1.2.11 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"WebGeniusLab","product":"Softlab Core","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"softlab-core","versions":[{"version":"n/a","lessThan":"1.2.11","versionType":"custom","status":"affected","changes":[{"at":"1.2.11","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:28:29.482566Z","id":"CVE-2026-34895","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/softlab-core/vulnerability/wordpress-softlab-core-plugin-1-2-11-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-39433","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:18.053","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Subscriber Arbitrary Content Deletion in WPAMS < 49.5.3 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"mojoomla","product":"WPAMS","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"apartment-management","versions":[{"version":"n/a","lessThan":"49.5.3","versionType":"custom","status":"affected","changes":[{"at":"49.5.3","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:28:21.442999Z","id":"CVE-2026-39433","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/apartment-management/vulnerability/wordpress-wpams-plugin-49-5-3-arbitrary-content-deletion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-39438","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:18.193","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated SQL Injection in ListingPro <= 2.9.10 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Emraan Cheema","product":"ListingPro","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"listingpro-plugin","versions":[{"version":"n/a","lessThanOrEqual":"2.9.10","versionType":"custom","status":"affected","changes":[{"at":"2.9.11","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:28:14.556488Z","id":"CVE-2026-39438","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/listingpro-plugin/vulnerability/wordpress-listingpro-plugin-2-9-10-sql-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-39443","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:18.327","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated PHP Object Injection in EmallShop <= 2.4.21 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"PressLayouts","product":"EmallShop","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"emallshop","versions":[{"version":"n/a","lessThanOrEqual":"2.4.21","versionType":"custom","status":"affected","changes":[{"at":"2.4.22","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:28:07.285170Z","id":"CVE-2026-39443","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/emallshop/vulnerability/wordpress-emallshop-theme-2-4-21-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-39446","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:18.463","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated PHP Object Injection in Kapee < 1.7.0 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"PressLayouts","product":"Kapee","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"kapee","versions":[{"version":"n/a","lessThan":"1.7.0","versionType":"custom","status":"affected","changes":[{"at":"1.7.0","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:27:57.835812Z","id":"CVE-2026-39446","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/kapee/vulnerability/wordpress-kapee-theme-1-7-0-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-39522","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:18.597","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Solene <= 3.4 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Elated-Themes","product":"Solene","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"solene","versions":[{"version":"n/a","lessThanOrEqual":"3.4","versionType":"custom","status":"affected","changes":[{"at":"3.4.1","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:27:52.373708Z","id":"CVE-2026-39522","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/solene/vulnerability/wordpress-solene-theme-3-4-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-39529","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:18.777","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated PHP Object Injection in Elementra <= 1.0.9 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX Group","product":"Elementra","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"elementra","versions":[{"version":"n/a","lessThanOrEqual":"1.0.9","versionType":"custom","status":"affected","changes":[{"at":"1.1.0","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:27:44.421348Z","id":"CVE-2026-39529","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/elementra/vulnerability/wordpress-elementra-theme-1-0-9-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-39537","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:19.210","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Mikado Core <= 1.6 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Mikado-Themes","product":"Mikado Core","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"mikado-core","versions":[{"version":"n/a","lessThanOrEqual":"1.6","versionType":"custom","status":"affected","changes":[{"at":"1.7.2","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T12:36:17.401256Z","id":"CVE-2026-39537","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/mikado-core/vulnerability/wordpress-mikado-core-plugin-1-6-local-file-inclusion-vulnerability-2?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-39539","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:19.353","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated PHP Object Injection in Alloggio - Hotel Booking <= 2.1.2 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Edge-Themes","product":"Alloggio - Hotel Booking","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"alloggio","versions":[{"version":"n/a","lessThanOrEqual":"2.1.2","versionType":"custom","status":"affected","changes":[{"at":"2.1.3","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:27:30.419596Z","id":"CVE-2026-39539","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/alloggio/vulnerability/wordpress-alloggio-hotel-booking-theme-2-1-2-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-39545","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:19.490","lastModified":"2026-06-17T17:16:50.100","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated PHP Object Injection in Zermatt <= 1.6.1 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Select-Themes","product":"Zermatt","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"zermatt","versions":[{"version":"n/a","lessThanOrEqual":"1.6.1","versionType":"custom","status":"affected","changes":[{"at":"1.7","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T13:36:33.802146Z","id":"CVE-2026-39545","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/zermatt/vulnerability/wordpress-zermatt-theme-1-6-1-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-39546","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:19.613","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Subscriber Privilege Escalation in MultiLoca <= 4.2.15 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Techspawn","product":"MultiLoca","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"woocommerce-multi-locations-inventory-management","versions":[{"version":"n/a","lessThanOrEqual":"4.2.15","versionType":"custom","status":"affected","changes":[{"at":"4.2.16","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T12:36:07.585732Z","id":"CVE-2026-39546","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-266"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/woocommerce-multi-locations-inventory-management/vulnerability/wordpress-multiloca-plugin-4-2-15-privilege-escalation-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-39547","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:19.760","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Getaway < 1.8 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Select-Themes","product":"Getaway","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"getaway","versions":[{"version":"n/a","lessThan":"1.8","versionType":"custom","status":"affected","changes":[{"at":"1.8","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:27:12.099867Z","id":"CVE-2026-39547","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/getaway/vulnerability/wordpress-getaway-theme-1-8-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-39548","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:19.897","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Cross Site Scripting (XSS) in MagOne <= 9.0 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Sneeit","product":"MagOne","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"magone","versions":[{"version":"n/a","lessThanOrEqual":"9.0","versionType":"custom","status":"affected","changes":[{"at":"9.1","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:27:04.534025Z","id":"CVE-2026-39548","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/magone/vulnerability/wordpress-magone-theme-9-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-39549","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:20.043","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Aperitif <= 1.5 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Elated-Themes","product":"Aperitif","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"aperitif","versions":[{"version":"n/a","lessThanOrEqual":"1.5","versionType":"custom","status":"affected","changes":[{"at":"1.6","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:26:59.624436Z","id":"CVE-2026-39549","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/aperitif/vulnerability/wordpress-aperitif-theme-1-5-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-39554","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:20.173","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated PHP Object Injection in Fidalgo <= 1.2.2 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Elated-Themes","product":"Fidalgo","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"fidalgo","versions":[{"version":"n/a","lessThanOrEqual":"1.2.2","versionType":"custom","status":"affected","changes":[{"at":"1.3","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:26:52.543663Z","id":"CVE-2026-39554","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/fidalgo/vulnerability/wordpress-fidalgo-theme-1-2-2-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-39557","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:20.310","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated PHP Object Injection in NeoBeat <= 1.7 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Elated-Themes","product":"NeoBeat","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"neobeat","versions":[{"version":"n/a","lessThanOrEqual":"1.7","versionType":"custom","status":"affected","changes":[{"at":"1.8","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:26:43.173380Z","id":"CVE-2026-39557","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/neobeat/vulnerability/wordpress-neobeat-theme-1-7-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-39558","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:20.443","lastModified":"2026-06-17T15:16:49.197","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Malmö <= 2.2 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Elated-Themes","product":"Malmö","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"malmo","versions":[{"version":"n/a","lessThanOrEqual":"2.2","versionType":"custom","status":"affected","changes":[{"at":"2.3","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:29:04.394603Z","id":"CVE-2026-39558","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/malmo/vulnerability/wordpress-malmoe-theme-2-2-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-39567","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:20.567","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated PHP Object Injection in Santé <= 1.5.1 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Select-Themes","product":"Santé","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"sante","versions":[{"version":"n/a","lessThanOrEqual":"1.5.1","versionType":"custom","status":"affected","changes":[{"at":"1.6","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:26:36.267150Z","id":"CVE-2026-39567","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/sante/vulnerability/wordpress-sante-theme-1-5-1-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-39568","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:20.703","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Mr. SEO <= 2.0 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Elated-Themes","product":"Mr. SEO","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"mrseo","versions":[{"version":"n/a","lessThanOrEqual":"2.0","versionType":"custom","status":"affected","changes":[{"at":"2.1","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:26:28.226096Z","id":"CVE-2026-39568","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/mrseo/vulnerability/wordpress-mr-seo-theme-2-0-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-39573","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:20.840","lastModified":"2026-06-17T17:16:50.317","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated PHP Object Injection in Mildhill <= 1.5 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Select-Themes","product":"Mildhill","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"mildhill","versions":[{"version":"n/a","lessThanOrEqual":"1.5","versionType":"custom","status":"affected","changes":[{"at":"1.6","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:24:51.586413Z","id":"CVE-2026-39573","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/mildhill/vulnerability/wordpress-mildhill-theme-1-5-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-39577","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:20.980","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated PHP Object Injection in Playroom <= 1.4.1 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Elated-Themes","product":"Playroom","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"playroom","versions":[{"version":"n/a","lessThanOrEqual":"1.4.1","versionType":"custom","status":"affected","changes":[{"at":"1.5","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:26:17.990593Z","id":"CVE-2026-39577","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/playroom/vulnerability/wordpress-playroom-theme-1-4-1-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-39578","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:21.123","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated PHP Object Injection in Valiance <= 1.2 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Elated-Themes","product":"Valiance","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"valiance","versions":[{"version":"n/a","lessThanOrEqual":"1.2","versionType":"custom","status":"affected","changes":[{"at":"1.3","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:26:12.911025Z","id":"CVE-2026-39578","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/valiance/vulnerability/wordpress-valiance-theme-1-2-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-39580","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:21.263","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated PHP Object Injection in Micdrop <= 1.3.1 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Select-Themes","product":"Micdrop","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"micdrop","versions":[{"version":"n/a","lessThanOrEqual":"1.3.1","versionType":"custom","status":"affected","changes":[{"at":"1.4","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:26:04.295669Z","id":"CVE-2026-39580","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/micdrop/vulnerability/wordpress-micdrop-theme-1-3-1-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-39582","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:21.397","lastModified":"2026-06-17T17:16:50.420","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Hitek < 1.8.3 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"xtemos","product":"Hitek","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"xts-hitek","versions":[{"version":"n/a","lessThan":"1.8.3","versionType":"custom","status":"affected","changes":[{"at":"1.8.3","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:24:45.585277Z","id":"CVE-2026-39582","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/xts-hitek/vulnerability/wordpress-hitek-theme-1-8-3-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-39589","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:21.523","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Subscriber Arbitrary File Upload in Webenvo <= 0.0.6 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"A WP Life","product":"Webenvo","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"webenvo","versions":[{"version":"n/a","lessThanOrEqual":"0.0.6","versionType":"custom","status":"affected","changes":[{"at":"0.0.7","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T12:34:22.731723Z","id":"CVE-2026-39589","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/webenvo/vulnerability/wordpress-webenvo-theme-0-0-6-arbitrary-file-upload-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-39595","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:21.660","lastModified":"2026-06-17T17:16:50.620","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Author Broken Access Control in W3 Total Cache <= 2.9.1 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"BoldGrid","product":"W3 Total Cache","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"w3-total-cache","versions":[{"version":"n/a","lessThanOrEqual":"2.9.1","versionType":"custom","status":"affected","changes":[{"at":"2.9.2","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.2,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T13:30:34.496543Z","id":"CVE-2026-39595","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/w3-total-cache/vulnerability/wordpress-w3-total-cache-plugin-2-9-1-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-39596","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:21.793","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated SQL Injection in Blocksy Companion Pro < 2.1.29 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Creative Themes","product":"Blocksy Companion Pro","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"blocksy-companion-pro","versions":[{"version":"n/a","lessThan":"2.1.29","versionType":"custom","status":"affected","changes":[{"at":"2.1.29","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T12:32:51.833924Z","id":"CVE-2026-39596","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/blocksy-companion-pro/vulnerability/wordpress-blocksy-companion-pro-plugin-2-1-29-sql-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-39597","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:21.953","lastModified":"2026-06-17T15:16:49.533","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Cross Site Scripting (XSS) in WPZOOM Addons for Elementor <= 1.3.4 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"WPZOOM","product":"WPZOOM Addons for Elementor","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"wpzoom-elementor-addons","versions":[{"version":"n/a","lessThanOrEqual":"1.3.4","versionType":"custom","status":"affected","changes":[{"at":"1.3.5","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:26:47.520248Z","id":"CVE-2026-39597","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/wpzoom-elementor-addons/vulnerability/wordpress-wpzoom-addons-for-elementor-plugin-1-3-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-39598","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:22.090","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unrestricted Upload of File with Dangerous Type vulnerability in Kodezen LLC Academy LMS Pro allows Upload a Web Shell to a Web Server.\n\nThis issue affects Academy LMS Pro: from n/a before 3.5.2."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Kodezen LLC","product":"Academy LMS Pro","defaultStatus":"unaffected","versions":[{"version":"n/a","lessThan":"3.5.2","versionType":"custom","status":"affected","changes":[{"at":"3.5.2","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:23:54.817628Z","id":"CVE-2026-39598","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/academy-pro/vulnerability/wordpress-academy-lms-pro-plugin-3-5-2-arbitrary-file-upload-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-40721","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:34.917","lastModified":"2026-06-17T17:16:51.323","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Contributor Local File Inclusion in Element Pack Pro <= 9.0.6 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"BdThemes","product":"Element Pack Pro","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"bdthemes-element-pack","versions":[{"version":"n/a","lessThanOrEqual":"9.0.6","versionType":"custom","status":"affected","changes":[{"at":"9.1.0","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:24:40.888877Z","id":"CVE-2026-40721","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/bdthemes-element-pack/vulnerability/wordpress-element-pack-pro-plugin-9-0-6-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-40722","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:35.050","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in Yoast BV Yoast SEO Premium allows Exploiting Incorrectly Configured Access Control Security Levels.\n\nThis issue affects Yoast SEO Premium: from n/a through 26.6."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Yoast BV","product":"Yoast SEO Premium","defaultStatus":"unaffected","versions":[{"version":"n/a","lessThanOrEqual":"26.6","versionType":"custom","status":"affected","changes":[{"at":"26.7","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:23:38.389863Z","id":"CVE-2026-40722","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/wordpress-seo-premium/vulnerability/wordpress-yoast-seo-premium-plugin-26-6-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-40723","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:35.190","lastModified":"2026-06-17T17:16:51.433","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Subscriber Broken Access Control in Bricks Builder <= 2.1.4 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Bricks","product":"Bricks Builder","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"bricks","versions":[{"version":"n/a","lessThanOrEqual":"2.1.4","versionType":"custom","status":"affected","changes":[{"at":"2.2","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:24:35.578090Z","id":"CVE-2026-40723","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/bricks/vulnerability/wordpress-bricks-builder-theme-2-1-4-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-40724","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:35.310","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"CP Client Arbitrary File Download in Client Portal (Pro) <= 5.6.2 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Client Portal Ltd.","product":"Client Portal (Pro)","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"leco-client-portal","versions":[{"version":"n/a","lessThanOrEqual":"5.6.2","versionType":"custom","status":"affected","changes":[{"at":"5.6.3","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T12:45:59.345660Z","id":"CVE-2026-40724","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/leco-client-portal/vulnerability/wordpress-client-portal-pro-plugin-5-6-2-arbitrary-file-download-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-40725","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:35.437","lastModified":"2026-06-17T17:16:51.537","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated PHP Object Injection in WooCommerce Product Filters < 2.0.6 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Barn2 Media Ltd","product":"WooCommerce Product Filters","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"woocommerce-product-filters","versions":[{"version":"n/a","lessThan":"2.0.6","versionType":"custom","status":"affected","changes":[{"at":"2.0.6","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T13:43:21.766830Z","id":"CVE-2026-40725","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/woocommerce-product-filters/vulnerability/wordpress-woocommerce-product-filters-plugin-2-0-6-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-40726","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:35.560","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.14 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeGrill","product":"User Registration Stripe","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"user-registration-stripe","versions":[{"version":"n/a","lessThanOrEqual":"1.3.14","versionType":"custom","status":"affected","changes":[{"at":"1.3.15","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T12:32:29.749096Z","id":"CVE-2026-40726","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/user-registration-stripe/vulnerability/wordpress-user-registration-stripe-plugin-1-3-14-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-40731","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:35.700","lastModified":"2026-06-17T15:16:49.890","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in ChapterOne <= 1.7 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Mikado-Themes","product":"ChapterOne","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"chapterone","versions":[{"version":"n/a","lessThanOrEqual":"1.7","versionType":"custom","status":"affected","changes":[{"at":"1.8","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:31:45.444388Z","id":"CVE-2026-40731","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/chapterone/vulnerability/wordpress-chapterone-theme-1-7-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-40735","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:35.823","lastModified":"2026-06-17T17:16:51.640","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated PHP Object Injection in Reina <= 2.1 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Edge-Themes","product":"Reina","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"reina","versions":[{"version":"n/a","lessThanOrEqual":"2.1","versionType":"custom","status":"affected","changes":[{"at":"2.2","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:24:30.381144Z","id":"CVE-2026-40735","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/reina/vulnerability/wordpress-reina-theme-2-1-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-40736","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:35.943","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated PHP Object Injection in Laurits <= 1.5.1 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Edge-Themes","product":"Laurits","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"laurits","versions":[{"version":"n/a","lessThanOrEqual":"1.5.1","versionType":"custom","status":"affected","changes":[{"at":"1.6","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:25:58.161333Z","id":"CVE-2026-40736","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/laurits/vulnerability/wordpress-laurits-theme-1-5-1-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-40739","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:36.080","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated PHP Object Injection in LuxeDrive <= 1.4 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Mikado-Themes","product":"LuxeDrive","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"luxedrive","versions":[{"version":"n/a","lessThanOrEqual":"1.4","versionType":"custom","status":"affected","changes":[{"at":"1.5","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:25:52.030979Z","id":"CVE-2026-40739","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/luxedrive/vulnerability/wordpress-luxedrive-theme-1-4-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-40746","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:36.213","lastModified":"2026-06-17T17:16:51.853","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Subscriber Arbitrary File Upload in Restaurant Zone <= 0.7.8 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"themagnifico52","product":"Restaurant Zone","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"restaurant-zone","versions":[{"version":"n/a","lessThanOrEqual":"0.7.8","versionType":"custom","status":"affected","changes":[{"at":"0.7.9","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:23:48.566909Z","id":"CVE-2026-40746","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/restaurant-zone/vulnerability/wordpress-restaurant-zone-theme-0-7-8-arbitrary-file-upload-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-40747","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:36.337","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Subscriber Arbitrary File Upload in Ecommerce Zone <= 0.9.7 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"themagnifico52","product":"Ecommerce Zone","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"ecommerce-zone","versions":[{"version":"n/a","lessThanOrEqual":"0.9.7","versionType":"custom","status":"affected","changes":[{"at":"0.9.8","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T12:33:16.215693Z","id":"CVE-2026-40747","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/ecommerce-zone/vulnerability/wordpress-ecommerce-zone-theme-0-9-7-arbitrary-file-upload-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-40748","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:36.473","lastModified":"2026-06-17T17:16:51.953","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Subscriber Arbitrary File Upload in Kids Gift Shop <= 0.5.4 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"themagnifico52","product":"Kids Gift Shop","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"kids-gift-shop","versions":[{"version":"n/a","lessThanOrEqual":"0.5.4","versionType":"custom","status":"affected","changes":[{"at":"0.5.5","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T13:36:31.152817Z","id":"CVE-2026-40748","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/kids-gift-shop/vulnerability/wordpress-kids-gift-shop-theme-0-5-4-arbitrary-file-upload-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-40749","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:36.593","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Subscriber Arbitrary File Upload in Charity Zone <= 1.1.1 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"themagnifico52","product":"Charity Zone","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"charity-zone","versions":[{"version":"n/a","lessThanOrEqual":"1.1.1","versionType":"custom","status":"affected","changes":[{"at":"1.1.2","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T12:31:57.427680Z","id":"CVE-2026-40749","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/charity-zone/vulnerability/wordpress-charity-zone-theme-1-1-1-arbitrary-file-upload-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-40751","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:36.730","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated PHP Object Injection in Ashtanga <= 1.2 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Mikado-Themes","product":"Ashtanga","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"ashtanga","versions":[{"version":"n/a","lessThanOrEqual":"1.2","versionType":"custom","status":"affected","changes":[{"at":"1.3","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:25:47.308582Z","id":"CVE-2026-40751","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/ashtanga/vulnerability/wordpress-ashtanga-theme-1-2-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-40753","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:36.867","lastModified":"2026-06-17T15:16:50.120","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated PHP Object Injection in EasyMeals <= 1.5.1 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Mikado-Themes","product":"EasyMeals","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"easymeals","versions":[{"version":"n/a","lessThanOrEqual":"1.5.1","versionType":"custom","status":"affected","changes":[{"at":"1.6","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:35:23.168753Z","id":"CVE-2026-40753","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/easymeals/vulnerability/wordpress-easymeals-theme-1-5-1-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-40754","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:36.993","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated PHP Object Injection in Roisin <= 1.4 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Elated-Themes","product":"Roisin","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"roisin","versions":[{"version":"n/a","lessThanOrEqual":"1.4","versionType":"custom","status":"affected","changes":[{"at":"1.5","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:25:40.667983Z","id":"CVE-2026-40754","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/roisin/vulnerability/wordpress-roisin-theme-1-4-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-40755","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:37.127","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated PHP Object Injection in TechLink <= 1.3 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Mikado-Themes","product":"TechLink","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"techlink","versions":[{"version":"n/a","lessThanOrEqual":"1.3","versionType":"custom","status":"affected","changes":[{"at":"1.4","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:25:34.261175Z","id":"CVE-2026-40755","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/techlink/vulnerability/wordpress-techlink-theme-1-3-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-40758","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:37.287","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated PHP Object Injection in Léonie <= 1.2.1 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Elated-Themes","product":"Léonie","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"lonie","versions":[{"version":"n/a","lessThanOrEqual":"1.2.1","versionType":"custom","status":"affected","changes":[{"at":"1.3","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:25:23.287901Z","id":"CVE-2026-40758","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/lonie/vulnerability/wordpress-leonie-theme-1-2-1-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-40759","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:37.417","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated PHP Object Injection in Esmée <= 1.4 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Mikado-Themes","product":"Esmée","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"esme","versions":[{"version":"n/a","lessThanOrEqual":"1.4","versionType":"custom","status":"affected","changes":[{"at":"1.5","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:25:15.340780Z","id":"CVE-2026-40759","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/esme/vulnerability/wordpress-esmee-theme-1-4-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-40760","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:37.547","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated PHP Object Injection in Behold <= 1.5 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Edge-Themes","product":"Behold","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"behold","versions":[{"version":"n/a","lessThanOrEqual":"1.5","versionType":"custom","status":"affected","changes":[{"at":"1.6","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:25:03.670398Z","id":"CVE-2026-40760","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/behold/vulnerability/wordpress-behold-theme-1-5-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-40761","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:37.687","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated PHP Object Injection in Valeska <= 1.2.2 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Edge-Themes","product":"Valeska","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"valeska","versions":[{"version":"n/a","lessThanOrEqual":"1.2.2","versionType":"custom","status":"affected","changes":[{"at":"1.3","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:24:57.536770Z","id":"CVE-2026-40761","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/valeska/vulnerability/wordpress-valeska-theme-1-2-2-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-40765","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:37.840","lastModified":"2026-06-17T17:16:52.273","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Cross Site Scripting (XSS) in collectchat <= 2.4.9 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"collectchat","product":"collectchat","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"collectchat","versions":[{"version":"n/a","lessThanOrEqual":"2.4.9","versionType":"custom","status":"affected","changes":[{"at":"2.5.0","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:23:36.432613Z","id":"CVE-2026-40765","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/collectchat/vulnerability/wordpress-collectchat-plugin-2-4-9-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-40768","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:37.960","lastModified":"2026-06-17T17:16:52.370","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Insecure Direct Object References (IDOR) in Salon booking system <= 10.30.24 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Dimitri Grassi","product":"Salon booking system","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"salon-booking-system","versions":[{"version":"n/a","lessThanOrEqual":"10.30.24","versionType":"custom","status":"affected","changes":[{"at":"10.30.25","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:23:55.928052Z","id":"CVE-2026-40768","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/salon-booking-system/vulnerability/wordpress-salon-booking-system-plugin-10-30-24-insecure-direct-object-references-idor-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-40783","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:38.090","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.37 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Creative Themes","product":"Blocksy Companion Pro","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"blocksy-companion-pro","versions":[{"version":"n/a","lessThanOrEqual":"2.1.37","versionType":"custom","status":"affected","changes":[{"at":"2.1.38","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T12:31:22.614708Z","id":"CVE-2026-40783","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/blocksy-companion-pro/vulnerability/wordpress-blocksy-companion-pro-plugin-2-1-37-remote-code-execution-rce-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-41280","sourceIdentifier":"security@apache.org","published":"2026-06-17T13:20:38.223","lastModified":"2026-06-17T15:06:43.330","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects\n\nThis issue affects Apache DolphinScheduler versions prior to 3.4.2. \n\nUsers are recommended to upgrade to version 3.4.2, which fixes this issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache DolphinScheduler","defaultStatus":"unaffected","collectionURL":"https://repo.maven.apache.org/maven2","packageName":"org.apache.dolphinscheduler:dolphinscheduler-api","versions":[{"version":"0","lessThan":"3.4.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T11:05:58.721556Z","id":"CVE-2026-41280","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:dolphinscheduler:*:*:*:*:*:*:*:*","versionEndExcluding":"3.4.2","matchCriteriaId":"84439C66-A7F8-45F5-8A44-C59C72B35BE8"}]}]}],"references":[{"url":"https://lists.apache.org/thread/5bv1njp3lbbbj11y20td5yz1b4nmrtvw","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/06/17/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-41557","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:38.410","lastModified":"2026-06-17T17:16:52.760","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Cross Site Scripting (XSS) in Kapee < 1.7.1 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"PressLayouts","product":"Kapee","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"kapee","versions":[{"version":"n/a","lessThan":"1.7.1","versionType":"custom","status":"affected","changes":[{"at":"1.7.1","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T13:30:32.539957Z","id":"CVE-2026-41557","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/kapee/vulnerability/wordpress-kapee-theme-1-7-1-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-42357","sourceIdentifier":"security@apache.org","published":"2026-06-17T13:20:39.810","lastModified":"2026-06-17T17:16:53.000","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access.\n\nThis issue affects Apache DolphinScheduler versions prior to 3.4.2.\n\n\nUsers are recommended to upgrade to version 3.4.2, which fixes this issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache DolphinScheduler","defaultStatus":"unaffected","collectionURL":"https://repo.maven.apache.org/maven2","packageName":"org.apache.dolphinscheduler:dolphinscheduler-api","versions":[{"version":"0","lessThan":"3.4.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:35:00.281861Z","id":"CVE-2026-42357","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:dolphinscheduler:*:*:*:*:*:*:*:*","versionEndExcluding":"3.4.2","matchCriteriaId":"84439C66-A7F8-45F5-8A44-C59C72B35BE8"}]}]}],"references":[{"url":"https://lists.apache.org/thread/74l2rrz32w2chn7vz64313gk7ox5wjtr","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/06/17/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-42380","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:39.933","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated PHP Object Injection in AI Lab < 5.4.2 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"jwsthemes","product":"AI Lab","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"ailab","versions":[{"version":"n/a","lessThan":"5.4.2","versionType":"custom","status":"affected","changes":[{"at":"5.4.2","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T12:19:57.103063Z","id":"CVE-2026-42380","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/ailab/vulnerability/wordpress-ai-lab-theme-5-4-2-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-42385","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:40.067","lastModified":"2026-06-17T15:16:50.517","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Cross Site Scripting (XSS) in Profile Builder Pro <= 3.15.0 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Cozmoslabs","product":"Profile Builder Pro","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"profile-builder-pro","versions":[{"version":"n/a","lessThanOrEqual":"3.15.0","versionType":"custom","status":"affected","changes":[{"at":"3.15.1","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:36:06.593500Z","id":"CVE-2026-42385","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/profile-builder-pro/vulnerability/wordpress-profile-builder-pro-plugin-3-15-0-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-42629","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:40.287","lastModified":"2026-06-17T17:16:53.277","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Broken Authentication in PowerPack Pro for Elementor < v2.13.0 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Powerpackelements","product":"PowerPack Pro for Elementor","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"powerpack-elements","versions":[{"version":"n/a","lessThan":"v2.13.0","versionType":"custom","status":"affected","changes":[{"at":"2.13.0","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:23:32.672262Z","id":"CVE-2026-42629","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-288"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/powerpack-elements/vulnerability/wordpress-powerpack-pro-for-elementor-plugin-v2-13-0-broken-authentication-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-45436","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:40.863","lastModified":"2026-06-17T17:17:01.023","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Subscriber Broken Access Control in WPBakery Page Builder <= 8.7.2 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Rain-Task Ltd.","product":"WPBakery Page Builder","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"js_composer","versions":[{"version":"n/a","lessThanOrEqual":"8.7.2","versionType":"custom","status":"affected","changes":[{"at":"8.7.3","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:23:23.980207Z","id":"CVE-2026-45436","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/js_composer/vulnerability/wordpress-wpbakery-page-builder-plugin-8-7-2-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-47277","sourceIdentifier":"security-advisories@github.com","published":"2026-06-17T13:20:41.703","lastModified":"2026-06-17T16:29:36.030","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Runtipi is a personal homeserver orchestrator. In versions 4.9.1 through 4.9.3, Runtipi serves marketplace app logos from files inside cloned app-store repositories through an unauthenticated endpoint, which leads to arbitrary file read through app-store logo symlinks. The path guard checks only the lexical path before Node reads the file, so a Git app store that contains metadata/logo.jpg as a symbolic link can cause Runtipi to read and return the symlink target. Because the endpoint is public and the symlink target may point outside the cloned repository, this can expose local files from the Runtipi container such as /data/.env, /data/state/seed, logs, or application files. This can disclose JWT secrets, service credentials, local configuration, and operational logs depending on the instance. The issue has been fixed in version 4.10.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"runtipi","product":"runtipi","versions":[{"version":">= 4.9.1, < 4.10.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:23:13.377117Z","id":"CVE-2026-47277","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-59"}]}],"references":[{"url":"https://github.com/runtipi/runtipi/releases/tag/v4.10.0","source":"security-advisories@github.com"},{"url":"https://github.com/runtipi/runtipi/security/advisories/GHSA-qrqj-p7hm-4m66","source":"security-advisories@github.com"},{"url":"https://github.com/runtipi/runtipi/security/advisories/GHSA-qrqj-p7hm-4m66","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-47340","sourceIdentifier":"security@apache.org","published":"2026-06-17T13:20:41.877","lastModified":"2026-06-17T17:17:19.023","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Apache DolphinScheduler.\n\nThis issue affects Apache DolphinScheduler: before 3.4.2.\n\nUsers are recommended to upgrade to version 3.4.2, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache DolphinScheduler","defaultStatus":"unaffected","collectionURL":"https://repo.maven.apache.org/maven2","packageName":"org.apache.dolphinscheduler:dolphinscheduler-api","versions":[{"version":"0","lessThan":"3.4.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:37:14.740417Z","id":"CVE-2026-47340","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:dolphinscheduler:*:*:*:*:*:*:*:*","versionEndExcluding":"3.4.2","matchCriteriaId":"84439C66-A7F8-45F5-8A44-C59C72B35BE8"}]}]}],"references":[{"url":"https://lists.apache.org/thread/gx6v1wjb6qg3fzksxomysspy2gw54ooc","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/06/17/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-48055","sourceIdentifier":"security-advisories@github.com","published":"2026-06-17T13:20:42.257","lastModified":"2026-06-17T16:26:02.190","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Streambert is a cross-platform Electron Desktop App to stream and download any video media. In versions 2.4.0 and prior, a high-severity Zip Slip vulnerability was identified in Streambert's subtitle extraction logic. The application does not sanitize archive entry filenames during extraction, allowing a malicious archive to perform path traversal and write arbitrary files to the host filesystem. The subtitle extraction process downloads a ZIP archive and extracts its entries. The destination file path is constructed by concatenating the raw archive entry name (extracted.name) directly to the temporary directory path. If a malicious ZIP archive containing directory traversal sequences is processed, it escapes the temporary directory boundaries. The application then writes the extracted payload anywhere on the host filesystem subject to the application's current write permissions. This issue has been fixed in version 2.5.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"truelockmc","product":"streambert","versions":[{"version":"< 2.5.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.8}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T13:22:09.740440Z","id":"CVE-2026-48055","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/truelockmc/streambert/releases/tag/2.5.0","source":"security-advisories@github.com"},{"url":"https://github.com/truelockmc/streambert/security/advisories/GHSA-3q2x-3q9p-qwfc","source":"security-advisories@github.com"},{"url":"https://github.com/truelockmc/streambert/security/advisories/GHSA-3q2x-3q9p-qwfc","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-48745","sourceIdentifier":"security-advisories@github.com","published":"2026-06-17T13:20:42.743","lastModified":"2026-06-17T16:28:34.830","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Traccar Client is a GPS tracking mobile app for sending location updates to private servers using the open-source Traccar platform. In versions 9.7.19 and below, a single crafted deep link can silently hijack all GPS tracking parameters and redirect telemetry to an attacker-controlled server. The app registers a custom org.traccar.client://config deep-link scheme that silently writes attacker-supplied parameters (server URL, device ID, accuracy, distance, and interval) into the app's persistent configuration with no confirmation, notification, or visual indication. A single crafted link delivered via SMS, email, a webpage, or any installed app can therefore reconfigure the app the moment the victim taps it, with no special permissions required. As a result, an attacker can covertly redirect all of the victim's GPS telemetry to their own server at maximum precision and frequency, and the change persists across restarts. This gives the attacker continuous, real-time tracking of the victim's location. This issue has been fixed in version 9.7.20."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"traccar","product":"traccar-client","versions":[{"version":"< 9.7.20","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.8}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T13:53:43.524866Z","id":"CVE-2026-48745","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-940"}]}],"references":[{"url":"https://github.com/traccar/traccar-client/commit/23558b0ae390f8480b2233da07410b5aeaafba09","source":"security-advisories@github.com"},{"url":"https://github.com/traccar/traccar-client/security/advisories/GHSA-vm6j-6g39-gj97","source":"security-advisories@github.com"},{"url":"https://github.com/traccar/traccar-client/security/advisories/GHSA-vm6j-6g39-gj97","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-48782","sourceIdentifier":"security-advisories@github.com","published":"2026-06-17T13:20:43.210","lastModified":"2026-06-17T16:28:24.220","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. In versions 1.56.0 through 1.101.0, 2.0.0b1, and 2.0.0b2, the cloud-metadata blocklist could be bypassed by encoding the metadata IP in an IPv6 transition form that the previous fix, CVE-2026-46678, did not decode, exposing cloud IAM short-term credentials. The previous remediation decoded only IPv4-mapped IPv6, 6to4, and the NAT64 well-known prefix, so the metadata guarantee did not hold for the remaining transition forms: IPv4-compatible IPv6 (::a.b.c.d), the NAT64 RFC 8215 local-use prefix (64:ff9b:1::/48), operator-chosen NAT64 prefixes, and ISATAP. The IPv6 wrapper is then delivered to the underlying IPv4 metadata endpoint. This occurs when an application using Pydantic AI opts a URL into force_download='allow-local' (which disables the default block on private/internal IPs) and runs on a network that actually routes the affected IPv6 transition forms: NAT64-configured networks (IPv6-only or dual-stack-with-NAT64 deployments, including some Kubernetes setups) for the NAT64 variants, or networks with an ISATAP tunnel for ISATAP. A standard dual-stack cloud VM or container does not route these forms and is not affected in practice. The IPv4-compatible and Teredo variants are deprecated and addressed as defense-in-depth. This is an incomplete fix of GHSA-cqp8-fcvh-x7r3 / CVE-2026-46678 (itself a follow-up to CVE-2026-25580). This issue has been fixed in version 2.0.0b3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"pydantic","product":"pydantic-ai","versions":[{"version":">= 1.56.0, < 1.102.0","status":"affected"},{"version":">= 2.0.0b1, < 2.0.0b3","status":"affected"}]},{"vendor":"pydantic","product":"pydantic-ai-slim","versions":[{"version":">= 2.0.0b1, < 2.0.0b3","status":"affected"},{"version":">= 1.56.0, < 1.102.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:22:37.373304Z","id":"CVE-2026-48782","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/pydantic/pydantic-ai/commit/1add06179ba4de259f7ab977620b697b7209f7e4","source":"security-advisories@github.com"},{"url":"https://github.com/pydantic/pydantic-ai/pull/5596","source":"security-advisories@github.com"},{"url":"https://github.com/pydantic/pydantic-ai/releases/tag/v1.102.0","source":"security-advisories@github.com"},{"url":"https://github.com/pydantic/pydantic-ai/security/advisories/GHSA-cg7w-rg45-pc59","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-48783","sourceIdentifier":"security-advisories@github.com","published":"2026-06-17T13:20:43.353","lastModified":"2026-06-17T16:18:00.113","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Postiz is an AI social media scheduling tool. Versions prior to 2.21.8 contained an unauthenticated endpoint that accepted a signed token and applied subscription-enforcement side effects to the organization referenced in that token's claims, without verifying the token's intended purpose. The endpoint, /public/modify-subscription, could not change the persisted subscription tier, but it did execute enforcement-related side effects on the caller's own organization, including adjusting team-member enablement state, disabling integrations exceeding the asserted plan's limits, and resetting the scheduled-post cron when the asserted plan was the free tier. Impact is limited to the attacker's own organization and cannot be redirected at other tenants through this endpoint. This issue has been fixed in version 2.21.8."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"gitroomhq","product":"postiz-app","versions":[{"version":"< 2.21.8","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T12:43:27.137971Z","id":"CVE-2026-48783","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-345"},{"lang":"en","value":"CWE-639"},{"lang":"en","value":"CWE-749"},{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://gadvisory.org/advisories/PSA-2026-WWFR8X","source":"security-advisories@github.com"},{"url":"https://github.com/gitroomhq/postiz-app/commit/23696d2973510ae1f3f48bfa41a6bfbbf9827b05","source":"security-advisories@github.com"},{"url":"https://github.com/gitroomhq/postiz-app/releases/tag/v2.21.8","source":"security-advisories@github.com"},{"url":"https://github.com/gitroomhq/postiz-app/security/advisories/GHSA-v4wr-4j8g-4hfj","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-48788","sourceIdentifier":"security-advisories@github.com","published":"2026-06-17T13:20:43.490","lastModified":"2026-06-17T16:28:34.830","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Remark42 is a self-hosted comment engine for blogs, articles, or any other place where readers can add comments. Versions 1.6.0 through 1.15.0 contain a Cross-Site Scripting (XSS) vulnerability exploitable through content-type spoofing. The Remark42 image proxy fetches an arbitrary remote URL and re-serves the response from Remark42's own origin. During the download phase, the proxy determines whether the resource is an image by inspecting only the Content-Type header advertised by the remote server, never examining the actual bytes; during the serving phase, it instead derives the response Content-Type by sniffing those bytes with http.DetectContentType. An attacker can exploit this inconsistency by hosting a URL that advertises Content-Type: image/png while returning an HTML/JavaScript body: the download check accepts it as an image, the serving path sniffs the body and emits Content-Type: text/html, and the browser renders the attacker-controlled HTML/JavaScript as a document within Remark42's origin. Exploitation requires no Remark42 account on the target instance; the attacker only needs to host the malicious upstream URL and deliver the proxy link to a victim by any means, such as email, direct message, or a link on another website. This issue has been fixed in version 1.16.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"umputun","product":"remark42","versions":[{"version":">= 1.6.0, < 1.16.0","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T13:19:50.596883Z","id":"CVE-2026-48788","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-436"}]}],"references":[{"url":"https://github.com/umputun/remark42/commit/78d6de6bce1e961f023969da3ec8a00dd80c9ae8","source":"security-advisories@github.com"},{"url":"https://github.com/umputun/remark42/releases/tag/v1.16.0","source":"security-advisories@github.com"},{"url":"https://github.com/umputun/remark42/security/advisories/GHSA-4c8j-mgm4-qqvp","source":"security-advisories@github.com"},{"url":"https://github.com/umputun/remark42/security/advisories/GHSA-4c8j-mgm4-qqvp","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-48869","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:44.143","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Cross Site Scripting (XSS) in Enfold <= 7.1.4 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Kriesi","product":"Enfold","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"enfold","versions":[{"version":"n/a","lessThanOrEqual":"7.1.4","versionType":"custom","status":"affected","changes":[{"at":"7.1.5","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:24:48.886800Z","id":"CVE-2026-48869","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/enfold/vulnerability/wordpress-enfold-theme-7-1-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-48875","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:44.293","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated SQL Injection in JetSmartFilters <= 3.8.1 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Jetimpex Inc.","product":"JetSmartFilters","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"jet-smart-filters","versions":[{"version":"n/a","lessThanOrEqual":"3.8.1","versionType":"custom","status":"affected","changes":[{"at":"3.8.1.1","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T12:24:47.009289Z","id":"CVE-2026-48875","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/jet-smart-filters/vulnerability/wordpress-jetsmartfilters-plugin-3-8-1-sql-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-48967","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:44.683","lastModified":"2026-06-17T17:17:22.370","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Subscriber SQL Injection in  Geo Mashup <= 1.13.19 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Dylan Kuhn","product":"Geo Mashup","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"geo-mashup","versions":[{"version":"n/a","lessThanOrEqual":"1.13.19","versionType":"custom","status":"affected","changes":[{"at":"1.13.20","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.1,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T13:30:30.599973Z","id":"CVE-2026-48967","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/geo-mashup/vulnerability/wordpress-geo-mashup-plugin-1-13-19-sql-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-49057","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:44.850","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Broken Access Control in JobSearch <= 3.2.7 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"EyeCix Technologies","product":"JobSearch","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"wp-jobsearch","versions":[{"version":"n/a","lessThanOrEqual":"3.2.7","versionType":"custom","status":"affected","changes":[{"at":"3.2.8","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:24:44.384202Z","id":"CVE-2026-49057","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/wp-jobsearch/vulnerability/wordpress-jobsearch-plugin-3-2-7-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-49058","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:44.990","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Privilege Escalation in LoginPress Pro <= 6.2.2 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"LoginPress","product":"LoginPress Pro","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"loginpress-pro","versions":[{"version":"n/a","lessThanOrEqual":"6.2.2","versionType":"custom","status":"affected","changes":[{"at":"6.2.3","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T12:19:24.028010Z","id":"CVE-2026-49058","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-266"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/loginpress-pro/vulnerability/wordpress-loginpress-pro-plugin-6-2-2-privilege-escalation-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-49071","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:45.140","lastModified":"2026-06-17T15:16:59.523","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Broken Authentication in WooCommerce Dropshipping <= 5.2.4 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"OPMC","product":"WooCommerce Dropshipping","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"woocommerce-dropshipping","versions":[{"version":"n/a","lessThanOrEqual":"5.2.4","versionType":"custom","status":"affected","changes":[{"at":"5.2.5","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:36:30.112375Z","id":"CVE-2026-49071","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-288"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/woocommerce-dropshipping/vulnerability/wordpress-woocommerce-dropshipping-plugin-5-2-4-broken-authentication-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-49072","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:45.270","lastModified":"2026-06-17T17:17:22.477","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Broken Access Control in WooCommerce Anti-Fraud <= 7.2.6 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"OPMC","product":"WooCommerce Anti-Fraud","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"woocommerce-anti-fraud","versions":[{"version":"n/a","lessThanOrEqual":"7.2.6","versionType":"custom","status":"affected","changes":[{"at":"7.2.7","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:23:18.987016Z","id":"CVE-2026-49072","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/woocommerce-anti-fraud/vulnerability/wordpress-woocommerce-anti-fraud-plugin-7-2-6-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-49073","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:45.397","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpWax Directorist Booking allows Blind SQL Injection.\n\nThis issue affects Directorist Booking: from n/a through 3.0.3."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"wpWax","product":"Directorist Booking","defaultStatus":"unaffected","versions":[{"version":"n/a","lessThanOrEqual":"3.0.3","versionType":"custom","status":"affected","changes":[{"at":"3.0.4","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.1,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:24:02.782131Z","id":"CVE-2026-49073","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/directorist-booking/vulnerability/wordpress-directorist-booking-plugin-3-0-3-sql-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-49074","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:45.537","lastModified":"2026-06-17T17:17:22.580","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.9.1 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Jetimpex Inc.","product":"JetEngine","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"jet-engine","versions":[{"version":"n/a","lessThanOrEqual":"3.8.9.1","versionType":"custom","status":"affected","changes":[{"at":"3.8.10","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:20:29.698190Z","id":"CVE-2026-49074","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/jet-engine/vulnerability/wordpress-jetengine-plugin-3-8-9-1-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-49075","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:45.660","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Contributor PHP Object Injection in JetEngine <= 3.8.9.1 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Jetimpex Inc.","product":"JetEngine","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"jet-engine","versions":[{"version":"n/a","lessThanOrEqual":"3.8.9.1","versionType":"custom","status":"affected","changes":[{"at":"3.8.10","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T12:22:37.780394Z","id":"CVE-2026-49075","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/jet-engine/vulnerability/wordpress-jetengine-plugin-3-8-9-1-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-49076","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:45.790","lastModified":"2026-06-17T17:17:22.680","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated SQL Injection in JetEngine <= 3.8.9.1 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Jetimpex Inc.","product":"JetEngine","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"jet-engine","versions":[{"version":"n/a","lessThanOrEqual":"3.8.9.1","versionType":"custom","status":"affected","changes":[{"at":"3.8.10","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T13:37:31.540740Z","id":"CVE-2026-49076","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/jet-engine/vulnerability/wordpress-jetengine-plugin-3-8-9-1-sql-injection-vulnerability-2?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-49079","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:45.917","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated SQL Injection in JetSearch <= 3.5.17 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Jetimpex Inc.","product":"JetSearch","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"jet-search","versions":[{"version":"n/a","lessThanOrEqual":"3.5.17","versionType":"custom","status":"affected","changes":[{"at":"3.5.17.1","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T12:19:00.369169Z","id":"CVE-2026-49079","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/jet-search/vulnerability/wordpress-jetsearch-plugin-3-5-17-sql-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-49080","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:46.047","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated SQL Injection in wpDataTables <= 7.3.6 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"TMS","product":"wpDataTables","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"wpdatatables","versions":[{"version":"n/a","lessThanOrEqual":"7.3.6","versionType":"custom","status":"affected","changes":[{"at":"7.4","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:24:22.151008Z","id":"CVE-2026-49080","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/wpdatatables/vulnerability/wordpress-wpdatatables-plugin-7-3-6-sql-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-49081","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:46.200","lastModified":"2026-06-17T15:16:59.627","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.12 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeGrill","product":"User Registration Stripe","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"user-registration-stripe","versions":[{"version":"n/a","lessThanOrEqual":"1.3.12","versionType":"custom","status":"affected","changes":[{"at":"1.3.13","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:31:00.765121Z","id":"CVE-2026-49081","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/user-registration-stripe/vulnerability/wordpress-user-registration-stripe-plugin-1-3-12-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-49084","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:46.323","lastModified":"2026-06-17T17:17:22.783","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated SQL Injection in JetEngine < 3.8.9.1 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Jetimpex Inc.","product":"JetEngine","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"jet-engine","versions":[{"version":"n/a","lessThan":"3.8.9.1","versionType":"custom","status":"affected","changes":[{"at":"3.8.9.1","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:20:48.721751Z","id":"CVE-2026-49084","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/jet-engine/vulnerability/wordpress-jetengine-plugin-3-8-9-1-sql-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-49107","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:46.443","lastModified":"2026-06-17T17:17:22.887","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated PHP Object Injection in Thrive Apprentice < 10.8.10.2 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Thrive Themes","product":"Thrive Apprentice","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"thrive-apprentice","versions":[{"version":"n/a","lessThan":"10.8.10.2","versionType":"custom","status":"affected","changes":[{"at":"10.8.10.2","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:20:36.357040Z","id":"CVE-2026-49107","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/thrive-apprentice/vulnerability/wordpress-thrive-apprentice-plugin-10-8-10-2-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-49113","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:46.563","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Subscriber Arbitrary Code Execution in Cornerstone < 7.8.8 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"THEMECO","product":"Cornerstone","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"cornerstone","versions":[{"version":"n/a","lessThan":"7.8.8","versionType":"custom","status":"affected","changes":[{"at":"7.8.8","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:24:09.737071Z","id":"CVE-2026-49113","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/cornerstone/vulnerability/wordpress-cornerstone-plugin-7-8-8-arbitrary-code-execution-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-49767","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:46.693","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Broken Authentication in wpForo Forum <= 3.1.0 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Tomdever","product":"wpForo Forum","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"wpforo","versions":[{"version":"n/a","lessThanOrEqual":"3.1.0","versionType":"custom","status":"affected","changes":[{"at":"3.1.1","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T12:19:03.094439Z","id":"CVE-2026-49767","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-288"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/wpforo/vulnerability/wordpress-wpforo-forum-plugin-3-1-0-broken-authentication-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-49778","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:46.830","lastModified":"2026-06-17T17:17:23.307","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Cross Site Scripting (XSS) in WPFunnels Pro <= 2.9.4 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"WPFunnels","product":"WPFunnels Pro","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"wpfunnels-pro","versions":[{"version":"n/a","lessThanOrEqual":"2.9.4","versionType":"custom","status":"affected","changes":[{"at":"2.9.5","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T13:30:28.612866Z","id":"CVE-2026-49778","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/wpfunnels-pro/vulnerability/wordpress-wpfunnels-pro-plugin-2-9-4-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-50203","sourceIdentifier":"security@apache.org","published":"2026-06-17T13:20:47.213","lastModified":"2026-06-17T19:04:30.027","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A path traversal in the SFTP provider (`SFTPHook.retrieve_directory` / `SFTPOperator(operation=get)`) let a malicious or compromised remote SFTP server write files outside the configured local destination directory via crafted directory-entry names. No Airflow account is required — the attack surface is any deployment downloading directories from an untrusted SFTP server. Upgrade `apache-airflow-providers-sftp` to 5.8.1 or later."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache Airflow SFTP provider","defaultStatus":"unaffected","collectionURL":"https://pypi.python.org","packageName":"apache-airflow-providers-sftp","versions":[{"version":"0","lessThan":"5.8.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:56:30.527395Z","id":"CVE-2026-50203","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:apache-airflow-providers-sftp:*:*:*:*:*:*:*:*","versionEndExcluding":"5.8.1","matchCriteriaId":"EFF26BE9-7893-46C4-9285-6D3B9C9BF48D"}]}]}],"references":[{"url":"https://github.com/apache/airflow/pull/67985","source":"security@apache.org","tags":["Issue Tracking","Patch"]},{"url":"https://lists.apache.org/thread/7f4b284oh44c1n95oq8mh1qc7y1lr9dx","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/06/16/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-52696","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:48.917","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Sensitive Data Exposure in JetBlog <= 2.4.8 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Jetimpex Inc.","product":"JetBlog","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"jet-blog","versions":[{"version":"n/a","lessThanOrEqual":"2.4.8","versionType":"custom","status":"affected","changes":[{"at":"2.4.8.1","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T12:18:16.564690Z","id":"CVE-2026-52696","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-1258"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/jet-blog/vulnerability/wordpress-jetblog-plugin-2-4-8-sensitive-data-exposure-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-52698","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:49.060","lastModified":"2026-06-17T15:17:00.183","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Subscriber Sensitive Data Exposure in PushEngage – Web Push Notifications, eCommerce Automation &amp; Chat Widget <= 4.2.3 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Syed Balkhi","product":"PushEngage – Web Push Notifications, eCommerce Automation &amp; Chat Widget","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"pushengage","versions":[{"version":"n/a","lessThanOrEqual":"4.2.3","versionType":"custom","status":"affected","changes":[{"at":"4.2.4","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.1,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:39:38.445296Z","id":"CVE-2026-52698","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-201"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/pushengage/vulnerability/wordpress-pushengage-web-push-notifications-ecommerce-automation-chat-widget-plugin-4-2-3-sensitive-data-exposure-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-52705","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:49.190","lastModified":"2026-06-17T17:17:25.167","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Arbitrary File Upload in SigmaForms Pro – AI Generated Forms <= 1.4.5 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"BDthemes","product":"SigmaForms Pro – AI Generated Forms","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"sigmaforms-pro","versions":[{"version":"n/a","lessThanOrEqual":"1.4.5","versionType":"custom","status":"affected","changes":[{"at":"1.4.6","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":9.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:20:42.452359Z","id":"CVE-2026-52705","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/sigmaforms-pro/vulnerability/wordpress-sigmaforms-pro-ai-generated-forms-plugin-1-4-5-arbitrary-file-upload-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-52706","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:49.313","lastModified":"2026-06-17T17:17:25.270","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated PHP Object Injection in JetEngine <= 3.8.10 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Jetimpex Inc.","product":"JetEngine","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"jet-engine","versions":[{"version":"n/a","lessThanOrEqual":"3.8.10","versionType":"custom","status":"affected","changes":[{"at":"3.8.10.1","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:20:24.901125Z","id":"CVE-2026-52706","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/jet-engine/vulnerability/wordpress-jetengine-plugin-3-8-10-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-53876","sourceIdentifier":"vultures@jpcert.or.jp","published":"2026-06-17T13:20:49.537","lastModified":"2026-06-17T16:18:00.113","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"RadiX AX6600 WiFi 6 Tri-Band Gaming Router contains an OS command injection vulnerability, which may lead to arbitrary command execution with the root privilege by a user who logs in to the web console as an administrator."}],"affected":[{"source":"vultures@jpcert.or.jp","affectedData":[{"vendor":"Micro-Star International Co., Ltd.","product":"RadiX AX6600 WiFi 6 Tri-Band Gaming Router","versions":[{"version":"firmware versions prior to v781521","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"vultures@jpcert.or.jp","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV30":[{"source":"vultures@jpcert.or.jp","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:21:38.869364Z","id":"CVE-2026-53876","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"vultures@jpcert.or.jp","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://jvn.jp/en/jp/JVN20769211/","source":"vultures@jpcert.or.jp"},{"url":"https://www.msi.com/Networking/RadiX-AX6600-WiFi-6-Tri-Band-Gaming-Router/support","source":"vultures@jpcert.or.jp"}]}},{"cve":{"id":"CVE-2026-54184","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:49.677","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Insecure Direct Object References (IDOR) in Clean Login <= 1.15 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Alberto Hornero","product":"Clean Login","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"clean-login","versions":[{"version":"n/a","lessThanOrEqual":"1.15","versionType":"custom","status":"affected","changes":[{"at":"1.16","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T12:17:54.145822Z","id":"CVE-2026-54184","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/clean-login/vulnerability/wordpress-clean-login-plugin-1-15-insecure-direct-object-references-idor-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-54185","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:49.817","lastModified":"2026-06-17T17:17:25.990","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Subscriber SQL Injection in Cornerstone < 7.8.8 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"THEMECO","product":"Cornerstone","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"cornerstone","versions":[{"version":"n/a","lessThan":"7.8.8","versionType":"custom","status":"affected","changes":[{"at":"7.8.8","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.1,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T13:30:26.247587Z","id":"CVE-2026-54185","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/cornerstone/vulnerability/wordpress-cornerstone-plugin-7-8-8-sql-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-54186","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:49.990","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated SQL Injection in JobSearch <= 3.2.9 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"eyecix","product":"JobSearch","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"wp-jobsearch","versions":[{"version":"n/a","lessThanOrEqual":"3.2.9","versionType":"custom","status":"affected","changes":[{"at":"3.3.0","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T12:17:03.611262Z","id":"CVE-2026-54186","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/wp-jobsearch/vulnerability/wordpress-jobsearch-plugin-3-2-9-sql-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-54187","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:50.147","lastModified":"2026-06-17T15:17:00.657","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated SQL Injection in JetEngine <= 3.8.10.1 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Jetimpex Inc.","product":"JetEngine","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"jet-engine","versions":[{"version":"n/a","lessThanOrEqual":"3.8.10.1","versionType":"custom","status":"affected","changes":[{"at":"3.8.10.2","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:40:28.868739Z","id":"CVE-2026-54187","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/jet-engine/vulnerability/wordpress-jetengine-plugin-3-8-10-1-sql-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-54188","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:50.270","lastModified":"2026-06-17T17:17:26.093","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Jetimpex Inc.","product":"JetEngine","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"jet-engine","versions":[{"version":"n/a","lessThanOrEqual":"3.8.10","versionType":"custom","status":"affected","changes":[{"at":"3.8.10.1","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:20:05.690387Z","id":"CVE-2026-54188","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/jet-engine/vulnerability/wordpress-jetengine-plugin-3-8-10-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-54189","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:50.393","lastModified":"2026-06-17T17:17:26.193","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Jetimpex Inc.","product":"JetEngine","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"jet-engine","versions":[{"version":"n/a","lessThanOrEqual":"3.8.10","versionType":"custom","status":"affected","changes":[{"at":"3.8.10.1","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:20:10.260881Z","id":"CVE-2026-54189","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/jet-engine/vulnerability/wordpress-jetengine-plugin-3-8-10-cross-site-scripting-xss-vulnerability-2?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-54192","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:50.533","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Cross Site Scripting (XSS) in Popup box <= 6.2.9 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Ays Pro","product":"Popup box","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"ays-popup-box","versions":[{"version":"n/a","lessThanOrEqual":"6.2.9","versionType":"custom","status":"affected","changes":[{"at":"6.3.0","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T12:12:21.763025Z","id":"CVE-2026-54192","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/ays-popup-box/vulnerability/wordpress-popup-box-plugin-6-2-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-54194","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:50.670","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Contributor PHP Object Injection in Fusion Builder <= 3.15.4 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeFusion","product":"Fusion Builder","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"fusion-builder","versions":[{"version":"n/a","lessThanOrEqual":"3.15.4","versionType":"custom","status":"affected","changes":[{"at":"3.15.5","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:34:39.672657Z","id":"CVE-2026-54194","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/fusion-builder/vulnerability/wordpress-fusion-builder-plugin-3-15-4-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-54195","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:50.820","lastModified":"2026-06-17T17:17:26.393","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Cross Site Scripting (XSS) in JetFormBuilder <= 3.6.0.1 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Jetmonsters","product":"JetFormBuilder","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"jetformbuilder","versions":[{"version":"n/a","lessThanOrEqual":"3.6.0.1","versionType":"custom","status":"affected","changes":[{"at":"3.6.1","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T13:30:24.167235Z","id":"CVE-2026-54195","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/jetformbuilder/vulnerability/wordpress-jetformbuilder-plugin-3-6-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-54196","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:50.960","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Subscriber Privilege Escalation in JetFormBuilder <= 3.6.1 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Jetmonsters","product":"JetFormBuilder","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"jetformbuilder","versions":[{"version":"n/a","lessThanOrEqual":"3.6.1","versionType":"custom","status":"affected","changes":[{"at":"3.6.1.1","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T12:16:09.056272Z","id":"CVE-2026-54196","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-266"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/jetformbuilder/vulnerability/wordpress-jetformbuilder-plugin-3-6-1-privilege-escalation-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-54802","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:51.223","lastModified":"2026-06-17T15:17:00.900","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Broken Authentication in SMS Alert Order Notifications <= 3.9.3 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Cozy Vision Technologies Pvt. Ltd.","product":"SMS Alert Order Notifications","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"sms-alert","versions":[{"version":"n/a","lessThanOrEqual":"3.9.3","versionType":"custom","status":"affected","changes":[{"at":"3.9.4","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:40:06.517259Z","id":"CVE-2026-54802","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/sms-alert/vulnerability/wordpress-sms-alert-order-notifications-plugin-3-9-3-broken-authentication-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-54803","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:51.343","lastModified":"2026-06-17T15:17:01.027","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Subscriber Privilege Escalation in SMS Alert Order Notifications <= 3.9.4 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Cozy Vision Technologies Pvt. Ltd.","product":"SMS Alert Order Notifications","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"sms-alert","versions":[{"version":"n/a","lessThanOrEqual":"3.9.4","versionType":"custom","status":"affected","changes":[{"at":"3.9.5","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:48:25.957306Z","id":"CVE-2026-54803","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/sms-alert/vulnerability/wordpress-sms-alert-order-notifications-plugin-3-9-4-privilege-escalation-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-54804","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:51.473","lastModified":"2026-06-17T17:17:26.730","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Subscriber Broken Authentication in Melhor Envio <= 2.16.3 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"melhorenvio","product":"Melhor Envio","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"melhor-envio-cotacao","versions":[{"version":"n/a","lessThanOrEqual":"2.16.3","versionType":"custom","status":"affected","changes":[{"at":"2.16.4","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:20:17.020324Z","id":"CVE-2026-54804","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-288"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/melhor-envio-cotacao/vulnerability/wordpress-melhor-envio-plugin-2-16-3-broken-authentication-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-54805","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:51.593","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Subscriber Privilege Escalation in Falang multilanguage <= 1.4.2 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"sbouey","product":"Falang multilanguage","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"falang","versions":[{"version":"n/a","lessThanOrEqual":"1.4.2","versionType":"custom","status":"affected","changes":[{"at":"1.4.3","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T12:10:35.997714Z","id":"CVE-2026-54805","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-266"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/falang/vulnerability/wordpress-falang-multilanguage-plugin-1-4-2-privilege-escalation-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-54806","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:51.727","lastModified":"2026-06-17T17:17:26.833","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated PHP Object Injection in WP Activity Log <= 5.6.3.1 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Melapress","product":"WP Activity Log","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"wp-security-audit-log","versions":[{"version":"n/a","lessThanOrEqual":"5.6.3.1","versionType":"custom","status":"affected","changes":[{"at":"5.6.4","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T13:43:19.668905Z","id":"CVE-2026-54806","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/wp-security-audit-log/vulnerability/wordpress-wp-activity-log-plugin-5-6-3-1-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-54807","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:51.853","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Privilege Escalation in Registration Form for WooCommerce <= 1.0.9 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeGrill","product":"Registration Form for WooCommerce","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"registration-form-for-woocommerce","versions":[{"version":"n/a","lessThanOrEqual":"1.0.9","versionType":"custom","status":"affected","changes":[{"at":"1.1.0","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T12:15:03.967995Z","id":"CVE-2026-54807","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Primary","description":[{"lang":"en","value":"CWE-266"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/registration-form-for-woocommerce/vulnerability/wordpress-registration-form-for-woocommerce-plugin-1-0-9-privilege-escalation-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-54811","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:20:51.997","lastModified":"2026-06-17T15:17:01.370","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated SQL Injection in WP eMember < v10.9.4 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Tips and Tricks HQ","product":"WP eMember","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"wp-eMember","versions":[{"version":"n/a","lessThan":"v10.9.4","versionType":"custom","status":"affected","changes":[{"at":"v10.9.4","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:39:20.630137Z","id":"CVE-2026-54811","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/wp-emember/vulnerability/wordpress-wp-emember-plugin-v10-9-4-sql-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-55706","sourceIdentifier":"cve@mitre.org","published":"2026-06-17T13:20:52.117","lastModified":"2026-06-17T16:24:15.907","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"sppp_pap_input in sys/net/if_spppsubr.c in OpenBSD before 076e2b1 allows authentication bypass via certain zero values for lengths."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"OpenBSD","product":"OpenBSD","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"076e2b1c1fc4ac0883a72d3544131ad5cee7adf8","versionType":"git","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:32:57.493186Z","id":"CVE-2026-55706","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-1284"}]}],"references":[{"url":"https://blog.argus-systems.ai/blog/openbsd-pap-27-year-auth-bypass.html","source":"cve@mitre.org"},{"url":"https://github.com/openbsd/src/commit/076e2b1c1fc4ac0883a72d3544131ad5cee7adf8","source":"cve@mitre.org"},{"url":"https://www.openwall.com/lists/oss-security/2026/06/16/9","source":"cve@mitre.org"},{"url":"https://blog.argus-systems.ai/blog/poc-001-pap-bypass.py","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-5667","sourceIdentifier":"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp","published":"2026-06-17T13:20:52.657","lastModified":"2026-06-17T16:21:32.403","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Room Air Conditioners (for Japan and outside Japan); Wireless LAN Adapters for Room Air Conditioners (for Japan and outside Japan); Wireless LAN Adapters for Packaged Air Conditioners (for Japan and outside Japan); Refrigerators (for Japan); Heat Pump Water Heaters / HEMS-Compatible Adapters / Wireless LAN Adapters (for Japan); Bathroom Dryer / Heater / Ventilation Systems (for Japan); Adapters for Airflow Ventilation Systems, Heat Pump Chilled / Hot Water Systems, and Ventilation / Air-Conditioning System Air Resorts (for Japan); Lossnay Central Ventilation Systems (for Japan); Smart Switches for Ventilation Fans and Lossnay (for Japan); IH Cooking Heaters (for Japan); and Rice Cookers (for Japan) allows an attacker within Wi-Fi radio range of an affected product to access the affected product using a hard-coded SSID and password, thereby obtaining device data such as operation status, room set temperature, and room temperature; changing the air-conditioner or Wi-Fi settings; or causing Wi-Fi communication to enter a denial-of-service (DoS) condition."}],"affected":[{"source":"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp","affectedData":[{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-BKR2223-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-BKR2224-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-BKR2523-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-BKR2524-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-BKR2823-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-BKR2824-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-BKR3623-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-BKR3624-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-BKR4023S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-BKR4024S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-BKR5623S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-BKR5624S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-BKR6323S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-BKR6324S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-BKR7123S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-BKR7124S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-BXV2223-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-BXV2224-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-BXV2225-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-BXV2226-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-BXV2523-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-BXV2524-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-BXV2525-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-BXV2526-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-BXV2823-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-BXV2824-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-BXV2825-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-BXV2826-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-BXV3623-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-BXV3624-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-BXV3625-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-BXV3626-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-BXV4023S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-BXV4024S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-BXV4025S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-BXV4026S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-BXV5623S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-BXV5624S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-BXV5625S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-BXV5626S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-BXV6323S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-BXV6324S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-BXV6325S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-BXV6326S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-BXV7123S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-BXV7124S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-BXV7125S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-BXV7126S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM2220E8-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM2221E9-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM2221E9-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM2222E1-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM2222E1-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM2222E1-W-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM2223E3-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM2224E4-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM2225E5-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM2226E6-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM2520E8-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM2521E9-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM2521E9-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM2522E1-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM2522E1-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM2522E1-W-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM2523E3-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM2524E4-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM2525E5-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM2526E6-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM2820E8-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM2821E9-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM2821E9-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM2822E1-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM2822E1-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM2822E1-W-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM2823E3-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM2824E4-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM2825E5-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM2826E6-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM3620E8-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM3621E9-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM3621E9-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM3622E1-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM3622E1-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM3622E1-W-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM3623E3-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM3624E4-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM3625E5-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM3626E6-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM4020E8S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM4021E9S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM4021E9S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM4022E1S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM4022E1S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM4022E1S-W-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM4023E3S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM4024E4S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM4025E5S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM4026E6S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM5620E8S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM5621E9S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM5621E9S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM5622E1S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM5622E1S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM5622E1S-W-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM5623E3S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM5624E4S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM5625E5S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM5626E6S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM6320E8S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM6321E9S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM6321E9S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM6322E1S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM6322E1S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM6322E1S-W-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM6323E3S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM6324E4S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM6325E5S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM6326E6S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM7120E8S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM7121E9S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM7121E9S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM7122E1S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM7122E1S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM7122E1S-W-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM7123E3S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM7124E4S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM7125E5S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM7126E6S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM8020E8S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM8021E9S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM8021E9S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM8022E1S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM8022E1S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM8022E1S-W-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM8023E3S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM8024E4S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM8025E5S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM8026E6S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM9020E8S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM9021E9S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM9021E9S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM9022E1S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM9022E1S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM9022E1S-W-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM9023E3S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM9024E4S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM9025E5S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM9026E6S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EX2223E3-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EX2224E4-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EX2225E5-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EX2226E6-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EX2523E3-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EX2524E4-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EX2525E5-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EX2526E6-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EX2823E3-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EX2824E4-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EX2825E5-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EX2826E6-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EX3623E3-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EX3624E4-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EX3625E5-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EX3626E6-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EX4023E3S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EX4024E4S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EX4025E5S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EX4026E6S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EX5623E3S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EX5624E4S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EX5625E5S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EX5626E6S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EX6323E3S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EX6324E4S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EX6325E5S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EX6326E6S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EX7123E3S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EX7124E4S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EX7125E5S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EX7126E6S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FD4022S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FD4023S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FD4024S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FD4025S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FD4026S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FD40F1S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FD5622S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FD5623S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FD5624S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FD5625S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FD5626S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FD56F1S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FD6322S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FD6323S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FD6324S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FD6325S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FD6326S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FD63F1S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FD7122S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FD7123S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FD7124S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FD7125S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FD7126S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FD71F1S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FD8022S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FD8023S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FD8024S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FD8025S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FD8026S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FD80F1S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZ4020S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZ4021S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZ4022S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZ4024S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZ4025S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZ4026S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZ40F1S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZ5620S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZ5621S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZ5622S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZ5624S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZ5625S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZ5626S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZ56F1S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZ6320S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZ6321S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZ6322S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZ6324S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZ6325S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZ6326S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZ63F1S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZ7120S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZ7121S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZ7122S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZ7124S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZ7125S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZ7126S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZ71F1S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZ8020S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZ8021S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZ8022S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZ8024S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZ8025S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZ8026S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZ80F1S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZ9020S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZ9021S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZ9022S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZ9024S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZ9025S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZ9026S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZ90F1S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZV4020S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZV4021S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZV4022S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZV4024S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZV4025S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZV4026S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZV40F1S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZV5620S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZV5621S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZV5622S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZV5624S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZV5625S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZV5626S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZV56F1S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZV6320S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZV6321S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZV6322S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZV6324S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZV6325S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZV6326S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZV63F1S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZV7120S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZV7121S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZV7122S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZV7124S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZV7125S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZV7126S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZV71F1S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZV8020S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZV8021S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZV8022S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZV8024S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZV8025S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZV8026S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZV80F1S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZV9020S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZV9021S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZV9022S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZV9024S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZV9025S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZV9026S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-FZV90F1S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV2522-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV2522-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV2522-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV2523-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV2523-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV2524-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV2525-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV2526-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV2822S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV2822S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV2822S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV2823S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV2823S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV2824S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV2825S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV2826S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV4022S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV4022S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV4022S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV4022S-W-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV4023S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV4023S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV4024S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV4025S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV4026S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV5622S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV5622S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV5622S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV5622S-W-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV5623S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV5623S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV5624S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV5625S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV5626S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV6322S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV6322S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV6322S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV6322S-W-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV6323S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV6323S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV6324S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV6325S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV6326S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV7122S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV7122S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV7122S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV7122S-W-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV7123S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV7123S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV7124S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV7125S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV7126S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV8022S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV8022S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV8022S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV8022S-W-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV8023S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV8023S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV8024S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV8025S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-HXV8026S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-JXV2223-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-JXV2223-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-JXV2224-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-JXV2225-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-JXV2226-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-JXV2523-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-JXV2523-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-JXV2524-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-JXV2525-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-JXV2526-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-JXV2823S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-JXV2823S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-JXV2823-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-JXV2823-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-JXV2824S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-JXV2824-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-JXV2825S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-JXV2825-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-JXV2826S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-JXV2826-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-JXV3623S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-JXV3623S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-JXV3623-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-JXV3623-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-JXV3624S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-JXV3624-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-JXV3625S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-JXV3625-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-JXV3626S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-JXV3626-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-JXV4023S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-JXV4023S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-JXV4024S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-JXV4025S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-JXV4026S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-JXV5623S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-JXV5623S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-JXV5624S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-JXV5625S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-JXV5626S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-JXV6323S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-JXV6323S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-JXV6324S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-JXV6325S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-JXV6326S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-JXV7123S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-JXV7123S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-JXV7124S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-JXV7125S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-JXV7126S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-NXV2224-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-NXV2225-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-NXV2226-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-NXV2524-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-NXV2525-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-NXV2526-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-NXV2824S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-NXV2825S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-NXV2826S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-NXV3624S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-NXV3625S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-NXV3626S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-NXV4024S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-NXV4025S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-NXV4026S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-NXV5624S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-NXV5625S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-NXV5626S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-NXV6324S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-NXV6325S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-NXV6326S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-R2223-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-R2224-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-R2225-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-R2226-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-R2523-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-R2524-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-R2525-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-R2526-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-R2823-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-R2824-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-R2825-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-R2826-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-R3623-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-R3624-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-R3625-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-R3626-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-R4023S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-R4024S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-R4025S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-R4026S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-R5623S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-R5624S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-R5625S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-R5626S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-R6323S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-R6324S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-R6325S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-R6326S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-R7123S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-R7124S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-R7125S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-R7126S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-RK2223-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-RK2224-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-RK2225-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-RK2226-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-RK2523-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-RK2524-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-RK2525-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-RK2526-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-RK2823-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-RK2824-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-RK2825-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-RK2826-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-RK3623-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-RK3624-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-RK3625-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-RK3626-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-RK4023S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-RK4024S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-RK4025S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-RK4026S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-RK5623S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-RK5624S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-RK5625S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-RK5626S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-RK6323S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-RK6324S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-RK6325S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-RK6326S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-RK7123S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-RK7124S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-RK7125S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-RK7126S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-VXV4022S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-VXV4023S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-VXV4024S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-VXV4025S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-VXV4026S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-VXV40F1S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-VXV5622S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-VXV5623S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-VXV5624S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-VXV5625S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-VXV5626S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-VXV56F1S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-VXV6322S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-VXV6323S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-VXV6324S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-VXV6325S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-VXV6326S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-VXV63F1S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-VXV7122S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-VXV7123S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-VXV7124S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-VXV7125S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-VXV7126S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-VXV71F1S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-VXV8022S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-VXV8023S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-VXV8024S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-VXV8025S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-VXV8026S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-VXV80F1S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-X2223-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-X2224-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-X2225-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-X2226-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-X2523-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-X2524-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-X2525-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-X2526-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-X2823-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-X2824-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-X2825-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-X2826-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-X3623-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-X3624-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-X3625-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-X3626-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-X4023S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-X4024S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-X4025S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-X4026S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-X5623S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-X5624S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-X5625S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-X5626S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-X6323S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-X6324S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-X6325S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-X6326S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-X7123S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-X7124S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-X7125S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-X7126S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-XD2224-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-XD2225-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-XD2226-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-XD2524-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-XD2525-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-XD2526-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-XD2824S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-XD2825S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-XD2826S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-XD3624S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-XD3625S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-XD3626S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-XD4024S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-XD4025S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-XD4026S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-XD5624S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-XD5625S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-XD5626S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-XD6324S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-XD6325S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-XD6326S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-XK2223-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-XK2224-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-XK2225-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-XK2226-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-XK2523-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-XK2524-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-XK2525-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-XK2526-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-XK2823-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-XK2824-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-XK2825-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-XK2826-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-XK3623-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-XK3624-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-XK3625-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-XK3626-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-XK4023S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-XK4024S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-XK4025S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-XK4026S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-XK5623S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-XK5624S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-XK5625S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-XK5626S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-XK6323S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-XK6324S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-XK6325S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-XK6326S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-XK7123S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-XK7124S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-XK7125S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-XK7126S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD2522-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD2522-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD2523-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD2523-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD2524-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD2525-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD2526-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD2822S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD2822S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD2823S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD2823S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD2824S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD2825S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD2826S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD4022S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD4022S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD4022S-W-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD4023S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD4023S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD4024S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD4025S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD4026S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD5622S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD5622S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD5622S-W-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD5623S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD5623S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD5624S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD5625S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD5626S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD6322S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD6322S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD6322S-W-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD6323S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD6323S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD6324S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD6325S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD6326S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD7122S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD7122S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD7122S-W-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD7123S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD7123S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD7124S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD7125S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD7126S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD8022S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD8022S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD8022S-W-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD8023S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD8023S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD8024S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD8025S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZD8026S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2220-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2220-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2221-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2221-T-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2221-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2221-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2222-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2222-T-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2222-T-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2222-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2222-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2222-W-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2223-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2223-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2224-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2225-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2226-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2520-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2520-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2521-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2521-T-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2521-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2521-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2522-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2522-T-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2522-T-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2522-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2522-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2522-W-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2523-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2523-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2524-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2525-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2526-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2820S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2820S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2820-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2820-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2821S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2821S-T-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2821S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2821S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2821-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2821-T-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2821-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2821-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2822S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2822S-T-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2822S-T-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2822S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2822S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2822S-W-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2822-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2822-T-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2822-T-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2822-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2822-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2822-W-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2823S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2823S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2823-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2823-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2824S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2824-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2825S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2825-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2826S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW2826-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW3620S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW3620S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW3620-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW3620-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW3621S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW3621S-T-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW3621S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW3621S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW3621-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW3621-T-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW3621-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW3621-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW3622S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW3622S-T-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW3622S-T-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW3622S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW3622S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW3622S-W-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW3622-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW3622-T-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW3622-T-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW3622-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW3622-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW3622-W-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW3623S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW3623S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW3623-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW3623-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW3624S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW3624-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW3625S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW3625-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW3626S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW3626-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW4020S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW4020S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW4021S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW4021S-T-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW4021S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW4021S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW4022S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW4022S-T-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW4022S-T-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW4022S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW4022S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW4022S-W-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW4023S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW4023S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW4024S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW4025S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW4026S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW5620S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW5620S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW5621S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW5621S-T-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW5621S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW5621S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW5622S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW5622S-T-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW5622S-T-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW5622S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW5622S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW5622S-W-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW5623S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW5623S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW5624S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW5625S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW5626S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW6320S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW6320S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW6321S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW6321S-T-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW6321S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW6321S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW6322S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW6322S-T-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW6322S-T-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW6322S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW6322S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW6322S-W-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW6323S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW6323S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW6324S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW6325S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW6326S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW7120S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW7120S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW7121S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW7121S-T-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW7121S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW7121S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW7122S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW7122S-T-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW7122S-T-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW7122S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW7122S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW7122S-W-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW7123S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW7123S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW7124S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW7125S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW7126S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW8020S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW8020S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW8021S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW8021S-T-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW8021S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW8021S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW8022S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW8022S-T-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW8022S-T-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW8022S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW8022S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW8022S-W-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW8023S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW8023S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW8024S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW8025S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW8026S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW9020S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW9020S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW9021S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW9021S-T-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW9021S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW9021S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW9022S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW9022S-T-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW9022S-T-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW9022S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW9022S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW9022S-W-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW9023S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW9023S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW9024S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW9025S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZW9026S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2220-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2220-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2221-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2221-T-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2221-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2221-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2222-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2222-T-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2222-T-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2222-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2222-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2222-W-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2223-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2223-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2224-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2225-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2226-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2520-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2520-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2521-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2521-T-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2521-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2521-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2522-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2522-T-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2522-T-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2522-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2522-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2522-W-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2523-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2523-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2524-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2525-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2526-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2820S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2820S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2820-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2820-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2821S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2821S-T-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2821S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2821S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2821-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2821-T-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2821-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2821-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2822S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2822S-T-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2822S-T-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2822S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2822S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2822S-W-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2822-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2822-T-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2822-T-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2822-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2822-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2822-W-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2823S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2823S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2823-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2823-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2824S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2824-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2825S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2825-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2826S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV2826-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV3620S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV3620S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV3620-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV3620-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV3621S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV3621S-T-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV3621S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV3621S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV3621-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV3621-T-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV3621-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV3621-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV3622S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV3622S-T-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV3622S-T-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV3622S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV3622S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV3622S-W-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV3622-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV3622-T-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV3622-T-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV3622-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV3622-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV3622-W-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV3623S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV3623S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV3623-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV3623-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV3624S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV3624-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV3625S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV3625-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV3626S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV3626-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV4020S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV4020S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV4021S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV4021S-T-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV4021S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV4021S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV4022S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV4022S-T-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV4022S-T-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV4022S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV4022S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV4022S-W-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV4023S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV4023S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV4024S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV4025S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV4026S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV5620S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV5620S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV5621S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV5621S-T-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV5621S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV5621S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV5622S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV5622S-T-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV5622S-T-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV5622S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV5622S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV5622S-W-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV5623S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV5623S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV5624S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV5625S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV5626S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV6320S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV6320S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV6321S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV6321S-T-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV6321S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV6321S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV6322S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV6322S-T-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV6322S-T-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV6322S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV6322S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV6322S-W-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV6323S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV6323S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV6324S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV6325S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV6326S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV7120S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV7120S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV7121S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV7121S-T-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV7121S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV7121S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV7122S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV7122S-T-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV7122S-T-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV7122S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV7122S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV7122S-W-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV7123S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV7123S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV7124S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV7125S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV7126S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV8020S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV8020S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV8021S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV8021S-T-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV8021S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV8021S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV8022S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV8022S-T-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV8022S-T-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV8022S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV8022S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV8022S-W-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV8023S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV8023S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV8024S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV8025S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV8026S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV9020S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV9020S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV9021S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV9021S-T-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV9021S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV9021S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV9022S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV9022S-T-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV9022S-T-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV9022S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV9022S-W-1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV9022S-W-2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV9023S-T","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV9023S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV9024S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV9025S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZXV9026S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZY2223-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZY2224-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZY2225-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZY2226-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZY2523-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZY2524-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZY2525-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZY2526-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZY2823-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZY2824-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZY2825-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZY2826-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZY4023S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZY4024S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZY4025S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZY4026S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZY5623S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZY5624S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZY5625S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZY5626S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZY6323S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZY6324S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZY6325S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZY6326S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZY7124S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZY7125S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-ZY7126S-W","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM22E2-W","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM22E3-W","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM22E3-W-JITSUEN","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM25E2-W","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM25E3-W","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM28E2-W","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM28E3-W","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM36E2-W","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM36E3-W","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM40E2S-W","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM40E3S-W","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM56E2S-W","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM56E3S-W","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM63E2S-W","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM63E3S-W","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM71E2S-W","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM71E3S-W","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM80E2S-W","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM80E3S-W","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM90E2S-W","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (for Japan) MSZ-EM90E3S-W","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MFZ-KT25VGK-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MFZ-KT25VGK-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MFZ-KT35VGK-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MFZ-KT35VGK-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MFZ-KT50VGK-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MFZ-KT50VGK-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MFZ-KT60VGK-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MFZ-KT60VGK-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MFZ-KW25VGK-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MFZ-KW35VGK-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MFZ-KW50VGK-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MFZ-KW60VGK-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP60VGK2-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP60VGK2-E2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP60VGK2-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP60VGK2-ET2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP71VGK2-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP71VGK2-E2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP71VGK2-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP71VGK2-ET2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY15VGK2B-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY15VGK2B-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY15VGK2-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY15VGK2-E2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY15VGK2-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY15VGK2-ET2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY15VGKP2B-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY15VGKP2B-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY15VGKP2-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY15VGKP2-E2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY15VGKP2-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY15VGKP2-ET2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY20VGK2B-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY20VGK2B-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY20VGK2-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY20VGK2-E2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY20VGK2-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY20VGK2-ET2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY20VGKP2B-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY20VGKP2B-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY20VGKP2-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY20VGKP2-E2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY20VGKP2-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY20VGKP2-ET2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY25VGK2B-E6","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY25VGK2B-ET6","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY25VGK2B-SC6","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY25VGK2-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY25VGK2-E2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY25VGK2-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY25VGK2-ET2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY25VGK2-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY25VGK2-SC2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY25VGKP2B-E6","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY25VGKP2B-ET6","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY25VGKP2B-SC6","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY25VGKP2-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY25VGKP2-E2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY25VGKP2-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY25VGKP2-ET2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY25VGKP2-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY25VGKP2-SC2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY35VGK2B-E6","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY35VGK2B-ET6","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY35VGK2B-SC6","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY35VGK2-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY35VGK2-E2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY35VGK2-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY35VGK2-ET2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY35VGK2-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY35VGK2-SC2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY35VGKP2B-E6","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY35VGKP2B-ET6","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY35VGKP2B-SC6","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY35VGKP2-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY35VGKP2-E2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY35VGKP2-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY35VGKP2-ET2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY35VGKP2-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY35VGKP2-SC2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY42VGK2B-E6","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY42VGK2B-ET6","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY42VGK2B-SC6","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY42VGK2-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY42VGK2-E2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY42VGK2-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY42VGK2-ET2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY42VGK2-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY42VGK2-SC2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY42VGKP2B-E6","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY42VGKP2B-ET6","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY42VGKP2B-SC6","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY42VGKP2-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY42VGKP2-E2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY42VGKP2-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY42VGKP2-ET2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY42VGKP2-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY42VGKP2-SC2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY50VGK2B-E6","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY50VGK2B-ET6","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY50VGK2B-SC6","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY50VGK2-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY50VGK2-E2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY50VGK2-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY50VGK2-ET2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY50VGK2-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY50VGK2-SC2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY50VGKP2B-E6","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY50VGKP2B-ET6","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY50VGKP2B-SC6","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY50VGKP2-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY50VGKP2-E2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY50VGKP2-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY50VGKP2-ET2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY50VGKP2-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY50VGKP2-SC2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-BT20VGK2-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-BT20VGK2-E2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-BT20VGK2-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-BT20VGK2-ET2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-BT25VGK2-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-BT25VGK2-E2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-BT25VGK2-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-BT25VGK2-ET2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-BT35VGK2-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-BT35VGK2-E2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-BT35VGK2-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-BT35VGK2-ET2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-BT50VGK2-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-BT50VGK2-E2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-BT50VGK2-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-BT50VGK2-ET2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-DA25VFK-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-DA25VFK-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-DA35VFK-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-DA35VFK-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-DA50VFK-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-DA50VFK-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF18VGK2B-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF18VGK2B-E2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF18VGK2S-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF18VGK2S-E2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF18VGK2W-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF18VGK2W-E2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF22VGK2B-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF22VGK2B-E2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF22VGK2B-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF22VGK2B-ET2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF22VGK2S-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF22VGK2S-E2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF22VGK2S-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF22VGK2S-ET2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF22VGK2W-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF22VGK2W-E2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF22VGK2W-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF22VGK2W-ET2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF25VGK2B-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF25VGK2B-E2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF25VGK2B-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF25VGK2B-ET2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF25VGK2S-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF25VGK2S-E2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF25VGK2S-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF25VGK2S-ET2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF25VGK2W-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF25VGK2W-E2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF25VGK2W-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF25VGK2W-ET2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF35VGK2B-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF35VGK2B-E2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF35VGK2B-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF35VGK2B-ET2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF35VGK2S-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF35VGK2S-E2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF35VGK2S-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF35VGK2S-ET2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF35VGK2W-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF35VGK2W-E2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF35VGK2W-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF35VGK2W-ET2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF42VGK2B-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF42VGK2B-E2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF42VGK2B-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF42VGK2B-ET2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF42VGK2S-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF42VGK2S-E2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF42VGK2S-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF42VGK2S-ET2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF42VGK2W-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF42VGK2W-E2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF42VGK2W-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF42VGK2W-ET2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF50VGK2B-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF50VGK2B-E2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF50VGK2B-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF50VGK2B-ET2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF50VGK2S-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF50VGK2S-E2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF50VGK2S-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF50VGK2S-ET2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF50VGK2W-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF50VGK2W-E2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF50VGK2W-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF50VGK2W-ET2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-FT25VGK2-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-FT25VGK2-E2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-FT25VGK2-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-FT25VGK2-SC2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-FT35VGK2-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-FT35VGK2-E2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-FT35VGK2-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-FT35VGK2-SC2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-FT50VGK2-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-FT50VGK2-E2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-FT50VGK2-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-FT50VGK2-SC2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR25VFK2-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR25VFK2-E2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR25VFK2-E6","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR25VFK2-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR25VFK2-ET2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR35VFK2-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR35VFK2-E2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR35VFK2-E6","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR35VFK2-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR35VFK2-ET2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR42VFK2-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR42VFK2-E2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR42VFK2-E6","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR42VFK2-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR42VFK2-ET2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR50VFK2-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR50VFK2-E2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR50VFK2-E6","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR50VFK2-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR50VFK2-ET2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR60VFK2-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR60VFK2-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR71VFK2-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR71VFK2-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN18VG2B-E5","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN18VG2R-E5","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN18VG2V-E5","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN18VG2W-E5","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN18VG2W-ET4","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN18VG2W-SC3","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN18VG3B-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN18VG3R-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN18VG3V-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN18VG3W-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN18VG3W-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN18VG3W-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN18VG4MW-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN18VG4MW-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN18VG4MW-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN20VG4FB-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN20VG4FL-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN20VG4FM-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN20VG4MW-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2B-E5","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2B-ET5","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2B-SC3","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2R-E5","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2R-ET5","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2R-SC3","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2V-E5","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2V-ET5","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2V-SC3","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2W-E5","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2W-ET5","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2W-SC3","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG3B-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG3B-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG3B-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG3R-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG3R-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG3R-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG3V-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG3V-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG3V-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG3W-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG3W-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG3W-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG4FB-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG4FB-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG4FB-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG4FL-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG4FL-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG4FL-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG4FM-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG4FM-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG4FM-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG4MW-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG4MW-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG4MW-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2B-E5","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2B-ET5","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2B-SC3","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2R-E5","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2R-ET5","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2R-SC3","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2V-E5","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2V-ET5","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2V-SC3","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2W-E5","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2W-ET5","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2W-SC3","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG3B-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG3B-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG3B-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG3R-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG3R-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG3R-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG3V-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG3V-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG3V-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG3W-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG3W-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG3W-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG4FB-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG4FB-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG4FB-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG4FL-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG4FL-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG4FL-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG4FM-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG4FM-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG4FM-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG4MW-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG4MW-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG4MW-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2B-E5","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2B-ET5","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2B-SC3","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2R-E5","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2R-ET5","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2R-SC3","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2V-E5","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2V-ET5","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2V-SC3","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2W-E5","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2W-ET5","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2W-SC3","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG3B-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG3B-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG3B-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG3R-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG3R-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG3R-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG3V-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG3V-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG3V-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG3W-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG3W-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG3W-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG4FB-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG4FB-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG4FB-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG4FL-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG4FL-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG4FL-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG4FM-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG4FM-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG4FM-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG4MW-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG4MW-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG4MW-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG2B-E5","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG2B-ET5","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG2R-E5","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG2R-ET5","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG2V-E5","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG2V-ET5","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG2W-E5","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG2W-ET5","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG3B-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG3B-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG3R-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG3R-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG3V-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG3V-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG3W-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG3W-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG4FB-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG4FB-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG4FL-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG4FL-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG4FM-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG4FM-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG4MW-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG4MW-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LZ18VUMW-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LZ18VUMW-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LZ18VUMW-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LZ20VUFB-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LZ20VUFL-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LZ20VUFM-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LZ20VUMW-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LZ25VUFB-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LZ25VUFB-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LZ25VUFB-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LZ25VUFL-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LZ25VUFL-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LZ25VUFL-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LZ25VUFM-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LZ25VUFM-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LZ25VUFM-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LZ25VUMW-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LZ25VUMW-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LZ25VUMW-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LZ35VUFB-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LZ35VUFB-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LZ35VUFB-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LZ35VUFL-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LZ35VUFL-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LZ35VUFL-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LZ35VUFM-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LZ35VUFM-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LZ35VUFM-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LZ35VUMW-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LZ35VUMW-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LZ35VUMW-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LZ50VUFB-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LZ50VUFB-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LZ50VUFB-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LZ50VUFL-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LZ50VUFL-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LZ50VUFL-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LZ50VUFM-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LZ50VUFM-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LZ50VUFM-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LZ50VUMW-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LZ50VUMW-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LZ50VUMW-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LZ60VUFB-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LZ60VUFB-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LZ60VUFL-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LZ60VUFL-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LZ60VUFM-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LZ60VUFM-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LZ60VUMW-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LZ60VUMW-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-RW25VG2-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-RW25VG2-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-RW35VG2-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-RW35VG2-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-RW50VG2-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-RW50VG2-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-RZ25VUB-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-RZ25VUB-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-RZ25VU-E2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-RZ25VU-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-RZ25VU-SC2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-RZ35VUB-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-RZ35VUB-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-RZ35VU-E2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-RZ35VU-ET1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-RZ35VU-SC2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-RZ50VUB-E1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-RZ50VUB-SC1","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-RZ50VU-E2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-RZ50VU-SC2","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MFZ-GXT50VFK","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MFZ-GXT60VFK","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MFZ-GXT73VFK","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MFZ-KW25VGK-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MFZ-KW25VGK-A2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MFZ-KW35VGK-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MFZ-KW35VGK-A2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MFZ-KW42VGK-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MFZ-KW42VGK-A2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MFZ-KW50VGK-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MFZ-KW50VGK-A2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MFZ-KW60VGK-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MFZ-KW60VGK-A2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MFZ-XT50VFK","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MFZ-XT60VFK","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MFZ-XT73VFK","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSXY-FP05VGK-SG2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSXY-FP07VGK-SG2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSXY-FP10VGK-SG2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSXY-FP13VGK-SG2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSXY-FP18VGK-SG2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSXY-FP20VGK-SG2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSXY-FP24VGK-SG2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSY-GA10VFK-SG1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSY-GA13VFK-SG1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSY-GA15VFK-SG1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSY-GA18VFK-SG1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSY-GA24VFK-SG1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP15VGK-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP15VGK-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP15VGK-ER1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP15VGK-ER2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP15VGK-ET1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP15VGK-ET2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP20VGK-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP20VGK-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP20VGK-ER1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP20VGK-ER2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP20VGK-ET1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP20VGK-ET2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP22VGKD-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP22VGKD-A2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP25VGKD2-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP25VGKD2-A2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP25VGKD-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP25VGKD-A2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP25VGK-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP25VGK-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP25VGK-E3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP25VGK-E7","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP25VGK-E8","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP25VGK-EN1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP25VGK-EN2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP25VGK-EN3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP25VGK-ER1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP25VGK-ER2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP25VGK-ER3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP25VGK-ET1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP25VGK-ET2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP25VGK-ET3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP35VGKD2-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP35VGKD2-A2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP35VGKD-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP35VGKD-A2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP35VGK-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP35VGK-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP35VGK-E3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP35VGK-E7","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP35VGK-E8","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP35VGK-EN1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP35VGK-EN2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP35VGK-EN3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP35VGK-ER1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP35VGK-ER2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP35VGK-ER3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP35VGK-ET1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP35VGK-ET2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP35VGK-ET3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP42VGKD2-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP42VGKD2-A2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP42VGKD-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP42VGKD-A2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP42VGK-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP42VGK-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP42VGK-E3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP42VGK-E7","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP42VGK-E8","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP42VGK-EN1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP42VGK-EN2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP42VGK-EN3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP42VGK-ER1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP42VGK-ER2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP42VGK-ER3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP42VGK-ET1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP42VGK-ET2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP42VGK-ET3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP50VGKD2-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP50VGKD2-A2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP50VGKD-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP50VGKD-A2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP50VGK-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP50VGK-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP50VGK-E3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP50VGK-E7","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP50VGK-E8","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP50VGK-EN1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP50VGK-EN2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP50VGK-EN3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP50VGK-ER1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP50VGK-ER2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP50VGK-ER3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP50VGK-ET1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP50VGK-ET2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP50VGK-ET3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP60VGKD2-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP60VGKD2-A2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP60VGKD-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP60VGKD-A2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP60VGK-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP60VGK-E3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP60VGK-E4","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP60VGK-ER2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP60VGK-ER3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP60VGK-ER4","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP60VGK-ET2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP60VGK-ET3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP60VGK-ET4","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP71VGKD2-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP71VGKD2-A2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP71VGKD-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP71VGKD-A2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP71VGK-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP71VGK-E3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP71VGK-E4","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP71VGK-ER2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP71VGK-ER3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP71VGK-ER4","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP71VGK-ET2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP71VGK-ET3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP71VGK-ET4","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP80VGKD2-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP80VGKD2-A2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP80VGKD-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP80VGKD-A2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY15VGK-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY15VGK-ER1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY15VGK-ET1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY15VGKP-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY15VGKP-ER1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY15VGKP-ET1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY20VGK-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY20VGK-ER1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY20VGK-ET1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY20VGKP-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY20VGKP-ER1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY20VGKP-ET1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY25VGK-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY25VGK-E6","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY25VGK-ET1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY25VGKP-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY25VGKP-E6","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY25VGKP-ET1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY25VGKP-SC1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY25VGK-SC1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY35VGK-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY35VGK-E6","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY35VGK-ET1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY35VGKP-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY35VGKP-E6","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY35VGKP-ET1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY35VGKP-SC1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY35VGK-SC1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY42VGK-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY42VGK-E6","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY42VGK-ET1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY42VGKP-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY42VGKP-E6","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY42VGKP-ET1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY42VGKP-SC1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY42VGK-SC1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY50VGK-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY50VGK-E6","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY50VGK-ET1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY50VGKP-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY50VGKP-E6","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY50VGKP-ET1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY50VGKP-SC1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AY50VGK-SC1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-BT20VGK-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-BT20VGK-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-BT20VGK-E3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-BT20VGK-ER1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-BT20VGK-ER2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-BT20VGK-ET1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-BT20VGK-ET2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-BT20VGK-ET3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-BT25VGK-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-BT25VGK-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-BT25VGK-E3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-BT25VGK-ER1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-BT25VGK-ER2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-BT25VGK-ET1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-BT25VGK-ET2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-BT25VGK-ET3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-BT35VGK-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-BT35VGK-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-BT35VGK-E3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-BT35VGK-ER1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-BT35VGK-ER2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-BT35VGK-ET1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-BT35VGK-ET2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-BT35VGK-ET3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-BT50VGK-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-BT50VGK-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-BT50VGK-E3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-BT50VGK-ER1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-BT50VGK-ER2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-BT50VGK-ET1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-BT50VGK-ET2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-BT50VGK-ET3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF18VGKB-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF18VGKB-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF18VGKS-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF18VGKS-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF18VGKW-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF18VGKW-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF22VGKB-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF22VGKB-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF22VGKB-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF22VGKB-ER1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF22VGKB-ER2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF22VGKB-ET1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF22VGKB-ET2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF22VGKDB-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF22VGKDB-A2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF22VGKDS-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF22VGKDS-A2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF22VGKDW-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF22VGKDW-A2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF22VGKS-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF22VGKS-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF22VGKS-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF22VGKS-ER1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF22VGKS-ER2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF22VGKS-ET1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF22VGKS-ET2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF22VGKW-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF22VGKW-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF22VGKW-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF22VGKW-ER1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF22VGKW-ER2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF22VGKW-ET1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF22VGKW-ET2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF25VGKB-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF25VGKB-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF25VGKB-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF25VGKB-ER1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF25VGKB-ER2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF25VGKB-ET1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF25VGKB-ET2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF25VGKDB-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF25VGKDB-A2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF25VGKDS-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF25VGKDS-A2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF25VGKDW-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF25VGKDW-A2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF25VGKS-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF25VGKS-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF25VGKS-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF25VGKS-ER1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF25VGKS-ER2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF25VGKS-ET1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF25VGKS-ET2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF25VGKW-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF25VGKW-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF25VGKW-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF25VGKW-ER1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF25VGKW-ER2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF25VGKW-ET1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF25VGKW-ET2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF35VGKB-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF35VGKB-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF35VGKB-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF35VGKB-ER1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF35VGKB-ER2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF35VGKB-ET1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF35VGKB-ET2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF35VGKDB-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF35VGKDB-A2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF35VGKDS-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF35VGKDS-A2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF35VGKDW-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF35VGKDW-A2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF35VGKS-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF35VGKS-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF35VGKS-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF35VGKS-ER1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF35VGKS-ER2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF35VGKS-ET1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF35VGKS-ET2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF35VGKW-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF35VGKW-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF35VGKW-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF35VGKW-ER1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF35VGKW-ER2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF35VGKW-ET1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF35VGKW-ET2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF42VGKB-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF42VGKB-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF42VGKB-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF42VGKB-ER1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF42VGKB-ER2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF42VGKB-ET1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF42VGKB-ET2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF42VGKDB-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF42VGKDB-A2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF42VGKDS-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF42VGKDS-A2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF42VGKDW-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF42VGKDW-A2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF42VGKS-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF42VGKS-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF42VGKS-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF42VGKS-ER1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF42VGKS-ER2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF42VGKS-ET1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF42VGKS-ET2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF42VGKW-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF42VGKW-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF42VGKW-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF42VGKW-ER1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF42VGKW-ER2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF42VGKW-ET1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF42VGKW-ET2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF50VGKB-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF50VGKB-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF50VGKB-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF50VGKB-ER1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF50VGKB-ER2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF50VGKB-ET1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF50VGKB-ET2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF50VGKDB-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF50VGKDB-A2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF50VGKDS-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF50VGKDS-A2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF50VGKDW-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF50VGKDW-A2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF50VGKS-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF50VGKS-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF50VGKS-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF50VGKS-ER1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF50VGKS-ER2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF50VGKS-ET1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF50VGKS-ET2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF50VGKW-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF50VGKW-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF50VGKW-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF50VGKW-ER1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF50VGKW-ER2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF50VGKW-ET1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EF50VGKW-ET2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EXA09VAK","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EXA12VAK","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EZA09VAK","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-EZA12VAK","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-FT25VGK-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-FT25VGK-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-FT25VGK-ET1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-FT25VGK-SC1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-FT25VGK-SC2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-FT35VGK-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-FT35VGK-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-FT35VGK-ET1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-FT35VGK-SC1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-FT35VGK-SC2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-FT50VGK-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-FT50VGK-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-FT50VGK-ET1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-FT50VGK-SC1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-FT50VGK-SC2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-GZA09VFK","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-GZA12VFK","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-GZA18VFK","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-GZY09VFK","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-GZY12VFK","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-GZY18VFK","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR25VFK-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR25VFK-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR25VFK-E6","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR25VFK-E7","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR25VFK-ER1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR25VFK-ER2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR25VFK-ET1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR25VFK-ET2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR35VFK-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR35VFK-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR35VFK-E6","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR35VFK-E7","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR35VFK-ER1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR35VFK-ER2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR35VFK-ET1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR35VFK-ET2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR42VFK-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR42VFK-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR42VFK-E6","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR42VFK-E7","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR42VFK-ER1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR42VFK-ER2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR42VFK-ET1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR42VFK-ET2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR50VFK-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR50VFK-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR50VFK-E6","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR50VFK-E7","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR50VFK-ER1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR50VFK-ER2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR50VFK-ET1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR50VFK-ET2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR60VFK-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR60VFK-ER1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR60VFK-ET1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR71VFK-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR71VFK-ER1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-HR71VFK-ET1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-KY09VFK","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-KY12VFK","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-KY18VFK","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-KZA09VFK","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-KZA12VFK","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-KZA16VFK","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-KZA18VFK","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN18VG2B-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN18VG2B-E3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN18VG2R-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN18VG2R-E3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN18VG2V-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN18VG2V-E3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN18VG2W-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN18VG2W-E3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN18VG2W-ER2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN18VG2W-ET2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN18VG2W-SC1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2B-A2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2B-A3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2B-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2B-E3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2B-EN2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2B-ER2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2B-ER3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2B-ET2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2B-ET3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2B-SC1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2R-A2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2R-A3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2R-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2R-E3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2R-EN2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2R-ER2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2R-ER3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2R-ET2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2R-ET3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2R-SC1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2V-A2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2V-A3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2V-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2V-E3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2V-EN2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2V-ER2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2V-ER3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2V-ET2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2V-ET3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2V-SC1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2W-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2W-E3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2W-EN2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2W-ER2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2W-ER3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2W-ET2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2W-ET3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2W-SC1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VGDB-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VGDR-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VGDV-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2B-A2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2B-A3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2B-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2B-E3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2B-EN2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2B-ER2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2B-ER3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2B-ET2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2B-ET3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2B-SC1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2R-A2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2R-A3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2R-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2R-E3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2R-EN2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2R-ER2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2R-ER3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2R-ET2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2R-ET3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2R-SC1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2V-A2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2V-A3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2V-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2V-E3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2V-EN2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2V-ER2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2V-ER3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2V-ET2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2V-ET3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2V-SC1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2W-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2W-E3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2W-EN2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2W-ER2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2W-ER3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2W-ET2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2W-ET3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2W-SC1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VGDB-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VGDR-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VGDV-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2B-A2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2B-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2B-E3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2B-EN2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2B-ER2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2B-ER3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2B-ET2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2B-ET3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2B-SC1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2R-A2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2R-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2R-E3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2R-EN2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2R-ER2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2R-ER3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2R-ET2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2R-ET3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2R-SC1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2V-A2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2V-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2V-E3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2V-EN2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2V-ER2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2V-ER3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2V-ET2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2V-ET3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2V-SC1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2W-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2W-E3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2W-EN2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2W-ER2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2W-ER3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2W-ET2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2W-ET3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2W-SC1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG3B-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG3R-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG3V-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VGDB-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VGDR-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VGDV-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG2B-A2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG2B-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG2B-E3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG2B-ER2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG2B-ER3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG2B-ET2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG2B-ET3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG2R-A2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG2R-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG2R-E3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG2R-ER2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG2R-ER3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG2R-ET2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG2R-ET3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG2V-A2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG2V-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG2V-E3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG2V-ER2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG2V-ER3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG2V-ET2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG2V-ET3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG2W-E2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG2W-E3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG2W-ER2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG2W-ER3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG2W-ET2","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG2W-ET3","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG3B-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG3R-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG3V-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VGDB-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VGDR-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VGDV-A1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-RW25VG-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-RW25VG-ER1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-RW25VG-ET1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-RW25VG-SC1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-RW35VG-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-RW35VG-ER1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-RW35VG-ET1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-RW35VG-SC1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-RW50VG-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-RW50VG-ER1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-RW50VG-ET1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-RW50VG-SC1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-RZ25VU-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-RZ25VU-SC1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-RZ35VU-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-RZ35VU-SC1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-RZ50VU-E1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-RZ50VU-SC1","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-WX18VFK","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-WX20VFK","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-WX25VFK","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-ZA09VFK","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-ZA12VFK","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-ZA18VFK","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-ZY09VFK","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-ZY12VFK","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-ZY18VFK","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP25VGK-E6","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP35VGK-E6","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP42VGK-E6","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP50VGK-E6","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP60VGK-E1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP60VGK-ER1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP60VGK-ET1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP71VGK-E1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP71VGK-ER1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-AP71VGK-ET1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-FT20VFK","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-FT25VFK","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-FX20VFK","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-FX25VFK","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-GZT09VAK","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-GZT09VAK-1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-GZT12VAK","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-GZT12VAK-1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-GZT18VAK","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-GZT18VAK-1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN18VG2B-E1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN18VG2B-EN1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN18VG2B-ET1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN18VG2R-E1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN18VG2R-EN1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN18VG2R-ET1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN18VG2V-E1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN18VG2V-EN1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN18VG2V-ET1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN18VG2W-E1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN18VG2W-EN1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN18VG2W-ER1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN18VG2W-ET1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN18VGB-E1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN18VGR-E1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN18VGV-E1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN18VGW-E1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2B-A1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2B-E1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2B-EN1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2B-ER1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2B-ET1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2R-A1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2R-E1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2R-EN1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2R-ER1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2R-ET1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2V-A1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2V-E1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2V-EN1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2V-ER1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2V-ET1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2W-E1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2W-EN1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2W-ER1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VG2W-ET1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VGB-A1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VGB-E1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VGB-ER1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VGR-A1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VGR-E1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VGR-ER1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VGV-A1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VGV-E1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VGV-ER1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VGW-E1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN25VGW-ER1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2B-A1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2B-E1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2B-EN1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2B-ER1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2B-ET1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2R-A1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2R-E1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2R-EN1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2R-ER1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2R-ET1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2V-A1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2V-E1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2V-EN1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2V-ER1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2V-ET1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2W-E1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2W-EN1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2W-ER1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VG2W-ET1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VGB-A1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VGB-E1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VGB-ER1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VGR-A1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VGR-E1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VGR-ER1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VGV-A1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VGV-E1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VGV-ER1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VGW-E1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN35VGW-ER1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2B-A1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2B-E1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2B-EN1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2B-ER1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2B-ET1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2R-A1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2R-E1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2R-EN1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2R-ER1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2R-ET1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2V-A1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2V-E1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2V-EN1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2V-ER1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2V-ET1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2W-E1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2W-EN1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2W-ER1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VG2W-ET1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VGB-A1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VGB-E1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VGB-ER1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VGR-A1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VGR-E1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VGR-ER1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VGV-A1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VGV-E1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VGV-ER1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VGW-E1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN50VGW-ER1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG2B-A1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG2B-E1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG2B-ER1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG2B-ET1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG2R-A1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG2R-E1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG2R-ER1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG2R-ET1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG2V-A1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG2V-E1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG2V-ER1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG2V-ET1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG2W-E1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG2W-ER1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VG2W-ET1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VGB-A1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VGB-E1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VGB-ER1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VGR-A1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VGR-E1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VGR-ER1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VGV-A1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VGV-E1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VGV-ER1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VGW-E1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-LN60VGW-ER1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-ZT09VAK","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-ZT09VAK-1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-ZT12VAK","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-ZT12VAK-1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-ZT18VAK","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Room Air Conditioners (outside Japan) MSZ-ZT18VAK-1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Wireless LAN Adapters for Room Air Conditioners (for Japan) MAC-900IF","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Wireless LAN Adapters for Room Air Conditioners (for Japan) HM-CT01MJ","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Wireless LAN Adapters for Room Air Conditioners (for Japan) HM-EM02","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Wireless LAN Adapters for Room Air Conditioners (for Japan) HM-EM02MJ","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Wireless LAN Adapters for Room Air Conditioners (for Japan) HM-EM03-W","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Wireless LAN Adapters for Room Air Conditioners (for Japan) HM-VL01MJ","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Wireless LAN Adapters for Room Air Conditioners (for Japan) HM-W002-AC","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Wireless LAN Adapters for Room Air Conditioners (for Japan) HM-W002-ACB","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Wireless LAN Adapters for Room Air Conditioners (for Japan) HM-WF001","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Wireless LAN Adapters for Room Air Conditioners (for Japan) HM-WF001EM","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Wireless LAN Adapters for Room Air Conditioners (for Japan) HM-WF001MD","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Wireless LAN Adapters for Room Air Conditioners (for Japan) HM-WF002EM","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Wireless LAN Adapters for Room Air Conditioners (for Japan) HM-WF002MD","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Wireless LAN Adapters for Room Air Conditioners (for Japan) MAC-884IF","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Wireless LAN Adapters for Room Air Conditioners (for Japan) MAC-888IF","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Wireless LAN Adapters for Room Air Conditioners (for Japan) MAC-895IF","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Wireless LAN Adapters for Room Air Conditioners (outside Japan) MAC-597IF-E","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Wireless LAN Adapters for Room Air Conditioners (outside Japan) MAC-597IF-EM","defaultStatus":"unaffected","versions":[{"version":"51.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Wireless LAN Adapters for Room Air Conditioners (outside Japan) MAC-587IF-E","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Wireless LAN Adapters for Room Air Conditioners (outside Japan) MAC-588IF-E","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Wireless LAN Adapters for Room Air Conditioners (outside Japan) MAC-589IF-EM","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Wireless LAN Adapters for Room Air Conditioners (outside Japan) S-MAC-002IF","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Wireless LAN Adapters for Room Air Conditioners (outside Japan) S-MAC-705IF","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Wireless LAN Adapters for Room Air Conditioners (outside Japan) MAC-557IF-E","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Wireless LAN Adapters for Room Air Conditioners (outside Japan) MAC-557IF-E1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Wireless LAN Adapters for Room Air Conditioners (outside Japan) MAC-558IF-E","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Wireless LAN Adapters for Room Air Conditioners (outside Japan) MAC-558IF-E1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Wireless LAN Adapters for Room Air Conditioners (outside Japan) MAC-559IF-E","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Wireless LAN Adapters for Room Air Conditioners (outside Japan) MAC-559IF-E1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Wireless LAN Adapters for Room Air Conditioners (outside Japan) MAC-567IF-E","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Wireless LAN Adapters for Room Air Conditioners (outside Japan) MAC-567IF-E1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Wireless LAN Adapters for Room Air Conditioners (outside Japan) MAC-568IF-E","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Wireless LAN Adapters for Room Air Conditioners (outside Japan) S-MAC-702IF-B","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Wireless LAN Adapters for Room Air Conditioners (outside Japan) S-MAC-702IF-F","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Wireless LAN Adapters for Room Air Conditioners (outside Japan) S-MAC-702IF-Z","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Wireless LAN Adapters for Room Air Conditioners (outside Japan) WIFI-493T-IC-M","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Wireless LAN Adapters for Packaged Air Conditioners (for Japan) PAC-SK43ML","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Wireless LAN Adapters for Packaged Air Conditioners (outside Japan) MAC-587IF-E","defaultStatus":"unaffected","versions":[{"version":"42.00 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Wireless LAN Adapters for Packaged Air Conditioners (outside Japan) PAC-WHS01WF-E","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Refrigerators (for Japan) MR-BD46K","defaultStatus":"unaffected","versions":[{"version":"01.77 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Refrigerators (for Japan) MR-BD46M","defaultStatus":"unaffected","versions":[{"version":"01.77 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Refrigerators (for Japan) MR-BD46N","defaultStatus":"unaffected","versions":[{"version":"01.77 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Refrigerators (for Japan) MR-MD45K","defaultStatus":"unaffected","versions":[{"version":"01.77 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Refrigerators (for Japan) MR-MD45M","defaultStatus":"unaffected","versions":[{"version":"01.77 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Refrigerators (for Japan) MR-MD45N","defaultStatus":"unaffected","versions":[{"version":"01.77 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Refrigerators (for Japan) MR-MXD50G","defaultStatus":"unaffected","versions":[{"version":"01.77 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Refrigerators (for Japan) MR-MXD57G","defaultStatus":"unaffected","versions":[{"version":"01.77 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Refrigerators (for Japan) MR-MZ49J","defaultStatus":"unaffected","versions":[{"version":"01.77 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Refrigerators (for Japan) MR-MZ49K","defaultStatus":"unaffected","versions":[{"version":"01.77 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Refrigerators (for Japan) MR-MZ49M","defaultStatus":"unaffected","versions":[{"version":"01.77 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Refrigerators (for Japan) MR-MZ49N","defaultStatus":"unaffected","versions":[{"version":"01.77 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Refrigerators (for Japan) MR-MZ54H","defaultStatus":"unaffected","versions":[{"version":"01.77 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Refrigerators (for Japan) MR-MZ54J","defaultStatus":"unaffected","versions":[{"version":"01.77 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Refrigerators (for Japan) MR-MZ54K","defaultStatus":"unaffected","versions":[{"version":"01.77 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Refrigerators (for Japan) MR-MZ54M","defaultStatus":"unaffected","versions":[{"version":"01.77 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Refrigerators (for Japan) MR-MZ54N","defaultStatus":"unaffected","versions":[{"version":"01.77 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Refrigerators (for Japan) MR-MZ60H","defaultStatus":"unaffected","versions":[{"version":"01.77 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Refrigerators (for Japan) MR-MZ60J","defaultStatus":"unaffected","versions":[{"version":"01.77 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Refrigerators (for Japan) MR-MZ60K","defaultStatus":"unaffected","versions":[{"version":"01.77 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Refrigerators (for Japan) MR-MZ60M","defaultStatus":"unaffected","versions":[{"version":"01.77 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Refrigerators (for Japan) MR-MZ60N","defaultStatus":"unaffected","versions":[{"version":"01.77 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Refrigerators (for Japan) MR-WXD47LJ","defaultStatus":"unaffected","versions":[{"version":"01.77 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Refrigerators (for Japan) MR-WXD47LK","defaultStatus":"unaffected","versions":[{"version":"01.77 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Refrigerators (for Japan) MR-WXD47LM","defaultStatus":"unaffected","versions":[{"version":"01.77 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Refrigerators (for Japan) MR-WXD47LN","defaultStatus":"unaffected","versions":[{"version":"01.77 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Refrigerators (for Japan) MR-WXD52G","defaultStatus":"unaffected","versions":[{"version":"01.77 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Refrigerators (for Japan) MR-WXD60G","defaultStatus":"unaffected","versions":[{"version":"01.77 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Refrigerators (for Japan) MR-WXD70G","defaultStatus":"unaffected","versions":[{"version":"01.77 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Refrigerators (for Japan) MR-WXD70J","defaultStatus":"unaffected","versions":[{"version":"01.77 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Refrigerators (for Japan) MR-WXD70K","defaultStatus":"unaffected","versions":[{"version":"01.77 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Refrigerators (for Japan) MR-WXD70M","defaultStatus":"unaffected","versions":[{"version":"01.77 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Refrigerators (for Japan) MR-WXD70N","defaultStatus":"unaffected","versions":[{"version":"01.77 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Refrigerators (for Japan) MR-WZ50J","defaultStatus":"unaffected","versions":[{"version":"01.77 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Refrigerators (for Japan) MR-WZ50K","defaultStatus":"unaffected","versions":[{"version":"01.77 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Refrigerators (for Japan) MR-WZ50M","defaultStatus":"unaffected","versions":[{"version":"01.77 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Refrigerators (for Japan) MR-WZ50N","defaultStatus":"unaffected","versions":[{"version":"01.77 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Refrigerators (for Japan) MR-WZ55H","defaultStatus":"unaffected","versions":[{"version":"01.77 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Refrigerators (for Japan) MR-WZ55J","defaultStatus":"unaffected","versions":[{"version":"01.77 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Refrigerators (for Japan) MR-WZ55K","defaultStatus":"unaffected","versions":[{"version":"01.77 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Refrigerators (for Japan) MR-WZ55M","defaultStatus":"unaffected","versions":[{"version":"01.77 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Refrigerators (for Japan) MR-WZ55N","defaultStatus":"unaffected","versions":[{"version":"01.77 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Refrigerators (for Japan) MR-WZ61H","defaultStatus":"unaffected","versions":[{"version":"01.77 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Refrigerators (for Japan) MR-WZ61J","defaultStatus":"unaffected","versions":[{"version":"01.77 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Refrigerators (for Japan) MR-WZ61K","defaultStatus":"unaffected","versions":[{"version":"01.77 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Refrigerators (for Japan) MR-WZ61M","defaultStatus":"unaffected","versions":[{"version":"01.77 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Refrigerators (for Japan) MR-WZ61N","defaultStatus":"unaffected","versions":[{"version":"01.77 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Heat Pump Water Heaters / HEMS-Compatible Adapters / Wireless LAN Adapters (for Japan) GT-RA1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Heat Pump Water Heaters / HEMS-Compatible Adapters / Wireless LAN Adapters (for Japan) GT-RA2","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Heat Pump Water Heaters / HEMS-Compatible Adapters / Wireless LAN Adapters (for Japan) GT-HR1","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Heat Pump Water Heaters / HEMS-Compatible Adapters / Wireless LAN Adapters (for Japan) GT-HR2","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Heat Pump Water Heaters / HEMS-Compatible Adapters / Wireless LAN Adapters (for Japan) GT-HEM4","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Heat Pump Water Heaters / HEMS-Compatible Adapters / Wireless LAN Adapters (for Japan) RMCB-H6SE-T","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Heat Pump Water Heaters / HEMS-Compatible Adapters / Wireless LAN Adapters (for Japan) RMCB-F6SE-T","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Heat Pump Water Heaters / HEMS-Compatible Adapters / Wireless LAN Adapters (for Japan) RMCB-D6SE-T","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Heat Pump Water Heaters / HEMS-Compatible Adapters / Wireless LAN Adapters (for Japan) RMCB-D6SE-T-PV","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Heat Pump Water Heaters / HEMS-Compatible Adapters / Wireless LAN Adapters (for Japan) RMCB-H7SE","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Heat Pump Water Heaters / HEMS-Compatible Adapters / Wireless LAN Adapters (for Japan) RMCB-F7SE","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Heat Pump Water Heaters / HEMS-Compatible Adapters / Wireless LAN Adapters (for Japan) RMCB-D7SE","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Heat Pump Water Heaters / HEMS-Compatible Adapters / Wireless LAN Adapters (for Japan) RMCB-N7","defaultStatus":"unaffected","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Bathroom Dryer / Heater / Ventilation Systems (for Japan) V-241BZ-RC","defaultStatus":"unaffected","versions":[{"version":"01.72 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Bathroom Dryer / Heater / Ventilation Systems (for Japan) V-241BZ5-RC","defaultStatus":"unaffected","versions":[{"version":"01.72 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Bathroom Dryer / Heater / Ventilation Systems (for Japan) WD-240DK-RC","defaultStatus":"unaffected","versions":[{"version":"01.72 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Bathroom Dryer / Heater / Ventilation Systems (for Japan) WD-240DK2-RC","defaultStatus":"unaffected","versions":[{"version":"01.72 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Bathroom Dryer / Heater / Ventilation Systems (for Japan) V-241BZ5-RC-NR","defaultStatus":"unaffected","versions":[{"version":"01.72 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Adapters for Airflow Ventilation Systems, Heat Pump Chilled/Hot Water Systems, and Ventilation/Air-Conditioning System Air Resorts (for Japan) HM-01A-EX","defaultStatus":"unaffected","versions":[{"version":"01.14 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Adapters for Airflow Ventilation Systems, Heat Pump Chilled/Hot Water Systems, and Ventilation/Air-Conditioning System Air Resorts (for Japan) P-01HMA","defaultStatus":"unaffected","versions":[{"version":"01.14 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Adapters for Airflow Ventilation Systems, Heat Pump Chilled/Hot Water Systems, and Ventilation/Air-Conditioning System Air Resorts (for Japan) P-WA01","defaultStatus":"unaffected","versions":[{"version":"01.14 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Adapters for Airflow Ventilation Systems, Heat Pump Chilled/Hot Water Systems, and Ventilation/Air-Conditioning System Air Resorts (for Japan) P-HM02WA","defaultStatus":"unaffected","versions":[{"version":"01.14 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Adapters for Airflow Ventilation Systems, Heat Pump Chilled/Hot Water Systems, and Ventilation/Air-Conditioning System Air Resorts (for Japan) P-HM03WA","defaultStatus":"unaffected","versions":[{"version":"01.14 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Adapters for Airflow Ventilation Systems, Heat Pump Chilled/Hot Water Systems, and Ventilation/Air-Conditioning System Air Resorts (for Japan) P-HM04WA","defaultStatus":"unaffected","versions":[{"version":"01.14 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Adapters for Airflow Ventilation Systems, Heat Pump Chilled/Hot Water Systems, and Ventilation/Air-Conditioning System Air Resorts (for Japan) VEZ-HM01WA","defaultStatus":"unaffected","versions":[{"version":"01.14 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Adapters for Airflow Ventilation Systems, Heat Pump Chilled/Hot Water Systems, and Ventilation/Air-Conditioning System Air Resorts (for Japan) P-WA02","defaultStatus":"unaffected","versions":[{"version":"01.73 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Adapters for Airflow Ventilation Systems, Heat Pump Chilled/Hot Water Systems, and Ventilation/Air-Conditioning System Air Resorts (for Japan) P-HM05WA","defaultStatus":"unaffected","versions":[{"version":"01.73 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Lossnay Central Ventilation Systems (for Japan) VL-200ZMHSV3-RC","defaultStatus":"unaffected","versions":[{"version":"01.71 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Smart Switches for Ventilation Fans and Lossnay (for Japan) P-04SWRC","defaultStatus":"unaffected","versions":[{"version":"01.74 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Smart Switches for Ventilation Fans and Lossnay (for Japan) P-10SWRC","defaultStatus":"unaffected","versions":[{"version":"01.74 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Smart Switches for Ventilation Fans and Lossnay (for Japan) P-1600SWRC","defaultStatus":"unaffected","versions":[{"version":"01.74 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"IH Cooking Heaters (for Japan) RE-322SXR","defaultStatus":"unaffected","versions":[{"version":"01.71 and prior","status":"affected"}]},{"vendor":"Mitsubishi Electric Corporation","product":"Rice Cookers (for Japan) NJ-AWBX10","defaultStatus":"unaffected","versions":[{"version":"01.76 and prior","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T12:05:33.246758Z","id":"CVE-2026-5667","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp","type":"Primary","description":[{"lang":"en","value":"CWE-798"}]}],"references":[{"url":"https://jvn.jp/vu/JVNVU99620284/","source":"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"},{"url":"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-001_en.pdf","source":"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"}]}},{"cve":{"id":"CVE-2026-7850","sourceIdentifier":"contact@wpscan.com","published":"2026-06-17T13:21:06.357","lastModified":"2026-06-17T14:50:32.023","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The WP Magnific Popup WordPress plugin through 1.0 does not properly escape user-controlled link URLs before injecting them into the DOM when displaying image load error messages, allowing authenticated attackers with Author-level access or above to perform Stored Cross-Site Scripting attacks against any visiting user."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"WP Magnific Popup","defaultStatus":"unknown","versions":[{"version":"0","lessThanOrEqual":"1.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.7,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:47:39.981988Z","id":"CVE-2026-7850","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://wpscan.com/vulnerability/30f408dd-4b9a-438c-8dc4-c6daafe237fe/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-8089","sourceIdentifier":"contact@wpscan.com","published":"2026-06-17T13:21:21.917","lastModified":"2026-06-17T14:50:32.023","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce WordPress plugin before 2.1.3 does not properly escape a user-supplied parameter before reflecting it into an HTML attribute on a non-nonce-protected AJAX response, allowing unauthenticated attackers to deliver Reflected Cross-Site Scripting against any authenticated user (including administrators) via a crafted URL."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2.1.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:46:38.622158Z","id":"CVE-2026-8089","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://wpscan.com/vulnerability/f00c1853-a4b2-4e91-99b3-fed8acbe6da7/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-8317","sourceIdentifier":"cve@gitlab.com","published":"2026-06-17T13:21:22.233","lastModified":"2026-06-17T13:21:22.233","vulnStatus":"Rejected","cveTags":[],"descriptions":[{"lang":"en","value":"Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."}],"metrics":{},"references":[]}},{"cve":{"id":"CVE-2026-8383","sourceIdentifier":"contact@wpscan.com","published":"2026-06-17T13:21:22.303","lastModified":"2026-06-17T14:50:32.023","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The LearnPress  WordPress plugin before 4.3.7 does not gate the `edit` context on one of its REST endpoint behind the `edit_users` capability, allowing unauthenticated visitors to retrieve each returned user's roles, full capabilities map, extra capabilities, locale, and registration date via a crafted request"}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"LearnPress","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"4.3.7","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:46:23.221649Z","id":"CVE-2026-8383","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://wpscan.com/vulnerability/b7cbf68b-62c5-4787-b84b-69df9e0122b2/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-8494","sourceIdentifier":"security@wordfence.com","published":"2026-06-17T13:21:22.467","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in the admin URI Editor interface in all versions up to, and including, 2.5.3.3 due to insufficient output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in the admin Permalink Manager page that will execute whenever an administrator accesses the Permalink Manager page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"mbis","product":"Permalink Manager Lite","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.5.3.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:36:53.535953Z","id":"CVE-2026-8494","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/permalink-manager/tags/2.5.3.1/includes/views/permalink-manager-uri-editor-post.php#L150","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/permalink-manager/tags/2.5.3.3/includes/views/permalink-manager-uri-editor-post.php#L150","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/permalink-manager/tags/2.5.3.4/includes/views/permalink-manager-uri-editor-post.php","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/permalink-manager/trunk/includes/views/permalink-manager-uri-editor-post.php#L150","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/221c62a8-09c9-405a-bddf-06638437bd39?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-8607","sourceIdentifier":"security@wordfence.com","published":"2026-06-17T13:21:34.590","lastModified":"2026-06-17T14:44:26.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wrap' Shortcode Attribute in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"saadiqbal","product":"Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:37:15.641922Z","id":"CVE-2026-8607","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/mycred/tags/3.0.2/includes/classes/class.query-leaderboard.php#L1042","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/mycred/tags/3.0.2/includes/shortcodes/mycred_leaderboard.php#L20","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/mycred/tags/3.0.6/includes/classes/class.query-leaderboard.php#L1042","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/mycred/tags/3.0.6/includes/shortcodes/mycred_leaderboard.php#L20","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/mycred/tags/3.1.1/includes/classes/class.query-leaderboard.php#L976","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/mycred/tags/3.1.1/includes/mycred-functions.php#L4399","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3572451","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/041a7c9a-d7dc-4742-b879-f1836f324a46?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-9570","sourceIdentifier":"contact@wpscan.com","published":"2026-06-17T13:21:34.983","lastModified":"2026-06-17T14:50:32.023","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Taskbuilder  WordPress plugin before 5.0.8 does not properly sanitise a URL parameter before echoing it into inline JavaScript on a frontend page containing one of its shortcodes, leading to a Reflected Cross-Site Scripting vulnerability that can be triggered against any logged-in user."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"Taskbuilder","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.0.8","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T10:45:21.429725Z","id":"CVE-2026-9570","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://wpscan.com/vulnerability/e9abd7eb-39f1-49d7-a70e-b07cf3680399/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-9690","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T13:21:35.147","lastModified":"2026-06-17T17:17:28.293","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Arbitrary File Download in WP Media folder Addon <= 4.0.1 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Joomunited","product":"WP Media folder Addon","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"wp-media-folder-addon","versions":[{"version":"n/a","lessThanOrEqual":"4.0.1","versionType":"custom","status":"affected","changes":[{"at":"4.0.2","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:19:49.863474Z","id":"CVE-2026-9690","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/wp-media-folder-addon/vulnerability/wordpress-wp-media-folder-addon-plugin-4-0-1-arbitrary-file-download-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-15657","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T14:17:29.523","lastModified":"2026-06-17T15:16:35.350","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Insecure Direct Object References (IDOR) in School Management <= 93.1.0 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Mojoomla","product":"School Management","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"school-management","versions":[{"version":"n/a","lessThanOrEqual":"93.1.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:36:53.361192Z","id":"CVE-2025-15657","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/school-management/vulnerability/wordpress-school-management-plugin-plugin-93-1-0-insecure-direct-object-references-idor-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-59554","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T14:17:30.390","lastModified":"2026-06-17T17:16:38.753","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated SQL Injection in Advanced Ads – Tracking < 3.0.7 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Advanced Ads GmbH","product":"Advanced Ads – Tracking","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"advanced-ads-tracking","versions":[{"version":"n/a","lessThan":"3.0.7","versionType":"custom","status":"affected","changes":[{"at":"3.0.7","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:22:44.517093Z","id":"CVE-2025-59554","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/advanced-ads-tracking/vulnerability/wordpress-advanced-ads-tracking-plugin-3-0-7-sql-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-60229","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T14:17:30.840","lastModified":"2026-06-17T15:16:35.977","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Deserialization of Untrusted Data vulnerability in Themeton Lagom allows Object Injection.\n\nThis issue affects Lagom: from n/a through 2.0."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Themeton","product":"Lagom","defaultStatus":"unaffected","versions":[{"version":"n/a","lessThanOrEqual":"2.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:22:44.197044Z","id":"CVE-2025-60229","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/lagom/vulnerability/wordpress-lagom-theme-2-0-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-60230","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T14:17:31.023","lastModified":"2026-06-17T17:16:39.183","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Deserialization of Untrusted Data vulnerability in Themeton The Barber Shop allows Object Injection.\n\nThis issue affects The Barber Shop: from n/a through 1.9."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Themeton","product":"The Barber Shop","defaultStatus":"unaffected","versions":[{"version":"n/a","lessThanOrEqual":"1.9","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:15:21.900186Z","id":"CVE-2025-60230","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/nrgbarbershop/vulnerability/wordpress-the-barber-shop-theme-1-9-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-60231","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T14:17:31.167","lastModified":"2026-06-17T15:16:36.080","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Deserialization of Untrusted Data vulnerability in EMV The Hospital nrghospital allows Object Injection.\n\nThis issue affects The Hospital: from n/a through 1.8.1."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"EMV","product":"The Hospital","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"nrghospital","versions":[{"version":"n/a","lessThanOrEqual":"1.8.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T13:59:19.633021Z","id":"CVE-2025-60231","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/nrghospital/vulnerability/wordpress-the-hospital-theme-1-8-1-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-60236","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T14:17:31.320","lastModified":"2026-06-17T15:16:36.183","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Deserialization of Untrusted Data vulnerability in EMV Creatify allows Object Injection.\n\nThis issue affects Creatify: from n/a through 1.5."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"EMV","product":"Creatify","defaultStatus":"unaffected","versions":[{"version":"n/a","lessThanOrEqual":"1.5","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:41:16.132563Z","id":"CVE-2025-60236","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/creatify/vulnerability/wordpress-creatify-theme-1-5-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-66391","sourceIdentifier":"cve@mitre.org","published":"2026-06-17T14:17:31.467","lastModified":"2026-06-17T19:17:06.090","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write operations, e.g., the system will send a one-time password to an attacker-controlled email address when the attacker attempts to reset the password of a user account."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:00:26.455814Z","id":"CVE-2025-66391","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://citrix.cloud.com/","source":"cve@mitre.org"},{"url":"https://github.com/mandeepsohal/CVE-2025-66391/blob/main/Exploit.md","source":"cve@mitre.org"},{"url":"https://github.com/mandeepsohal/CVE-2025-66391/blob/main/Exploit.md","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2025-68524","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T14:17:31.623","lastModified":"2026-06-17T15:16:36.447","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Cross Site Scripting (XSS) in Avante < 3.0.5 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeGoods","product":"Avante","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"avante","versions":[{"version":"n/a","lessThan":"3.0.5","versionType":"custom","status":"affected","changes":[{"at":"3.0.5","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:34:18.679437Z","id":"CVE-2025-68524","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/avante/vulnerability/wordpress-avante-theme-3-0-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69106","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T14:17:31.797","lastModified":"2026-06-17T17:16:39.523","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Imba <= 1.5.0 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"Imba","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"imba","versions":[{"version":"n/a","lessThanOrEqual":"1.5.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:23:06.890407Z","id":"CVE-2025-69106","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/imba/vulnerability/wordpress-imba-theme-1-5-0-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69111","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T14:17:32.137","lastModified":"2026-06-17T15:16:36.600","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated PHP Object Injection in Reisen <= 1.4.1 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"Reisen","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"reisen","versions":[{"version":"n/a","lessThanOrEqual":"1.4.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:33:00.670673Z","id":"CVE-2025-69111","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/reisen/vulnerability/wordpress-reisen-theme-1-4-1-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69115","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T14:17:32.283","lastModified":"2026-06-17T17:16:39.630","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare Doctor WordPress Theme <= 1.2.2 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"LuxMed | Medicine & Healthcare Doctor WordPress Theme","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"luxmed","versions":[{"version":"n/a","lessThanOrEqual":"1.2.2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:11:15.523516Z","id":"CVE-2025-69115","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/luxmed/vulnerability/wordpress-luxmed-medicine-healthcare-doctor-wordpress-theme-theme-1-2-2-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69120","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T14:17:32.470","lastModified":"2026-06-17T15:16:36.740","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Dazzle <= 1.0.0 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"Dazzle","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"dazzle","versions":[{"version":"n/a","lessThanOrEqual":"1.0.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:08:10.310598Z","id":"CVE-2025-69120","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/dazzle/vulnerability/wordpress-dazzle-theme-1-0-0-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69123","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T14:17:32.927","lastModified":"2026-06-17T15:16:37.047","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Snow Club <= 1.1 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"Snow Club","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"snow-club","versions":[{"version":"n/a","lessThanOrEqual":"1.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:46:56.019720Z","id":"CVE-2025-69123","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/snow-club/vulnerability/wordpress-snow-club-theme-1-1-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69126","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T14:17:33.170","lastModified":"2026-06-17T15:16:37.350","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Fortius <= 2.3.0 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"Fortius","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"fortius","versions":[{"version":"n/a","lessThanOrEqual":"2.3.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:31:09.456586Z","id":"CVE-2025-69126","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/fortius/vulnerability/wordpress-fortius-theme-2-3-0-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69127","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T14:17:33.460","lastModified":"2026-06-17T17:16:39.837","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated PHP Object Injection in Plumbing <= 1.6 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"Plumbing","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"plumbing-parts","versions":[{"version":"n/a","lessThanOrEqual":"1.6","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:22:31.475113Z","id":"CVE-2025-69127","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/plumbing-parts/vulnerability/wordpress-plumbing-theme-1-6-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69128","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T14:17:33.607","lastModified":"2026-06-17T15:16:37.700","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in EMV JobCareer allows Path Traversal.\n\nThis issue affects JobCareer: from n/a through 7.3."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"EMV","product":"JobCareer","defaultStatus":"unaffected","versions":[{"version":"n/a","lessThanOrEqual":"7.3","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:06:05.783920Z","id":"CVE-2025-69128","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/jobcareer/vulnerability/wordpress-jobcareer-theme-7-3-arbitrary-file-deletion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69130","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T14:17:33.893","lastModified":"2026-06-17T17:16:39.940","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Subscriber PHP Object Injection in Entrepreneur - Booking for Small Businesses WordPress Theme <= 3.1.3 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Themovation","product":"Entrepreneur - Booking for Small Businesses WordPress Theme","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"entrepreneurx","versions":[{"version":"n/a","lessThanOrEqual":"3.1.3","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:11:13.586512Z","id":"CVE-2025-69130","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/entrepreneurx/vulnerability/wordpress-entrepreneur-booking-for-small-businesses-wordpress-theme-theme-3-1-3-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69140","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T14:17:34.193","lastModified":"2026-06-17T15:16:38.300","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Cross Site Scripting (XSS) in SweetDate Core < 1.1.5 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"SeventhQueen","product":"SweetDate Core","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"sweetdate-core","versions":[{"version":"n/a","lessThan":"1.1.5","versionType":"custom","status":"affected","changes":[{"at":"1.1.5","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:06:39.159012Z","id":"CVE-2025-69140","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/sweetdate-core/vulnerability/wordpress-sweetdate-core-plugin-1-1-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69144","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T14:17:34.340","lastModified":"2026-06-17T15:16:38.563","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Preservation <= 1.10 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"Preservation","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"preservation","versions":[{"version":"n/a","lessThanOrEqual":"1.10","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:46:18.821371Z","id":"CVE-2025-69144","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/preservation/vulnerability/wordpress-preservation-theme-1-10-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69157","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T14:17:34.617","lastModified":"2026-06-17T15:16:38.860","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Gamic <= 1.15 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"Gamic","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"gamic","versions":[{"version":"n/a","lessThanOrEqual":"1.15","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:29:22.322621Z","id":"CVE-2025-69157","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/gamic/vulnerability/wordpress-gamic-theme-1-15-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69158","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T14:17:34.777","lastModified":"2026-06-17T17:16:40.160","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Granola <= 1.13 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"Granola","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"granola","versions":[{"version":"n/a","lessThanOrEqual":"1.13","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:19:36.996374Z","id":"CVE-2025-69158","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/granola/vulnerability/wordpress-granola-theme-1-13-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69164","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T14:17:34.923","lastModified":"2026-06-17T15:16:39.180","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Skyward <= 1.10 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"Skyward","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"skyward","versions":[{"version":"n/a","lessThanOrEqual":"1.10","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:28:45.472894Z","id":"CVE-2025-69164","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/skyward/vulnerability/wordpress-skyward-theme-1-10-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69166","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T14:17:35.070","lastModified":"2026-06-17T17:16:40.370","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Gunslinger <= 1.7 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"Gunslinger","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"gunslinger","versions":[{"version":"n/a","lessThanOrEqual":"1.7","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:11:11.461101Z","id":"CVE-2025-69166","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/gunslinger/vulnerability/wordpress-gunslinger-theme-1-7-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69170","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T14:17:35.220","lastModified":"2026-06-17T15:16:39.463","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Eventicity <= 1.5 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"Eventicity","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"eventicity","versions":[{"version":"n/a","lessThanOrEqual":"1.5","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:05:50.449111Z","id":"CVE-2025-69170","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/eventicity/vulnerability/wordpress-eventicity-theme-1-5-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69174","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T14:17:35.630","lastModified":"2026-06-17T15:16:39.757","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Etude <= 1.6 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"Etude","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"etude","versions":[{"version":"n/a","lessThanOrEqual":"1.6","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:45:38.116968Z","id":"CVE-2025-69174","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/etude/vulnerability/wordpress-etude-theme-1-6-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69175","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T14:17:35.790","lastModified":"2026-06-17T15:16:39.937","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Line Agency <= 1.3.1 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeREX","product":"Line Agency","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"lineagency","versions":[{"version":"n/a","lessThanOrEqual":"1.3.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:25:54.846235Z","id":"CVE-2025-69175","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/lineagency/vulnerability/wordpress-line-agency-theme-1-3-1-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2025-69189","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T14:17:35.950","lastModified":"2026-06-17T17:16:40.587","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in EMV JobBank allows Exploiting Incorrectly Configured Access Control Security Levels.\n\nThis issue affects JobBank: from n/a through 1.2.3."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"EMV","product":"JobBank","defaultStatus":"unaffected","versions":[{"version":"n/a","lessThanOrEqual":"1.2.3","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:19:42.538574Z","id":"CVE-2025-69189","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/jobbank/vulnerability/wordpress-jobbank-plugin-1-2-3-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-39442","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T14:17:50.690","lastModified":"2026-06-17T15:16:48.883","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated PHP Object Injection in PressMart <= 1.2.26 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"PressLayouts","product":"PressMart","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"presssmart","versions":[{"version":"n/a","lessThanOrEqual":"1.2.26","versionType":"custom","status":"affected","changes":[{"at":"1.2.27","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:25:41.589116Z","id":"CVE-2026-39442","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/presssmart/vulnerability/wordpress-pressmart-theme-1-2-26-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-39445","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T14:17:50.847","lastModified":"2026-06-17T17:16:49.993","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated PHP Object Injection in Alukas < 3.0.0 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"PressLayouts","product":"Alukas","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"alukas","versions":[{"version":"n/a","lessThan":"3.0.0","versionType":"custom","status":"affected","changes":[{"at":"3.0.0","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:11:08.501721Z","id":"CVE-2026-39445","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/alukas/vulnerability/wordpress-alukas-theme-3-0-0-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-39523","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T14:17:50.983","lastModified":"2026-06-17T15:16:48.987","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Solene Core <= 2.3.2 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Elated-Themes","product":"Solene Core","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"solene-core","versions":[{"version":"n/a","lessThanOrEqual":"2.3.2","versionType":"custom","status":"affected","changes":[{"at":"2.3.4","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:04:43.126218Z","id":"CVE-2026-39523","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/solene-core/vulnerability/wordpress-solene-core-plugin-2-3-2-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-39556","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T14:17:51.217","lastModified":"2026-06-17T15:16:49.090","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated PHP Object Injection in Konsept <= 1.9 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Elated-Themes","product":"Konsept","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"konsept","versions":[{"version":"n/a","lessThanOrEqual":"1.9","versionType":"custom","status":"affected","changes":[{"at":"2.0","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:40:55.268439Z","id":"CVE-2026-39556","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/konsept/vulnerability/wordpress-konsept-theme-1-9-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-39559","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T14:17:51.343","lastModified":"2026-06-17T15:16:49.320","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Uppercase < 1.2.2 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"codesupplyco","product":"Uppercase","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"uppercase","versions":[{"version":"n/a","lessThan":"1.2.2","versionType":"custom","status":"affected","changes":[{"at":"1.2.2","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:54:29.180727Z","id":"CVE-2026-39559","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/uppercase/vulnerability/wordpress-uppercase-theme-1-2-2-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-39560","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T14:17:51.463","lastModified":"2026-06-17T17:16:50.220","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated PHP Object Injection in Hiroshi <= 1.5.1 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Select-Themes","product":"Hiroshi","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"hiroshi","versions":[{"version":"n/a","lessThanOrEqual":"1.5.1","versionType":"custom","status":"affected","changes":[{"at":"1.6","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:19:24.772996Z","id":"CVE-2026-39560","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/hiroshi/vulnerability/wordpress-hiroshi-theme-1-5-1-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-39576","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T14:17:51.593","lastModified":"2026-06-17T15:16:49.430","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated PHP Object Injection in SingleMalt <= 1.5 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Elated-Themes","product":"SingleMalt","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"singlemalt","versions":[{"version":"n/a","lessThanOrEqual":"1.5","versionType":"custom","status":"affected","changes":[{"at":"1.6","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:24:29.540708Z","id":"CVE-2026-39576","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/singlemalt/vulnerability/wordpress-singlemalt-theme-1-5-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-39590","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T14:17:51.720","lastModified":"2026-06-17T17:16:50.520","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Atomlab <= 2.4.5 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeMove","product":"Atomlab","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"atomlab","versions":[{"version":"n/a","lessThanOrEqual":"2.4.5","versionType":"custom","status":"affected","changes":[{"at":"2.4.6","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:11:06.313983Z","id":"CVE-2026-39590","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/atomlab/vulnerability/wordpress-atomlab-theme-2-4-5-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-40720","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T14:17:51.870","lastModified":"2026-06-17T15:16:49.773","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Cross Site Scripting (XSS) in Royal Elementor Addons Pro < 1.7.1041 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Royal Elementor Addons","product":"Royal Elementor Addons Pro","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"wpr-addons-pro","versions":[{"version":"n/a","lessThan":"1.7.1041","versionType":"custom","status":"affected","changes":[{"at":"1.7.1041","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:02:13.112245Z","id":"CVE-2026-40720","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/wpr-addons-pro/vulnerability/wordpress-royal-elementor-addons-pro-plugin-1-7-1041-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-40733","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T14:17:52.107","lastModified":"2026-06-17T15:16:50.010","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated PHP Object Injection in ShiftUp <= 1.3 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Mikado-Themes","product":"ShiftUp","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"shiftup","versions":[{"version":"n/a","lessThanOrEqual":"1.3","versionType":"custom","status":"affected","changes":[{"at":"1.4","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:45:16.632249Z","id":"CVE-2026-40733","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/shiftup/vulnerability/wordpress-shiftup-theme-1-3-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-40738","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T14:17:52.233","lastModified":"2026-06-17T17:16:51.750","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated PHP Object Injection in Eldon <= 1.4.1 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Edge-Themes","product":"Eldon","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"eldon","versions":[{"version":"n/a","lessThanOrEqual":"1.4.1","versionType":"custom","status":"affected","changes":[{"at":"1.5","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:19:30.797080Z","id":"CVE-2026-40738","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/eldon/vulnerability/wordpress-eldon-theme-1-4-1-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-40752","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T14:17:52.360","lastModified":"2026-06-17T17:16:52.060","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated PHP Object Injection in Manufaktur Solutions <= 1.1.1 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Select-Themes","product":"Manufaktur Solutions","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"manufaktursolutions","versions":[{"version":"n/a","lessThanOrEqual":"1.1.1","versionType":"custom","status":"affected","changes":[{"at":"1.2","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:19:10.973021Z","id":"CVE-2026-40752","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/manufaktursolutions/vulnerability/wordpress-manufaktur-solutions-theme-1-1-1-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-40756","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T14:17:52.480","lastModified":"2026-06-17T15:16:50.230","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated PHP Object Injection in Zoya <= 1.4 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Mikado-Themes","product":"Zoya","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"zoya","versions":[{"version":"n/a","lessThanOrEqual":"1.4","versionType":"custom","status":"affected","changes":[{"at":"1.5","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:23:33.070088Z","id":"CVE-2026-40756","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/zoya/vulnerability/wordpress-zoya-theme-1-4-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-40757","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T14:17:52.600","lastModified":"2026-06-17T17:16:52.163","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated PHP Object Injection in Château <= 1.2.1 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Mikado-Themes","product":"Château","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"chateau","versions":[{"version":"n/a","lessThanOrEqual":"1.2.1","versionType":"custom","status":"affected","changes":[{"at":"1.3","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:11:04.123157Z","id":"CVE-2026-40757","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/chateau/vulnerability/wordpress-chateau-theme-1-2-1-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-49108","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T14:17:56.763","lastModified":"2026-06-17T15:16:59.733","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated PHP Object Injection in Moderno < 1.43 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"park_of_ideas","product":"Moderno","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"moderno","versions":[{"version":"n/a","lessThan":"1.43","versionType":"custom","status":"affected","changes":[{"at":"1.43","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:01:49.901042Z","id":"CVE-2026-49108","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/moderno/vulnerability/wordpress-moderno-theme-1-43-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-52707","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T14:17:57.053","lastModified":"2026-06-17T15:17:00.290","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in Kastell <= 2.0 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Mikado-Themes","product":"Kastell","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/themes","packageName":"kastell","versions":[{"version":"n/a","lessThanOrEqual":"2.0","versionType":"custom","status":"affected","changes":[{"at":"2.0.1","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:42:18.943324Z","id":"CVE-2026-52707","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-35"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/theme/kastell/vulnerability/wordpress-kastell-theme-2-0-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-52716","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T14:17:57.203","lastModified":"2026-06-17T17:17:25.370","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Arbitrary File Deletion in WorkScout-Core <= 1.7.11 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"purethemes","product":"WorkScout-Core","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"workscout-core","versions":[{"version":"n/a","lessThanOrEqual":"1.7.11","versionType":"custom","status":"affected","changes":[{"at":"1.7.12","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:19:17.660716Z","id":"CVE-2026-52716","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/workscout-core/vulnerability/wordpress-workscout-core-plugin-1-7-11-arbitrary-file-deletion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-54193","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T14:17:58.383","lastModified":"2026-06-17T17:17:26.293","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Contributor Arbitrary File Deletion in Fusion Builder <= 3.15.4 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"ThemeFusion","product":"Fusion Builder","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"fusion-builder","versions":[{"version":"n/a","lessThanOrEqual":"3.15.4","versionType":"custom","status":"affected","changes":[{"at":"3.15.5","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:18:59.396080Z","id":"CVE-2026-54193","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/fusion-builder/vulnerability/wordpress-fusion-builder-plugin-3-15-4-arbitrary-file-deletion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-54417","sourceIdentifier":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","published":"2026-06-17T14:17:58.540","lastModified":"2026-06-17T17:17:26.610","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An integer overflow in the mtar_next() function in src/microtar.c in rxi microtar 0.1.0 allows a remote attacker to cause a denial of service (uncontrolled CPU consumption / infinite loop) via a crafted tar archive. mtar_next() computes the offset to the next record as round_up(h.size, 512) + sizeof(mtar_raw_header_t) using 32-bit arithmetic. When the header size field is a multiple of 512 in the range 0xFFFFFC01-0xFFFFFE00 (e.g. 0xFFFFFE00), the addition wraps to 0, so mtar_next() seeks to the current record position instead of advancing. As a result, mtar_find() and any loop that iterates entries with mtar_next() repeat indefinitely over the same record, hanging the process at 100% CPU with no recovery."}],"affected":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","affectedData":[{"vendor":"rxi","product":"microtar","defaultStatus":"affected","collectionURL":"https://github.com/rxi/microtar","programFiles":["src/microtar.c"],"programRoutines":[{"name":"mtar_next"}],"repo":"https://github.com/rxi/microtar","versions":[{"version":"0.1.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:01:28.255429Z","id":"CVE-2026-54417","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","description":[{"lang":"en","value":"CWE-190"},{"lang":"en","value":"CWE-835"}]}],"references":[{"url":"https://github.com/rxi/microtar","source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c"},{"url":"https://github.com/rxi/microtar/blob/master/src/microtar.c#L239","source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c"},{"url":"https://raw.githubusercontent.com/rxi/microtar/master/src/microtar.c","source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c"}]}},{"cve":{"id":"CVE-2026-54808","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T14:17:58.703","lastModified":"2026-06-17T15:17:01.137","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel Gutenberg Blocks allows Blind SQL Injection.\n\nThis issue affects WP Travel Gutenberg Blocks: from n/a through 3.9.4."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"WP Travel","product":"WP Travel Gutenberg Blocks","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"wp-travel-blocks","versions":[{"version":"n/a","lessThanOrEqual":"3.9.4","versionType":"custom","status":"affected","changes":[{"at":"3.9.5","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:03:27.924476Z","id":"CVE-2026-54808","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/wp-travel-blocks/vulnerability/wordpress-wp-travel-gutenberg-blocks-plugin-3-9-4-sql-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-54809","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T14:17:58.837","lastModified":"2026-06-17T17:17:26.937","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VillaTheme GIFT4U allows Blind SQL Injection.\n\nThis issue affects GIFT4U: from n/a through 1.0.10."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"VillaTheme","product":"GIFT4U","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"gift4u-gift-cards-all-in-one-for-woo","versions":[{"version":"n/a","lessThanOrEqual":"1.0.10","versionType":"custom","status":"affected","changes":[{"at":"1.1.0","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:14:30.360747Z","id":"CVE-2026-54809","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/gift4u-gift-cards-all-in-one-for-woo/vulnerability/wordpress-gift4u-plugin-1-0-10-sql-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-54813","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T14:17:59.010","lastModified":"2026-06-17T15:17:01.603","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brainstorm Force SureDash allows Blind SQL Injection.\n\nThis issue affects SureDash: from n/a through 1.8.0."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Brainstorm Force","product":"SureDash","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"suredash","versions":[{"version":"n/a","lessThanOrEqual":"1.8.0","versionType":"custom","status":"affected","changes":[{"at":"1.8.1","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.1,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T13:59:41.806261Z","id":"CVE-2026-54813","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/suredash/vulnerability/wordpress-suredash-plugin-1-8-0-sql-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-54814","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T14:17:59.230","lastModified":"2026-06-17T15:17:01.737","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Motors allows PHP Local File Inclusion.\n\nThis issue affects Motors: from n/a through 1.4.109."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"StylemixThemes","product":"Motors","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"motors-car-dealership-classified-listings","versions":[{"version":"n/a","lessThanOrEqual":"1.4.109","versionType":"custom","status":"affected","changes":[{"at":"1.4.110","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:41:38.550609Z","id":"CVE-2026-54814","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/motors-car-dealership-classified-listings/vulnerability/wordpress-motors-plugin-1-4-109-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-54815","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T14:17:59.390","lastModified":"2026-06-17T15:17:01.860","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cargo RD Cargo Shipping Location for WooCommerce allows Blind SQL Injection.\n\nThis issue affects Cargo Shipping Location for WooCommerce: from n/a through 5.6."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Cargo RD","product":"Cargo Shipping Location for WooCommerce","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"cargo-shipping-location-for-woocommerce","versions":[{"version":"n/a","lessThanOrEqual":"5.6","versionType":"custom","status":"affected","changes":[{"at":"5.7","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:51:19.215637Z","id":"CVE-2026-54815","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/cargo-shipping-location-for-woocommerce/vulnerability/wordpress-cargo-shipping-location-for-woocommerce-plugin-5-6-sql-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-54816","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T14:17:59.523","lastModified":"2026-06-17T17:17:27.240","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Control of Generation of Code ('Code Injection') vulnerability in Monetizemore Advanced Ads allows Remote Code Inclusion.\n\nThis issue affects Advanced Ads: from n/a through 2.0.21."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Monetizemore","product":"Advanced Ads","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"advanced-ads","versions":[{"version":"n/a","lessThanOrEqual":"2.0.21","versionType":"custom","status":"affected","changes":[{"at":"2.0.22","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:18:53.764904Z","id":"CVE-2026-54816","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/advanced-ads/vulnerability/wordpress-advanced-ads-plugin-2-0-21-remote-code-execution-rce-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-54817","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T14:17:59.650","lastModified":"2026-06-17T15:17:01.973","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder MStore API allows Password Recovery Exploitation.\n\nThis issue affects MStore API: from n/a through 4.18.4."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"FluxBuilder","product":"MStore API","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"mstore-api","versions":[{"version":"n/a","lessThanOrEqual":"4.18.4","versionType":"custom","status":"affected","changes":[{"at":"4.19.0","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:14:18.045270Z","id":"CVE-2026-54817","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-288"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/mstore-api/vulnerability/wordpress-mstore-api-plugin-4-18-4-broken-authentication-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-54818","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T14:17:59.780","lastModified":"2026-06-17T17:17:27.343","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VeronaLabs Slimstat Analytics allows Blind SQL Injection.\n\nThis issue affects Slimstat Analytics: from n/a through 5.4.11."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"VeronaLabs","product":"Slimstat Analytics","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"wp-slimstat","versions":[{"version":"n/a","lessThanOrEqual":"5.4.11","versionType":"custom","status":"affected","changes":[{"at":"5.4.12","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.1,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:14:00.846495Z","id":"CVE-2026-54818","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/wp-slimstat/vulnerability/wordpress-slimstat-analytics-plugin-5-4-11-sql-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-54819","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T14:17:59.920","lastModified":"2026-06-17T15:17:02.100","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Webilia Inc. Listdom allows Blind SQL Injection.\n\nThis issue affects Listdom: from n/a through 5.4.0."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Webilia Inc.","product":"Listdom","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"listdom","versions":[{"version":"n/a","lessThanOrEqual":"5.4.0","versionType":"custom","status":"affected","changes":[{"at":"5.5.0","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:00:10.005033Z","id":"CVE-2026-54819","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/listdom/vulnerability/wordpress-listdom-plugin-5-4-0-sql-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-55738","sourceIdentifier":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","published":"2026-06-17T14:18:00.057","lastModified":"2026-06-17T17:17:27.447","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A stack-based buffer overflow exists in the raw_to_header() function in src/microtar.c in rxi microtar 0.1.0. The function copies the 100-byte name and linkname fields of a TAR header with strcpy() without guaranteeing null termination of the source. The POSIX ustar format permits these fixed-width fields to be fully populated with non-null bytes, so a crafted archive whose linkname field (followed by the trailing padding of the 512-byte raw header) contains no null terminator causes strcpy() to read past the end of the 512-byte raw header stack buffer and to write past the destination header buffer. A remote attacker who supplies a crafted TAR archive that the victim opens or parses (via mtar_open(), mtar_read_header(), or mtar_find()) can cause an out-of-bounds read and a stack buffer overflow, resulting in denial of service (crash) and potentially arbitrary code execution. Confirmed with AddressSanitizer: stack-buffer-overflow READ of size 356 in raw_to_header at src/microtar.c:112."}],"affected":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","affectedData":[{"vendor":"rxi","product":"microtar","defaultStatus":"affected","collectionURL":"https://github.com/rxi/microtar","programFiles":["src/microtar.c"],"programRoutines":[{"name":"raw_to_header"}],"repo":"https://github.com/rxi/microtar","versions":[{"version":"0.1.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:00:50.582378Z","id":"CVE-2026-55738","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","description":[{"lang":"en","value":"CWE-121"},{"lang":"en","value":"CWE-170"}]}],"references":[{"url":"https://github.com/rxi/microtar","source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c"},{"url":"https://github.com/rxi/microtar/blob/master/src/microtar.c#L111","source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c"},{"url":"https://raw.githubusercontent.com/rxi/microtar/master/src/microtar.c","source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c"}]}},{"cve":{"id":"CVE-2026-48117","sourceIdentifier":"security-advisories@github.com","published":"2026-06-17T15:16:58.840","lastModified":"2026-06-17T17:17:20.440","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"DroneAware is a drone detection platform. The centralized DroneAware server backing droneaware.io was vulnerable to an account pre-hijacking attack in which an attacker could register an account using a victim's email address with an attacker-controlled password before the victim completed account activation. When the legitimate owner later activated the account, either by clicking the email verification link or by logging in via Google SSO, the attacker-set password became fully valid, enabling silent and persistent account takeover without any notification to the victim. The vulnerability was fixed server-side on 2025-05-20; no user action is required. Node binaries and self-hosted detection nodes are not affected. There are no workarounds; the fix was deployed server-side and no client-side mitigation is applicable."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"fduflyer","product":"DroneAware-Node-Releases","versions":[{"version":"< server-2026-05-20","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:41:09.588463Z","id":"CVE-2026-48117","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"},{"lang":"en","value":"CWE-302"}]}],"references":[{"url":"https://github.com/fduflyer/DroneAware-Node-Releases/security/advisories/GHSA-h243-pmjf-chcj","source":"security-advisories@github.com"},{"url":"https://github.com/fduflyer/DroneAware-Node-Releases/security/advisories/GHSA-h243-pmjf-chcj","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-54415","sourceIdentifier":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","published":"2026-06-17T15:17:00.763","lastModified":"2026-06-17T17:17:26.497","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization in the server management routes (routes/admin.php) in Azuriom Azuriom CMS before 1.2.11 on all platforms allows an authenticated attacker with the admin.access permission to create AzLink server tokens and take over non-admin user accounts by changing their passwords and email addresses via crafted HTTP requests to /admin/servers/create and the AzLink API endpoints (/api/azlink/password, /api/azlink/email, /api/azlink/user/{id})."}],"affected":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","affectedData":[{"vendor":"Azuriom","product":"Azuriom CMS","defaultStatus":"unaffected","repo":"https://github.com/Azuriom/Azuriom","versions":[{"version":"0","lessThan":"1.2.11","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:41:05.881670Z","id":"CVE-2026-54415","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","description":[{"lang":"en","value":"CWE-269"},{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/Azuriom/Azuriom","source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c"},{"url":"https://github.com/Azuriom/Azuriom/commit/4b744bc0dd11f205f5aa053c6db8a949d3f0608e","source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c"},{"url":"https://github.com/Azuriom/Azuriom/releases/tag/v1.2.11","source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c"}]}},{"cve":{"id":"CVE-2026-54810","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T15:17:01.240","lastModified":"2026-06-17T17:17:27.033","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in Nexi Payments Nexi XPay allows Exploiting Incorrectly Configured Access Control Security Levels.\n\nThis issue affects Nexi XPay: from n/a through 8.3.1."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Nexi Payments","product":"Nexi XPay","defaultStatus":"unaffected","versions":[{"version":"n/a","lessThanOrEqual":"8.3.1","versionType":"custom","status":"affected","changes":[{"at":"8.3.2","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:18:39.976390Z","id":"CVE-2026-54810","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/cartasi-x-pay/vulnerability/wordpress-nexi-xpay-plugin-8-3-1-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-54812","sourceIdentifier":"audit@patchstack.com","published":"2026-06-17T15:17:01.473","lastModified":"2026-06-17T17:17:27.140","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Motors allows Blind SQL Injection.\n\nThis issue affects Motors: from n/a through 1.4.109."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"StylemixThemes","product":"Motors","defaultStatus":"unaffected","versions":[{"version":"n/a","lessThanOrEqual":"1.4.109","versionType":"custom","status":"affected","changes":[{"at":"1.4.110","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:18:32.569961Z","id":"CVE-2026-54812","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/motors-car-dealership-classified-listings/vulnerability/wordpress-motors-plugin-1-4-109-sql-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-55743","sourceIdentifier":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","published":"2026-06-17T15:17:02.337","lastModified":"2026-06-17T17:17:27.580","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The shell tool command allowlist in the SecurityPolicy of OpenHuman desktop agent through 0.54.0 (default Supervised security policy) can be bypassed to execute arbitrary OS commands with the privileges of the desktop user. Two flaws in src/openhuman/security/policy.rs combine: (1) is_args_safe() blocks the find flags -exec and -ok but not the functionally identical -execdir and -okdir, which also execute an arbitrary command for each matched file; and (2) skip_env_assignments() strips leading inline KEY=value environment-variable assignments before allowlist validation, so a command such as GIT_EXTERNAL_DIFF=<cmd> git diff is validated as the allowed git diff but, when executed via the shell, runs <cmd> through git's environment-driven hooks (for example GIT_EXTERNAL_DIFF or GIT_SSH_COMMAND). Because the sandbox is the primary trust boundary between untrusted LLM-processed content and the host operating system, an attacker can achieve remote code execution via indirect prompt injection: a malicious document, email, calendar event, or web page ingested by the agent instructs it to run a benign-looking allowlisted command, resulting in arbitrary command execution, data exfiltration, arbitrary file read/write, and lateral movement on the user's machine. The issue was fixed in commit 60050aa09a870f53ed7e4cd40ed41fd2860329e7 (first released in 0.54.22-staging; first stable release 0.56.0), which blocks -execdir/-okdir for find."}],"affected":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","affectedData":[{"vendor":"tinyhumansai","product":"OpenHuman","defaultStatus":"unaffected","collectionURL":"https://github.com/tinyhumansai/openhuman","platforms":["macOS","Windows","Linux"],"programFiles":["src/openhuman/security/policy.rs"],"programRoutines":[{"name":"is_args_safe"},{"name":"skip_env_assignments"}],"repo":"https://github.com/tinyhumansai/openhuman","versions":[{"version":"0","lessThanOrEqual":"0.54.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.4,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:40:33.751475Z","id":"CVE-2026-55743","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","description":[{"lang":"en","value":"CWE-78"},{"lang":"en","value":"CWE-184"}]}],"references":[{"url":"https://github.com/tinyhumansai/openhuman","source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c"},{"url":"https://github.com/tinyhumansai/openhuman/blob/v0.53.49-staging/src/openhuman/security/policy.rs","source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c"},{"url":"https://github.com/tinyhumansai/openhuman/commit/60050aa09a870f53ed7e4cd40ed41fd2860329e7","source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c"}]}},{"cve":{"id":"CVE-2026-55748","sourceIdentifier":"cve@mitre.org","published":"2026-06-17T15:17:02.503","lastModified":"2026-06-17T17:17:27.727","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a crafted project name with shell metacharacters. NOTE: some parties consider this a security hardening opportunity to address certain types of user error, not a vulnerability."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"OpenStack","product":"Horizon","defaultStatus":"unaffected","versions":[{"version":"8.0.0","lessThan":"25.3.3","versionType":"semver","status":"affected"},{"version":"25.4.0","lessThan":"25.5.3","versionType":"semver","status":"affected"},{"version":"25.6.0","lessThan":"25.7.4","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":0.5,"impactScore":5.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:40:00.409005Z","id":"CVE-2026-55748","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://launchpad.net/bugs/2152240","source":"cve@mitre.org"},{"url":"https://wiki.openstack.org/wiki/OSSN/OSSN-0097","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2025-71320","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-17T17:16:40.697","lastModified":"2026-06-17T20:21:59.863","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"picklescan before 0.0.33 contains an incomplete deny-list that fails to block pydoc.locate and operator.methodcaller functions, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle files using these unblocked functions to achieve arbitrary code execution when the pickle is deserialized."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"picklescan","product":"picklescan","defaultStatus":"unaffected","packageURL":"pkg:pypi/picklescan","versions":[{"version":"0","lessThan":"0.0.33","versionType":"semver","status":"affected"},{"version":"0.0.33","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T17:51:20.098816Z","id":"CVE-2025-71320","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-184"}]}],"references":[{"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-84r2-jw7c-4r5q","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/picklescan-remote-code-execution-via-incomplete-disallowed-inputs","source":"disclosure@vulncheck.com"},{"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-84r2-jw7c-4r5q","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2025-71321","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-17T17:16:40.847","lastModified":"2026-06-17T20:21:59.863","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"picklescan before 0.0.33 contains an arbitrary file writing vulnerability that allows attackers to bypass the dangerous blocklist by using distutils.file_util.write_file. Attackers can construct malicious pickle objects to overwrite critical system files and achieve denial of service or remote code execution."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"picklescan","product":"picklescan","defaultStatus":"unaffected","packageURL":"pkg:pypi/picklescan","versions":[{"version":"0","lessThan":"0.0.33","versionType":"semver","status":"affected"},{"version":"0.0.33","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T18:00:27.735700Z","id":"CVE-2025-71321","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-m273-6v24-x4m4","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/picklescan-arbitrary-file-writing-via-distutils-module-bypass","source":"disclosure@vulncheck.com"},{"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-m273-6v24-x4m4","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2025-71323","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-17T17:16:41.110","lastModified":"2026-06-17T20:21:59.863","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"picklescan before 0.0.33 fails to block the ctypes module, allowing attackers to achieve remote code execution by invoking direct syscalls and accessing raw memory. Attackers can craft malicious pickle files using ctypes.WinDLL to load kernel32.dll and execute arbitrary commands, bypassing sandbox protections and gadget chain detection."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"picklescan","product":"picklescan","defaultStatus":"unaffected","packageURL":"pkg:pypi/picklescan","versions":[{"version":"0","lessThan":"0.0.33","versionType":"semver","status":"affected"},{"version":"0.0.33","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T17:49:28.523915Z","id":"CVE-2025-71323","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-184"}]}],"references":[{"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-4675-36f9-wf6r","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/picklescan-remote-code-execution-via-unblocked-ctypes-module","source":"disclosure@vulncheck.com"},{"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-4675-36f9-wf6r","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2025-71325","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-17T17:16:41.247","lastModified":"2026-06-17T20:21:59.863","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"picklescan before 0.0.27 contains a parsing logic error in the _list_globals function when handling STACK_GLOBAL opcodes, failing to track arguments in the correct range and allowing malicious pickle files to bypass detection. Attackers can craft pickle files with arguments at position zero to trigger unexpected exceptions and evade security scanning."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"picklescan","product":"picklescan","defaultStatus":"unaffected","packageURL":"pkg:pypi/picklescan","versions":[{"version":"0","lessThan":"0.0.27","versionType":"semver","status":"affected"},{"version":"0.0.27","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T17:27:40.928251Z","id":"CVE-2025-71325","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-391"}]}],"references":[{"url":"https://github.com/mmaitre314/picklescan/commit/2a8383cfeb4158567f9770d86597300c9e508d0f","source":"disclosure@vulncheck.com"},{"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-9gvj-pp9x-gcfr","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/picklescan-detection-bypass-via-stack-global-opcode-parsing-logic-flaw","source":"disclosure@vulncheck.com"},{"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-9gvj-pp9x-gcfr","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-53872","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-17T17:17:25.473","lastModified":"2026-06-17T20:21:59.863","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"picklescan before 0.0.35 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to read arbitrary server files by chaining io.FileIO and urllib.request.urlopen. Attackers can bypass RCE-focused blocklists to exfiltrate sensitive data like /etc/passwd to external servers."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"picklescan","product":"picklescan","defaultStatus":"unaffected","packageURL":"pkg:pypi/picklescan","versions":[{"version":"0","lessThan":"0.0.35","versionType":"semver","status":"affected"},{"version":"0.0.35","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T17:34:46.216036Z","id":"CVE-2026-53872","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-9726-w42j-3qjr","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/picklescan-arbitrary-file-read-via-unsafe-pickle-deserialization","source":"disclosure@vulncheck.com"},{"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-9726-w42j-3qjr","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-53873","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-17T17:17:25.607","lastModified":"2026-06-17T20:21:59.863","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"picklescan before 1.0.4 contains an incomplete blocklist for the profile module that fails to block the module-level profile.run() function, allowing attackers to achieve arbitrary code execution via exec(). Attackers can craft malicious pickle files calling profile.run(statement) to execute arbitrary Python code while picklescan reports zero security issues."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"picklescan","product":"picklescan","defaultStatus":"unaffected","packageURL":"pkg:pypi/picklescan","versions":[{"version":"0","lessThan":"1.0.4","versionType":"semver","status":"affected"},{"version":"1.0.4","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T17:59:00.556527Z","id":"CVE-2026-53873","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-184"}]}],"references":[{"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-7wx9-6375-f5wh","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/picklescan-arbitrary-code-execution-via-profile-run-blocklist-bypass","source":"disclosure@vulncheck.com"},{"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-7wx9-6375-f5wh","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-53875","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-17T17:17:25.870","lastModified":"2026-06-17T20:21:59.863","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"picklescan before 1.0.3 contains a scanning bypass vulnerability in the scan_pytorch function that allows attackers to embed malicious magic numbers via dynamic eval using the __reduce__ trick. Attackers can craft malicious PyTorch payloads that evade picklescan detection while remaining executable, enabling arbitrary code execution when loaded with torch.load()."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"picklescan","product":"picklescan","defaultStatus":"unaffected","packageURL":"pkg:pypi/picklescan","versions":[{"version":"0","lessThan":"1.0.3","versionType":"semver","status":"affected"},{"version":"1.0.3","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T17:50:29.213368Z","id":"CVE-2026-53875","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-95"}]}],"references":[{"url":"https://github.com/mmaitre314/picklescan/commit/134179474539648ba7dee1317959529fbd0e7f89","source":"disclosure@vulncheck.com"},{"url":"https://github.com/mmaitre314/picklescan/commit/2a8383cfeb4158567f9770d86597300c9e508d0f","source":"disclosure@vulncheck.com"},{"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-97f8-7cmv-76j2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/picklescan-scanning-bypass-via-dynamic-eval-in-scan-pytorch","source":"disclosure@vulncheck.com"},{"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-97f8-7cmv-76j2","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-53870","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-17T19:18:10.883","lastModified":"2026-06-17T20:21:59.863","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Hermes Agent before 0.16.0 creates response_store.db and webhook_subscriptions.json with world-readable permissions (mode 0o644), exposing conversation history and HMAC secrets to local users. Attackers with local filesystem access can read these files directly to obtain sensitive data including conversation history, tool payloads, prompts, and per-route HMAC secrets."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"NousResearch","product":"hermes-agent","defaultStatus":"unaffected","repo":"https://github.com/NousResearch/hermes-agent","packageURL":"pkg:npm/hermes-agent","versions":[{"version":"0","lessThan":"0.16.0","versionType":"semver","status":"affected"},{"version":"0.16.0","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T18:39:20.486749Z","id":"CVE-2026-53870","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-276"}]}],"references":[{"url":"https://github.com/NousResearch/hermes-agent/commit/3bace071bfadf2d2bec2ee048471a31ec920e3e8","source":"disclosure@vulncheck.com"},{"url":"https://github.com/NousResearch/hermes-agent/pull/30917","source":"disclosure@vulncheck.com"},{"url":"https://github.com/NousResearch/hermes-agent/pull/31469","source":"disclosure@vulncheck.com"},{"url":"https://github.com/NousResearch/hermes-agent/releases/tag/v2026.6.5","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/hermes-agent-sensitive-file-permission-vulnerability-in-store-files","source":"disclosure@vulncheck.com"},{"url":"https://github.com/NousResearch/hermes-agent/pull/30917","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55197","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-17T19:18:13.340","lastModified":"2026-06-17T20:21:59.863","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Hermes WebUI before 0.51.443 contains a broken access control vulnerability in the /api/session endpoint that allows authenticated users to disclose cross-profile session transcripts. Attackers can bypass profile boundary checks by directly querying session IDs belonging to other profiles via GET /api/session?session_id=<foreign_id>&messages=1 to retrieve unauthorized conversation transcripts and metadata."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"nesquena","product":"hermes-webui","defaultStatus":"unaffected","repo":"https://github.com/nesquena/hermes-webui","packageURL":"pkg:npm/hermes-webui-devtools","versions":[{"version":"0","lessThan":"0.51.443","versionType":"semver","status":"affected"},{"version":"0.51.443","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T18:51:32.010912Z","id":"CVE-2026-55197","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/nesquena/hermes-webui/commit/2a3baa71b81ca92da8ece8616a09f15894beec71","source":"disclosure@vulncheck.com"},{"url":"https://github.com/nesquena/hermes-webui/pull/3982","source":"disclosure@vulncheck.com"},{"url":"https://github.com/nesquena/hermes-webui/pull/4269","source":"disclosure@vulncheck.com"},{"url":"https://github.com/nesquena/hermes-webui/releases/tag/v0.51.443","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/hermes-webui-broken-access-control-in-api-session-endpoint","source":"disclosure@vulncheck.com"},{"url":"https://github.com/nesquena/hermes-webui/pull/3982","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55198","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-17T19:18:13.480","lastModified":"2026-06-17T20:21:59.863","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Hermes WebUI before 0.51.443 contains an authorization bypass vulnerability in the session export endpoint that allows authenticated users to access sessions from other profiles. The _handle_session_export handler in api/routes.py fails to verify active-profile ownership before serializing session data, enabling attackers to exfiltrate foreign session transcripts by guessing or knowing session identifiers."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"nesquena","product":"hermes-webui","defaultStatus":"unaffected","repo":"https://github.com/nesquena/hermes-webui","packageURL":"pkg:npm/hermes-webui-devtools","versions":[{"version":"0","lessThan":"0.51.443","versionType":"semver","status":"affected"},{"version":"0.51.443","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T19:30:06.299958Z","id":"CVE-2026-55198","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/nesquena/hermes-webui/commit/2a3baa71b81ca92da8ece8616a09f15894beec71","source":"disclosure@vulncheck.com"},{"url":"https://github.com/nesquena/hermes-webui/pull/3991","source":"disclosure@vulncheck.com"},{"url":"https://github.com/nesquena/hermes-webui/pull/4269","source":"disclosure@vulncheck.com"},{"url":"https://github.com/nesquena/hermes-webui/releases/tag/v0.51.443","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/hermes-webui-cross-profile-session-data-exfiltration-via-session-export-endpoint","source":"disclosure@vulncheck.com"},{"url":"https://github.com/nesquena/hermes-webui/pull/3991","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}]}